./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor884658232 <...> Warning: Permanently added '10.128.15.194' (ED25519) to the list of known hosts. execve("./syz-executor884658232", ["./syz-executor884658232"], 0x7ffea1450be0 /* 10 vars */) = 0 brk(NULL) = 0x55558b799000 brk(0x55558b799d00) = 0x55558b799d00 arch_prctl(ARCH_SET_FS, 0x55558b799380) = 0 set_tid_address(0x55558b799650) = 5838 set_robust_list(0x55558b799660, 24) = 0 rseq(0x55558b799ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor884658232", 4096) = 27 getrandom("\x51\x25\x4b\xb6\xd9\xae\x16\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558b799d00 brk(0x55558b7bad00) = 0x55558b7bad00 brk(0x55558b7bb000) = 0x55558b7bb000 mprotect(0x7f987dbd1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached , child_tidptr=0x55558b799650) = 5839 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] set_robust_list(0x55558b799660, 24) = 0 [pid 5839] mkdir("./syzkaller.ykAWuU", 0700./strace-static-x86_64: Process 5840 attached [pid 5838] <... clone resumed>, child_tidptr=0x55558b799650) = 5840 [pid 5840] set_robust_list(0x55558b799660, 24 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] chmod("./syzkaller.ykAWuU", 0777./strace-static-x86_64: Process 5841 attached [pid 5840] mkdir("./syzkaller.GPnrTm", 0700 [pid 5839] <... chmod resumed>) = 0 [pid 5839] chdir("./syzkaller.ykAWuU" [pid 5838] <... clone resumed>, child_tidptr=0x55558b799650) = 5841 [pid 5841] set_robust_list(0x55558b799660, 24 [pid 5840] <... mkdir resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... set_robust_list resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5840] chmod("./syzkaller.GPnrTm", 0777) = 0 [pid 5839] mkdir("./0", 0777 [pid 5840] chdir("./syzkaller.GPnrTm") = 0 [pid 5840] mkdir("./0", 0777./strace-static-x86_64: Process 5842 attached [pid 5841] mkdir("./syzkaller.kafNdC", 0700 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55558b799650) = 5842 [pid 5840] <... mkdir resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] set_robust_list(0x55558b799660, 24) = 0 [pid 5841] chmod("./syzkaller.kafNdC", 0777 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5843 attached [pid 5842] mkdir("./syzkaller.keN58M", 0700 [pid 5841] <... chmod resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5838] <... clone resumed>, child_tidptr=0x55558b799650) = 5843 [pid 5843] set_robust_list(0x55558b799660, 24 [pid 5839] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5843] <... set_robust_list resumed>) = 0 [pid 5841] chdir("./syzkaller.kafNdC" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5841] <... chdir resumed>) = 0 [pid 5839] close(3 [pid 5843] mkdir("./syzkaller.YdVRUk", 0700 [pid 5840] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5839] <... close resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] mkdir("./0", 0777 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5843] <... mkdir resumed>) = 0 [pid 5844] set_robust_list(0x55558b799660, 24 [pid 5843] chmod("./syzkaller.YdVRUk", 0777 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] <... chmod resumed>) = 0 [pid 5844] chdir("./0" [pid 5842] chmod("./syzkaller.keN58M", 0777 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] close(3 [pid 5844] <... chdir resumed>) = 0 [pid 5843] chdir("./syzkaller.YdVRUk" [pid 5840] <... close resumed>) = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... chdir resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5844 [pid 5844] <... prctl resumed>) = 0 [pid 5843] mkdir("./0", 0777 [pid 5844] setpgid(0, 0 [pid 5842] <... chmod resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5844] <... setpgid resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... mkdir resumed>) = 0 [pid 5844] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5845 attached [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] chdir("./syzkaller.keN58M" [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5844] write(3, "1000", 4) = 4 [pid 5843] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5842] <... chdir resumed>) = 0 [pid 5845] set_robust_list(0x55558b799660, 24 [pid 5844] close(3 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5845 [pid 5844] <... close resumed>) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5842] mkdir("./0", 0777 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5845] chdir("./0" [pid 5843] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5841] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5843] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... mkdir resumed>) = 0 [pid 5841] close(3 [pid 5845] <... chdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... prctl resumed>) = 0 [pid 5844] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 5847 attached [pid 5845] setpgid(0, 0 [pid 5844] memfd_create("syzkaller", 0 [pid 5845] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5848 attached [pid 5847] set_robust_list(0x55558b799660, 24 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5844] <... memfd_create resumed>) = 3 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5848 [pid 5848] set_robust_list(0x55558b799660, 24 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5847 [pid 5847] chdir("./0" [pid 5845] write(3, "1000", 4 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5847] <... chdir resumed>) = 0 [pid 5845] <... write resumed>) = 4 [pid 5844] <... mmap resumed>) = 0x7f9875600000 [pid 5848] chdir("./0" [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] close(3 [pid 5842] <... openat resumed>) = 3 [pid 5845] <... close resumed>) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] write(1, "executing program\n", 18 [pid 5848] <... chdir resumed>) = 0 [pid 5847] <... prctl resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] setpgid(0, 0 [pid 5848] <... prctl resumed>) = 0 [pid 5842] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5847] <... setpgid resumed>) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] close(3executing program [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... close resumed>) = 0 [pid 5845] <... write resumed>) = 18 [pid 5847] <... openat resumed>) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached [pid 5848] <... openat resumed>) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5849 [pid 5849] set_robust_list(0x55558b799660, 24 [pid 5847] close(3 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] write(3, "1000", 4 [pid 5847] <... close resumed>) = 0 [pid 5849] chdir("./0" [pid 5847] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... write resumed>) = 4 [pid 5849] <... chdir resumed>) = 0 [pid 5848] close(3 [pid 5847] <... symlink resumed>) = 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5844] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... close resumed>) = 0 [pid 5849] <... prctl resumed>) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs" [pid 5847] write(1, "executing program\n", 18 [pid 5845] <... memfd_create resumed>) = 3 [pid 5848] <... symlink resumed>) = 0 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 executing program [pid 5849] setpgid(0, 0 [pid 5848] write(1, "executing program\n", 18executing program [pid 5847] <... write resumed>) = 18 [pid 5848] <... write resumed>) = 18 [pid 5847] memfd_create("syzkaller", 0 [pid 5849] <... setpgid resumed>) = 0 [pid 5848] memfd_create("syzkaller", 0 [pid 5847] <... memfd_create resumed>) = 3 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... openat resumed>) = 3 [pid 5847] <... mmap resumed>) = 0x7f9875600000 [pid 5848] <... memfd_create resumed>) = 3 [pid 5849] write(3, "1000", 4 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] <... write resumed>) = 4 [pid 5848] <... mmap resumed>) = 0x7f9875600000 [pid 5849] close(3 [pid 5845] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5849] <... close resumed>) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5844] <... write resumed>) = 2097152 [pid 5849] write(1, "executing program\n", 18 [pid 5844] munmap(0x7f9875600000, 138412032 [pid 5849] <... write resumed>) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5844] <... munmap resumed>) = 0 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5849] <... mmap resumed>) = 0x7f9875600000 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5847] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5844] <... openat resumed>) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... write resumed>) = 2097152 [pid 5845] munmap(0x7f9875600000, 138412032) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5844] close(3) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 91.096476][ T5844] loop0: detected capacity change from 0 to 4096 [pid 5845] ioctl(4, LOOP_SET_FD, 3 [pid 5849] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] <... write resumed>) = 2097152 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file1", 0777 [pid 5848] munmap(0x7f9875600000, 138412032 [pid 5844] <... mkdir resumed>) = 0 [pid 5847] <... write resumed>) = 2097152 [pid 5844] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5845] <... ioctl resumed>) = 0 [pid 5848] <... munmap resumed>) = 0 [pid 5847] munmap(0x7f9875600000, 138412032 [pid 5848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] close(3) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5845] close(4 [pid 5848] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... munmap resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5845] mkdir("./file1", 0777) = 0 [ 91.138332][ T5845] loop1: detected capacity change from 0 to 4096 [ 91.158091][ T5844] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5845] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5849] <... write resumed>) = 2097152 [pid 5848] <... ioctl resumed>) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file1", 0777) = 0 [pid 5849] munmap(0x7f9875600000, 138412032 [pid 5848] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5849] <... munmap resumed>) = 0 [ 91.183393][ T5848] loop2: detected capacity change from 0 to 4096 [ 91.187047][ T5845] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 91.204244][ T5847] loop4: detected capacity change from 0 to 4096 [pid 5847] <... ioctl resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] close(3) = 0 [pid 5849] <... openat resumed>) = 4 [pid 5847] close(4 [pid 5849] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... close resumed>) = 0 [pid 5847] mkdir("./file1", 0777) = 0 [pid 5847] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5844] <... mount resumed>) = 0 [pid 5844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5849] <... ioctl resumed>) = 0 [pid 5844] <... openat resumed>) = 3 [pid 5849] close(3) = 0 [pid 5849] close(4 [pid 5844] chdir("./file1" [pid 5849] <... close resumed>) = 0 [pid 5849] mkdir("./file1", 0777) = 0 [pid 5849] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5844] <... chdir resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 91.231860][ T5848] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 91.240242][ T5849] loop3: detected capacity change from 0 to 4096 [ 91.262665][ T5847] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5844] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5844] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5844] memfd_create("syzkaller", 0 [pid 5845] <... mount resumed>) = 0 [pid 5844] <... memfd_create resumed>) = 5 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5845] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file1") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 91.289262][ T5849] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 91.299525][ T30] audit: type=1800 audit(1750615372.565:2): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5845] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5845] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5845] memfd_create("syzkaller", 0) = 5 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5848] <... mount resumed>) = 0 [pid 5847] <... mount resumed>) = 0 [pid 5847] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 91.391794][ T30] audit: type=1800 audit(1750615372.645:3): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5847] chdir("./file1" [pid 5848] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5847] <... chdir resumed>) = 0 [pid 5844] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] <... openat resumed>) = 3 [pid 5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] chdir("./file1" [pid 5847] open("./file1", O_RDONLY|O_DIRECT [pid 5849] <... mount resumed>) = 0 [pid 5848] <... chdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5849] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] <... open resumed>) = 4 [pid 5848] open("./file1", O_RDONLY|O_DIRECT [pid 5847] preadv2(4, [pid 5849] <... openat resumed>) = 3 [pid 5849] chdir("./file1") = 0 [pid 5847] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5849] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] <... open resumed>) = 4 [pid 5847] memfd_create("syzkaller", 0 [pid 5849] open("./file1", O_RDONLY|O_DIRECT [pid 5848] preadv2(4, [pid 5847] <... memfd_create resumed>) = 5 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5849] <... open resumed>) = 4 [pid 5848] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5847] <... mmap resumed>) = 0x7f9875600000 [pid 5849] preadv2(4, [pid 5848] memfd_create("syzkaller", 0) = 5 [ 91.490432][ T30] audit: type=1800 audit(1750615372.745:4): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5844] <... write resumed>) = 2097152 [pid 5848] <... mmap resumed>) = 0x7f9875600000 [pid 5849] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5849] memfd_create("syzkaller", 0) = 5 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5844] munmap(0x7f9875600000, 138412032) = 0 [pid 5848] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5847] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] <... write resumed>) = 2097152 [pid 5845] munmap(0x7f9875600000, 138412032 [pid 5844] close(5 [pid 5845] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 91.602474][ T30] audit: type=1800 audit(1750615372.745:5): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5845] close(5) = 0 [pid 5849] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5844] <... close resumed>) = 0 [pid 5845] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5848] <... write resumed>) = 2097152 [pid 5847] <... write resumed>) = 2097152 [pid 5844] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5845] <... open resumed>) = 5 [pid 5845] truncate("./file1", 16784380 [pid 5847] munmap(0x7f9875600000, 138412032 [pid 5845] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5845] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5845] exit_group(0) = ? [ 91.714707][ T30] audit: type=1800 audit(1750615372.785:6): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5849] <... write resumed>) = 2097152 [pid 5848] munmap(0x7f9875600000, 138412032 [pid 5847] <... munmap resumed>) = 0 [pid 5845] +++ exited with 0 +++ [pid 5844] <... open resumed>) = 5 [pid 5844] truncate("./file1", 16784380 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5844] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5848] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5849] munmap(0x7f9875600000, 138412032 [pid 5848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5844] <... openat resumed>) = 6 [pid 5840] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] close(5 [pid 5840] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5844] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... openat resumed>) = 3 [pid 5844] <... mmap resumed>) = 0x200000001000 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5844] exit_group(0 [pid 5840] getdents64(3, [pid 5844] <... exit_group resumed>) = ? [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 91.786779][ T30] audit: type=1804 audit(1750615372.975:7): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/0/file1/file1" dev="loop1" ino=30 res=1 errno=0 [ 91.814853][ T30] audit: type=1804 audit(1750615373.035:8): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/0/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(5 [pid 5844] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5847] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... munmap resumed>) = 0 [pid 5848] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... umount2 resumed>) = 0 [pid 5848] <... open resumed>) = 5 [pid 5847] <... open resumed>) = 5 [pid 5840] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] truncate("./file1", 16784380 [pid 5847] truncate("./file1", 16784380 [pid 5849] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... openat resumed>) = 4 [pid 5849] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] newfstatat(4, "", [pid 5849] close(5 [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5847] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 6 [pid 5848] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] getdents64(4, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/file1", [pid 5847] <... openat resumed>) = 6 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... mmap resumed>) = 0x200000001000 [pid 5847] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] getdents64(4, [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] exit_group(0 [pid 5847] <... mmap resumed>) = 0x200000001000 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... exit_group resumed>) = ? [pid 5847] exit_group(0 [pid 5840] close(4 [pid 5839] <... openat resumed>) = 4 [pid 5847] <... exit_group resumed>) = ? [pid 5840] <... close resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5840] rmdir("./0/file1" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] close(4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5848] +++ exited with 0 +++ [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] rmdir("./0/file1") = 0 [pid 5841] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] unlink("./0/binderfs" [pid 5839] unlink("./0/binderfs" [pid 5841] getdents64(3, [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] getdents64(3, [pid 5839] getdents64(3, [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [ 91.903205][ T30] audit: type=1804 audit(1750615373.175:9): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/0/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5840] close(3 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./0" [pid 5840] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] rmdir("./0") = 0 [pid 5839] mkdir("./1", 0777 [pid 5840] mkdir("./1", 0777) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5839] close(3 [pid 5849] <... close resumed>) = 0 [pid 5847] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5849] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... open resumed>) = 5 [pid 5849] truncate("./file1", 16784380 [pid 5839] <... close resumed>) = 0 [pid 5849] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5849] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] <... openat resumed>) = 6 [pid 5849] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5854 [pid 5849] <... mmap resumed>) = 0x200000001000 [ 91.991512][ T30] audit: type=1804 audit(1750615373.175:10): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/0/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5849] exit_group(0) = ? ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x55558b799660, 24 [pid 5849] +++ exited with 0 +++ [pid 5854] <... set_robust_list resumed>) = 0 [pid 5854] chdir("./1" [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5854] <... chdir resumed>) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 executing program [pid 5854] close(3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5854] write(1, "executing program\n", 18 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5854] <... write resumed>) = 18 [pid 5842] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5854] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] <... memfd_create resumed>) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 92.034704][ T24] cfg80211: failed to load regulatory.db [pid 5843] <... umount2 resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5855 attached [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5855] set_robust_list(0x55558b799660, 24 [pid 5843] newfstatat(AT_FDCWD, "./0/file1", [pid 5841] newfstatat(AT_FDCWD, "./0/file1", [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5855 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5855] chdir("./1" [pid 5843] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] <... chdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./0/file1") = 0 [pid 5842] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./0/binderfs" [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... unlink resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5855] <... prctl resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5855] setpgid(0, 0 [pid 5841] newfstatat(4, "", [pid 5855] <... setpgid resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5841] getdents64(4, [pid 5842] getdents64(3, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] close(4 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... close resumed>) = 0 [pid 5843] close(4 [pid 5842] close(3 [pid 5841] rmdir("./0/file1" [pid 5843] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./0" [pid 5855] <... openat resumed>) = 3 [pid 5843] rmdir("./0/file1" [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [ 92.075625][ T30] audit: type=1804 audit(1750615373.265:11): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/0/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] mkdir("./1", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] write(3, "1000", 4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] <... write resumed>) = 4 [pid 5841] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5855] close(3 [pid 5843] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5855] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./0/binderfs" [pid 5843] unlink("./0/binderfs" [pid 5855] <... symlink resumed>) = 0 [pid 5842] close(3executing program [pid 5855] write(1, "executing program\n", 18 [pid 5854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... unlink resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5855] <... write resumed>) = 18 [pid 5855] memfd_create("syzkaller", 0 [pid 5843] getdents64(3, [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./0") = 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] mkdir("./1", 0777 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] close(3 [pid 5841] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5856 attached [pid 5855] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... close resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5856 [pid 5856] set_robust_list(0x55558b799660, 24 [pid 5843] rmdir("./0" [pid 5856] <... set_robust_list resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5856] chdir("./1" [pid 5843] <... rmdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5856] <... chdir resumed>) = 0 [pid 5843] mkdir("./1", 0777 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5856] <... prctl resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5856] setpgid(0, 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... ioctl resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] close(3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5856] <... setpgid resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] <... write resumed>) = 2097152 [pid 5856] <... openat resumed>) = 3 [pid 5843] close(3 [pid 5854] munmap(0x7f9875600000, 138412032) = 0 [pid 5856] write(3, "1000", 4 [pid 5841] <... close resumed>) = 0 [pid 5856] <... write resumed>) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs" [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5856] <... symlink resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 5857 attached [pid 5856] memfd_create("syzkaller", 0 [pid 5857] set_robust_list(0x55558b799660, 24 [pid 5854] <... ioctl resumed>) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5857] chdir("./1" [pid 5854] close(3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5857 [pid 5857] <... chdir resumed>) = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... close resumed>) = 0 [pid 5856] <... memfd_create resumed>) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] <... openat resumed>) = 3 [pid 5856] <... mmap resumed>) = 0x7f9875600000 [pid 5857] write(3, "1000", 4 [pid 5854] <... close resumed>) = 0 [pid 5857] <... write resumed>) = 4 [pid 5854] close(4 [pid 5857] close(3 [pid 5854] <... close resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5854] mkdir("./file1", 0777) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] memfd_create("syzkaller", 0 [pid 5854] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5857] <... memfd_create resumed>) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5858 attached [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5858 [pid 5857] <... mmap resumed>) = 0x7f9875600000 [ 92.249980][ T5854] loop0: detected capacity change from 0 to 4096 [pid 5858] set_robust_list(0x55558b799660, 24) = 0 [pid 5858] chdir("./1") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [ 92.294014][ T5854] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] <... write resumed>) = 2097152 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5855] munmap(0x7f9875600000, 138412032 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] write(1, "executing program\n", 18 [pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152executing program [pid 5858] <... write resumed>) = 18 [pid 5855] <... munmap resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5858] memfd_create("syzkaller", 0 [pid 5854] <... mount resumed>) = 0 [pid 5858] <... memfd_create resumed>) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file1") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] open("./file1", O_RDONLY|O_DIRECT [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file1", 0777) = 0 [ 92.384244][ T5855] loop1: detected capacity change from 0 to 4096 [pid 5855] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5854] <... open resumed>) = 4 [pid 5854] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5854] memfd_create("syzkaller", 0) = 5 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5856] <... write resumed>) = 2097152 [pid 5856] munmap(0x7f9875600000, 138412032) = 0 [ 92.426937][ T5855] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5857] <... write resumed>) = 2097152 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5858] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] <... openat resumed>) = 4 [pid 5857] munmap(0x7f9875600000, 138412032) = 0 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5856] <... ioctl resumed>) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file1", 0777) = 0 [pid 5856] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5857] <... ioctl resumed>) = 0 [pid 5855] <... mount resumed>) = 0 [pid 5854] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5857] close(3 [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5857] <... close resumed>) = 0 [pid 5855] <... openat resumed>) = 3 [pid 5857] close(4 [pid 5855] chdir("./file1" [pid 5857] <... close resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5857] mkdir("./file1", 0777 [pid 5855] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5857] <... mkdir resumed>) = 0 [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5855] open("./file1", O_RDONLY|O_DIRECT [pid 5858] <... write resumed>) = 2097152 [pid 5855] <... open resumed>) = 4 [ 92.514696][ T5856] loop3: detected capacity change from 0 to 4096 [ 92.517622][ T5857] loop2: detected capacity change from 0 to 4096 [ 92.549404][ T5856] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5855] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5855] memfd_create("syzkaller", 0) = 5 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5854] <... write resumed>) = 2097152 [pid 5858] munmap(0x7f9875600000, 138412032 [pid 5856] <... mount resumed>) = 0 [ 92.595301][ T5857] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5858] <... munmap resumed>) = 0 [pid 5856] <... openat resumed>) = 3 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5856] chdir("./file1" [pid 5858] <... openat resumed>) = 4 [pid 5856] <... chdir resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5856] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5854] munmap(0x7f9875600000, 138412032 [pid 5856] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5856] memfd_create("syzkaller", 0 [pid 5857] <... mount resumed>) = 0 [pid 5856] <... memfd_create resumed>) = 5 [pid 5855] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] <... munmap resumed>) = 0 [pid 5857] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] <... openat resumed>) = 3 [pid 5856] <... mmap resumed>) = 0x7f9875600000 [pid 5857] chdir("./file1" [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5857] <... chdir resumed>) = 0 [pid 5854] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5854] close(5 [pid 5857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] <... ioctl resumed>) = 0 [ 92.663650][ T5858] loop4: detected capacity change from 0 to 4096 [pid 5857] open("./file1", O_RDONLY|O_DIRECT [pid 5858] close(3 [pid 5857] <... open resumed>) = 4 [pid 5857] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5857] memfd_create("syzkaller", 0) = 5 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5858] <... close resumed>) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file1", 0777) = 0 [pid 5858] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5854] <... close resumed>) = 0 [pid 5855] <... write resumed>) = 2097152 [pid 5854] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5854] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5854] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5854] exit_group(0) = ? [pid 5855] munmap(0x7f9875600000, 138412032 [pid 5854] +++ exited with 0 +++ [ 92.765534][ T5858] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5856] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5855] <... munmap resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5855] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] <... restart_syscall resumed>) = 0 [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] close(5 [pid 5839] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5855] <... close resumed>) = 0 [pid 5855] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./1/file1", [pid 5856] <... write resumed>) = 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5856] munmap(0x7f9875600000, 138412032 [pid 5855] <... open resumed>) = 5 [pid 5855] truncate("./file1", 16784380 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5856] <... munmap resumed>) = 0 [pid 5858] <... mount resumed>) = 0 [pid 5857] <... write resumed>) = 2097152 [pid 5855] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] newfstatat(4, "", [pid 5858] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5855] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5855] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] exit_group(0 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] <... exit_group resumed>) = ? [pid 5858] <... openat resumed>) = 3 [pid 5856] close(5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] chdir("./file1" [pid 5839] getdents64(4, [pid 5858] <... chdir resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(4, [pid 5858] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5857] munmap(0x7f9875600000, 138412032 [pid 5839] close(4 [pid 5858] <... open resumed>) = 4 [pid 5857] <... munmap resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5858] preadv2(4, [pid 5839] rmdir("./1/file1" [pid 5855] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... rmdir resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5858] memfd_create("syzkaller", 0 [pid 5839] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5858] <... memfd_create resumed>) = 5 [pid 5840] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] unlink("./1/binderfs" [pid 5857] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] close(5 [pid 5858] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5856] <... close resumed>) = 0 [pid 5856] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5857] <... close resumed>) = 0 [pid 5856] <... open resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 5856] truncate("./file1", 16784380 [pid 5839] rmdir("./1" [pid 5856] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5839] <... rmdir resumed>) = 0 [pid 5856] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] mkdir("./2", 0777 [pid 5856] exit_group(0) = ? [pid 5857] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5856] +++ exited with 0 +++ [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5842] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] <... ioctl resumed>) = 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] close(3 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... umount2 resumed>) = 0 [pid 5842] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5857] <... open resumed>) = 5 [pid 5840] newfstatat(AT_FDCWD, "./1/file1", [pid 5857] truncate("./file1", 16784380 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5857] <... openat resumed>) = 6 [pid 5840] rmdir("./1/file1") = 0 [pid 5840] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5857] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5857] <... mmap resumed>) = 0x200000001000 [pid 5840] unlink("./1/binderfs" [pid 5857] exit_group(0 [pid 5840] <... unlink resumed>) = 0 [pid 5857] <... exit_group resumed>) = ? [pid 5840] getdents64(3, [pid 5857] +++ exited with 0 +++ [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5840] <... close resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] rmdir("./1" [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./2", 0777 [pid 5841] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", [pid 5858] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3) = 0 [pid 5842] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./1/file1", ./strace-static-x86_64: Process 5859 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5860] set_robust_list(0x55558b799660, 24 [pid 5859] set_robust_list(0x55558b799660, 24 [pid 5842] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5859 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] chdir("./2" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5860 [pid 5860] chdir("./2" [pid 5859] <... chdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] <... chdir resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] newfstatat(4, "", [pid 5860] <... prctl resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5860] setpgid(0, 0 [pid 5842] getdents64(4, [pid 5860] <... setpgid resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5859] <... prctl resumed>) = 0 [pid 5842] getdents64(4, [pid 5860] <... openat resumed>) = 3 [pid 5859] setpgid(0, 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5859] <... setpgid resumed>) = 0 [pid 5842] close(4) = 0 [pid 5860] write(3, "1000", 4 [pid 5842] rmdir("./1/file1" [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] <... write resumed>) = 4 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5860] close(3 [pid 5841] newfstatat(AT_FDCWD, "./1/file1", [pid 5860] <... close resumed>) = 0 [pid 5842] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs" [pid 5859] <... openat resumed>) = 3 [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] write(3, "1000", 4executing program executing program [pid 5860] <... symlink resumed>) = 0 [pid 5859] <... write resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5859] close(3 [pid 5860] write(1, "executing program\n", 18 [pid 5859] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5841] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5842] unlink("./1/binderfs" [pid 5841] newfstatat(4, "", [pid 5860] <... write resumed>) = 18 [pid 5859] <... symlink resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5842] getdents64(3, [pid 5841] getdents64(4, [pid 5859] write(1, "executing program\n", 18 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5859] <... write resumed>) = 18 [pid 5842] close(3 [pid 5841] getdents64(4, [pid 5842] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] rmdir("./1" [pid 5841] close(4 [pid 5859] memfd_create("syzkaller", 0 [pid 5841] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./2", 0777 [pid 5841] rmdir("./1/file1" [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5841] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5860] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5841] unlink("./1/binderfs") = 0 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5859] <... memfd_create resumed>) = 3 [pid 5842] close(3) = 0 [pid 5841] getdents64(3, [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5861 attached [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... write resumed>) = 2097152 [pid 5841] close(3 [pid 5859] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./1") = 0 [pid 5861] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5861 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5861] chdir("./2" [pid 5841] mkdir("./2", 0777) = 0 [pid 5861] <... chdir resumed>) = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5861] write(1, "executing program\n", 18 [pid 5858] munmap(0x7f9875600000, 138412032 [pid 5861] <... write resumed>) = 18 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5861] memfd_create("syzkaller", 0 [pid 5858] <... munmap resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5861] <... memfd_create resumed>) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] close(3 [pid 5861] <... mmap resumed>) = 0x7f9875600000 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] close(5 [pid 5841] <... close resumed>) = 0 [pid 5860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5862 ./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x55558b799660, 24 [pid 5858] <... close resumed>) = 0 [pid 5858] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] chdir("./2" [pid 5858] <... open resumed>) = 5 [pid 5862] <... chdir resumed>) = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0 [pid 5858] truncate("./file1", 16784380 [pid 5862] <... setpgid resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5858] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs" [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5862] <... symlink resumed>) = 0 [pid 5861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5858] <... openat resumed>) = 6 [pid 5862] write(1, "executing program\n", 18executing program ) = 18 [pid 5862] memfd_create("syzkaller", 0 [pid 5858] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5858] exit_group(0 [pid 5862] <... memfd_create resumed>) = 3 [pid 5858] <... exit_group resumed>) = ? [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] +++ exited with 0 +++ [pid 5862] <... mmap resumed>) = 0x7f9875600000 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=13 /* 0.13 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5843] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] <... write resumed>) = 2097152 [pid 5860] munmap(0x7f9875600000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5861] <... write resumed>) = 2097152 [pid 5859] <... write resumed>) = 2097152 [pid 5843] <... umount2 resumed>) = 0 [pid 5859] munmap(0x7f9875600000, 138412032 [pid 5861] munmap(0x7f9875600000, 138412032 [pid 5859] <... munmap resumed>) = 0 [pid 5843] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5861] <... munmap resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3 [pid 5862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5859] <... openat resumed>) = 4 [pid 5843] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5859] ioctl(4, LOOP_SET_FD, 3 [pid 5843] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5861] <... ioctl resumed>) = 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5860] close(3 [pid 5843] <... close resumed>) = 0 [pid 5860] <... close resumed>) = 0 [pid 5843] rmdir("./1/file1" [pid 5860] close(4 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./1/binderfs") = 0 [pid 5860] <... close resumed>) = 0 [pid 5843] getdents64(3, [pid 5860] mkdir("./file1", 0777 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5860] <... mkdir resumed>) = 0 [pid 5843] close(3 [pid 5861] close(3 [pid 5843] <... close resumed>) = 0 [pid 5861] <... close resumed>) = 0 [ 93.467223][ T5860] loop1: detected capacity change from 0 to 4096 [ 93.477561][ T5861] loop3: detected capacity change from 0 to 4096 [ 93.488213][ T5859] loop0: detected capacity change from 0 to 4096 [pid 5860] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] rmdir("./1" [pid 5861] close(4 [pid 5859] <... ioctl resumed>) = 0 [pid 5859] close(3 [pid 5861] <... close resumed>) = 0 [pid 5859] <... close resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5861] mkdir("./file1", 0777) = 0 [pid 5859] close(4 [pid 5843] mkdir("./2", 0777 [pid 5859] <... close resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5859] mkdir("./file1", 0777) = 0 [pid 5861] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5859] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 5862] <... write resumed>) = 2097152 [ 93.508831][ T5860] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 93.536425][ T5861] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 93.536872][ T5859] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5862] munmap(0x7f9875600000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5860] <... mount resumed>) = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... close resumed>) = 0 [pid 5862] <... ioctl resumed>) = 0 [pid 5861] <... mount resumed>) = 0 [pid 5860] <... open resumed>) = 4 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached [pid 5862] close(3 [pid 5861] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5862] <... close resumed>) = 0 [pid 5861] <... openat resumed>) = 3 [ 93.608648][ T5862] loop2: detected capacity change from 0 to 4096 [pid 5860] preadv2(4, [pid 5863] set_robust_list(0x55558b799660, 24 [pid 5862] close(4 [pid 5861] chdir("./file1" [pid 5860] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5863 [pid 5860] memfd_create("syzkaller", 0 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5861] <... chdir resumed>) = 0 [pid 5860] <... memfd_create resumed>) = 5 [pid 5863] chdir("./2" [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] <... mmap resumed>) = 0x7f9875600000 [pid 5862] <... close resumed>) = 0 [pid 5863] <... chdir resumed>) = 0 [pid 5862] mkdir("./file1", 0777 [pid 5861] open("./file1", O_RDONLY|O_DIRECT [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0 [pid 5862] <... mkdir resumed>) = 0 [pid 5863] <... setpgid resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5862] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5863] <... openat resumed>) = 3 [pid 5861] <... open resumed>) = 4 [pid 5861] preadv2(4, [pid 5863] write(3, "1000", 4 [pid 5861] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5861] memfd_create("syzkaller", 0 [pid 5863] <... write resumed>) = 4 [pid 5861] <... memfd_create resumed>) = 5 [pid 5863] close(3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5863] <... close resumed>) = 0 [pid 5861] <... mmap resumed>) = 0x7f9875600000 [pid 5863] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] memfd_create("syzkaller", 0) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 93.693065][ T5862] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5859] <... mount resumed>) = 0 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file1") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] <... mount resumed>) = 0 [pid 5861] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] open("./file1", O_RDONLY|O_DIRECT [pid 5862] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file1") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5859] <... open resumed>) = 4 [pid 5862] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] open("./file1", O_RDONLY|O_DIRECT [pid 5859] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5859] memfd_create("syzkaller", 0) = 5 [pid 5862] <... open resumed>) = 4 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5862] preadv2(4, [pid 5859] <... mmap resumed>) = 0x7f9875600000 [pid 5863] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5862] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5862] memfd_create("syzkaller", 0) = 5 [pid 5861] <... write resumed>) = 2097152 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5860] <... write resumed>) = 2097152 [pid 5861] munmap(0x7f9875600000, 138412032 [pid 5862] <... mmap resumed>) = 0x7f9875600000 [pid 5861] <... munmap resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] close(5 [pid 5860] munmap(0x7f9875600000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] close(5 [pid 5863] <... write resumed>) = 2097152 [pid 5859] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5863] munmap(0x7f9875600000, 138412032 [pid 5861] <... close resumed>) = 0 [pid 5863] <... munmap resumed>) = 0 [pid 5861] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5863] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3 [pid 5860] <... close resumed>) = 0 [pid 5860] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5860] truncate("./file1", 16784380 [pid 5861] <... open resumed>) = 5 [pid 5860] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5863] <... ioctl resumed>) = 0 [pid 5861] truncate("./file1", 16784380 [pid 5863] close(3 [pid 5862] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5861] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5863] <... close resumed>) = 0 [pid 5861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5863] close(4 [pid 5861] <... openat resumed>) = 6 [pid 5863] <... close resumed>) = 0 [pid 5861] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5863] mkdir("./file1", 0777 [pid 5861] <... mmap resumed>) = 0x200000001000 [pid 5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5863] <... mkdir resumed>) = 0 [pid 5861] exit_group(0 [pid 5860] <... openat resumed>) = 6 [pid 5861] <... exit_group resumed>) = ? [ 93.962973][ T5863] loop4: detected capacity change from 0 to 4096 [pid 5860] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5863] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5859] <... write resumed>) = 2097152 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5859] munmap(0x7f9875600000, 138412032 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5862] <... write resumed>) = 2097152 [ 94.004981][ T5863] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5862] munmap(0x7f9875600000, 138412032) = 0 [pid 5859] <... munmap resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] close(5 [pid 5862] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] close(5) = 0 [pid 5862] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5842] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./2/file1", [pid 5840] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./2/file1", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5862] <... open resumed>) = 5 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5859] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] truncate("./file1", 16784380 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", [pid 5840] getdents64(4, [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5863] <... mount resumed>) = 0 [pid 5862] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5859] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] getdents64(4, [pid 5840] close(4 [pid 5863] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... close resumed>) = 0 [pid 5863] <... openat resumed>) = 3 [pid 5842] getdents64(4, [pid 5840] rmdir("./2/file1" [pid 5863] chdir("./file1" [pid 5862] <... openat resumed>) = 6 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5863] <... chdir resumed>) = 0 [pid 5862] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] close(4 [pid 5840] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5863] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... close resumed>) = 0 [pid 5863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] rmdir("./2/file1" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5863] open("./file1", O_RDONLY|O_DIRECT [pid 5862] <... mmap resumed>) = 0x200000001000 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5862] exit_group(0) = ? [pid 5842] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] unlink("./2/binderfs" [pid 5863] <... open resumed>) = 4 [pid 5842] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5840] <... unlink resumed>) = 0 [pid 5863] preadv2(4, [pid 5859] <... open resumed>) = 5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] getdents64(3, [pid 5859] truncate("./file1", 16784380 [pid 5842] unlink("./2/binderfs" [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5859] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5863] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... unlink resumed>) = 0 [pid 5840] close(3 [pid 5863] memfd_create("syzkaller", 0 [pid 5862] +++ exited with 0 +++ [pid 5859] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... close resumed>) = 0 [pid 5863] <... memfd_create resumed>) = 5 [pid 5859] <... openat resumed>) = 6 [pid 5842] getdents64(3, [pid 5840] rmdir("./2" [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] <... rmdir resumed>) = 0 [pid 5863] <... mmap resumed>) = 0x7f9875600000 [pid 5842] close(3 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] mkdir("./3", 0777 [pid 5859] <... mmap resumed>) = 0x200000001000 [pid 5842] <... close resumed>) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5859] exit_group(0) = ? [pid 5859] +++ exited with 0 +++ [pid 5842] rmdir("./2" [pid 5841] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... mkdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5841] getdents64(3, [pid 5842] mkdir("./3", 0777 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... ioctl resumed>) = 0 [pid 5839] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5839] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5863] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x55558b799660, 24 [pid 5841] <... openat resumed>) = 4 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5864] chdir("./3" [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./2/file1" [pid 5864] <... chdir resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5864 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./2/binderfs" [pid 5864] setpgid(0, 0 [pid 5841] <... unlink resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./2" [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5865 [pid 5841] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5865 attached [pid 5864] <... setpgid resumed>) = 0 [pid 5841] mkdir("./3", 0777 [pid 5865] set_robust_list(0x55558b799660, 24 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... mkdir resumed>) = 0 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5865] chdir("./3" [pid 5864] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5864] write(3, "1000", 4 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5865] <... chdir resumed>) = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5864] <... write resumed>) = 4 [pid 5865] <... prctl resumed>) = 0 [pid 5865] setpgid(0, 0 [pid 5864] close(3) = 0 [pid 5865] <... setpgid resumed>) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5864] symlink("/dev/binderfs", "./binderfs" [pid 5865] <... openat resumed>) = 3 [pid 5864] <... symlink resumed>) = 0 executing program [pid 5863] <... write resumed>) = 2097152 [pid 5865] write(3, "1000", 4 [pid 5864] write(1, "executing program\n", 18 [pid 5841] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5865] <... write resumed>) = 4 [pid 5864] <... write resumed>) = 18 [pid 5863] munmap(0x7f9875600000, 138412032 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] close(3) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5866 attached [pid 5839] newfstatat(AT_FDCWD, "./2/file1", [pid 5865] <... symlink resumed>) = 0 [pid 5866] set_robust_list(0x55558b799660, 24) = 0 [pid 5866] chdir("./3"executing program ) = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5866] <... prctl resumed>) = 0 [pid 5866] setpgid(0, 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5866 [pid 5866] <... setpgid resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] memfd_create("syzkaller", 0 [pid 5864] <... memfd_create resumed>) = 3 [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5864] <... mmap resumed>) = 0x7f9875600000 [pid 5863] <... munmap resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] <... memfd_create resumed>) = 3 [pid 5866] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 4 [pid 5866] write(3, "1000", 4 [pid 5839] newfstatat(4, "", [pid 5866] <... write resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] close(3) = 0 [pid 5865] <... mmap resumed>) = 0x7f9875600000 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] write(1, "executing program\n", 18executing program ) = 18 [pid 5866] memfd_create("syzkaller", 0 [pid 5863] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5863] close(5 [pid 5839] getdents64(4, [pid 5866] <... memfd_create resumed>) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./2/file1") = 0 [pid 5839] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] <... close resumed>) = 0 [pid 5839] unlink("./2/binderfs") = 0 [pid 5839] getdents64(3, [pid 5863] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5863] <... open resumed>) = 5 [pid 5863] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5839] rmdir("./2" [pid 5863] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5863] <... mmap resumed>) = 0x200000001000 [pid 5863] exit_group(0) = ? [pid 5863] +++ exited with 0 +++ [pid 5839] mkdir("./3", 0777 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5864] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5843] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./2/file1") = 0 [pid 5843] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5866] <... write resumed>) = 2097152 [pid 5843] unlink("./2/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./2") = 0 [pid 5843] mkdir("./3", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5866] munmap(0x7f9875600000, 138412032) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 5864] <... write resumed>) = 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5866] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 ./strace-static-x86_64: Process 5867 attached [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5867] set_robust_list(0x55558b799660, 24 [pid 5865] <... write resumed>) = 2097152 [pid 5864] munmap(0x7f9875600000, 138412032 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5867 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5865] munmap(0x7f9875600000, 138412032) = 0 [pid 5867] chdir("./3") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5864] <... munmap resumed>) = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] <... openat resumed>) = 4 [pid 5864] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] <... prctl resumed>) = 0 [pid 5865] ioctl(4, LOOP_SET_FD, 3 [pid 5867] setpgid(0, 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4 [pid 5867] <... setpgid resumed>) = 0 [pid 5866] <... close resumed>) = 0 [pid 5864] <... openat resumed>) = 4 [pid 5866] mkdir("./file1", 0777 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5866] <... mkdir resumed>) = 0 [pid 5864] ioctl(4, LOOP_SET_FD, 3 [ 94.537113][ T5866] loop2: detected capacity change from 0 to 4096 [ 94.560739][ T5865] loop1: detected capacity change from 0 to 4096 [ 94.572129][ T5864] loop3: detected capacity change from 0 to 4096 [ 94.574123][ T5866] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5866] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5867] <... openat resumed>) = 3 [pid 5864] <... ioctl resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5867] write(3, "1000", 4) = 4 [pid 5865] <... ioctl resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] close(3 [pid 5865] close(3 [pid 5867] <... close resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs"executing program ./strace-static-x86_64: Process 5868 attached ) = 0 [pid 5865] close(4 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5868 [pid 5867] write(1, "executing program\n", 18 [pid 5865] <... close resumed>) = 0 [pid 5867] <... write resumed>) = 18 [pid 5868] set_robust_list(0x55558b799660, 24) = 0 [pid 5867] memfd_create("syzkaller", 0 [pid 5865] mkdir("./file1", 0777 [pid 5868] chdir("./3" [pid 5867] <... memfd_create resumed>) = 3 [pid 5868] <... chdir resumed>) = 0 [pid 5865] <... mkdir resumed>) = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5865] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5864] close(3) = 0 [pid 5868] write(3, "1000", 4) = 4 [pid 5867] <... mmap resumed>) = 0x7f9875600000 [pid 5868] close(3 [pid 5864] close(4 [pid 5868] <... close resumed>) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5868] memfd_create("syzkaller", 0 [pid 5864] <... close resumed>) = 0 [pid 5864] mkdir("./file1", 0777 [pid 5868] <... memfd_create resumed>) = 3 [pid 5864] <... mkdir resumed>) = 0 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5864] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5868] <... mmap resumed>) = 0x7f9875600000 [ 94.619499][ T5865] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 94.645880][ T5864] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5866] <... mount resumed>) = 0 [pid 5866] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5865] <... mount resumed>) = 0 [pid 5866] <... openat resumed>) = 3 [pid 5868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5866] chdir("./file1" [pid 5865] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5866] <... chdir resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5865] <... openat resumed>) = 3 [pid 5865] chdir("./file1" [pid 5864] <... mount resumed>) = 0 [pid 5866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... chdir resumed>) = 0 [pid 5864] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5864] <... openat resumed>) = 3 [pid 5864] chdir("./file1" [pid 5866] open("./file1", O_RDONLY|O_DIRECT [pid 5865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5864] <... chdir resumed>) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] <... open resumed>) = 4 [pid 5864] open("./file1", O_RDONLY|O_DIRECT [pid 5866] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5864] <... open resumed>) = 4 [pid 5866] memfd_create("syzkaller", 0 [pid 5865] open("./file1", O_RDONLY|O_DIRECT [pid 5864] preadv2(4, [pid 5866] <... memfd_create resumed>) = 5 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5865] <... open resumed>) = 4 [pid 5864] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5866] <... mmap resumed>) = 0x7f9875600000 [pid 5865] preadv2(4, [pid 5864] memfd_create("syzkaller", 0 [pid 5867] <... write resumed>) = 2097152 [pid 5865] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5864] <... memfd_create resumed>) = 5 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5865] memfd_create("syzkaller", 0) = 5 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5868] <... write resumed>) = 2097152 [pid 5868] munmap(0x7f9875600000, 138412032) = 0 [pid 5867] munmap(0x7f9875600000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file1", 0777) = 0 [pid 5867] ioctl(4, LOOP_SET_FD, 3 [ 94.851974][ T5868] loop4: detected capacity change from 0 to 4096 [pid 5868] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5866] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5864] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5867] <... ioctl resumed>) = 0 [pid 5865] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5867] close(3) = 0 [ 94.894698][ T5867] loop0: detected capacity change from 0 to 4096 [ 94.909919][ T5868] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5867] close(4) = 0 [pid 5867] mkdir("./file1", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5864] <... write resumed>) = 2097152 [pid 5864] munmap(0x7f9875600000, 138412032) = 0 [pid 5866] <... write resumed>) = 2097152 [pid 5866] munmap(0x7f9875600000, 138412032 [pid 5864] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 94.972352][ T5867] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5866] <... munmap resumed>) = 0 [pid 5864] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... write resumed>) = 2097152 [pid 5866] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5865] munmap(0x7f9875600000, 138412032 [pid 5864] close(5 [pid 5867] <... mount resumed>) = 0 [pid 5867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file1") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5867] open("./file1", O_RDONLY|O_DIRECT [pid 5866] close(5 [pid 5867] <... open resumed>) = 4 [pid 5867] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5867] memfd_create("syzkaller", 0) = 5 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5868] <... mount resumed>) = 0 [pid 5865] <... munmap resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file1" [pid 5865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] close(5 [pid 5864] <... close resumed>) = 0 [pid 5868] open("./file1", O_RDONLY|O_DIRECT [pid 5864] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5868] <... open resumed>) = 4 [pid 5866] <... close resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5868] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5866] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5865] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5864] <... open resumed>) = 5 [pid 5868] memfd_create("syzkaller", 0) = 5 [pid 5864] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5864] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5864] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5866] <... open resumed>) = 5 [pid 5864] <... mmap resumed>) = 0x200000001000 [pid 5866] truncate("./file1", 16784380 [pid 5865] <... open resumed>) = 5 [pid 5864] exit_group(0 [pid 5865] truncate("./file1", 16784380 [pid 5867] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5866] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5865] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5864] <... exit_group resumed>) = ? [pid 5865] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5865] <... openat resumed>) = 6 [pid 5864] +++ exited with 0 +++ [pid 5865] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5866] <... openat resumed>) = 6 [pid 5865] <... mmap resumed>) = 0x200000001000 [pid 5865] exit_group(0 [pid 5866] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5865] <... exit_group resumed>) = ? [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5865] +++ exited with 0 +++ [pid 5842] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5868] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5866] <... mmap resumed>) = 0x200000001000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... restart_syscall resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5866] exit_group(0 [pid 5840] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] <... exit_group resumed>) = ? [pid 5842] newfstatat(3, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... write resumed>) = 2097152 [pid 5842] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 4 [pid 5842] newfstatat(AT_FDCWD, "./3/file1", [pid 5867] <... write resumed>) = 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5842] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./3/file1") = 0 [pid 5842] <... openat resumed>) = 4 [pid 5840] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./3/binderfs" [pid 5842] newfstatat(4, "", [pid 5840] <... unlink resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5867] munmap(0x7f9875600000, 138412032 [pid 5840] getdents64(3, [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./3" [pid 5842] getdents64(4, [pid 5840] <... rmdir resumed>) = 0 [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./4", 0777 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... mkdir resumed>) = 0 [pid 5842] close(4 [pid 5841] newfstatat(AT_FDCWD, "./3/file1", [pid 5842] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] rmdir("./3/file1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... close resumed>) = 0 [pid 5868] munmap(0x7f9875600000, 138412032 [pid 5842] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5841] <... openat resumed>) = 4 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... munmap resumed>) = 0 [pid 5867] <... munmap resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] newfstatat(4, "", [pid 5868] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] unlink("./3/binderfs" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5867] close(5 [pid 5868] close(5 [pid 5842] <... unlink resumed>) = 0 [pid 5841] getdents64(4, [pid 5842] getdents64(3, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5869 attached [pid 5841] close(4 [pid 5869] set_robust_list(0x55558b799660, 24 [pid 5841] <... close resumed>) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5841] rmdir("./3/file1" [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5869 [pid 5869] chdir("./4") = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5842] close(3 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... prctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] setpgid(0, 0 [pid 5841] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5869] <... setpgid resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] rmdir("./3" [pid 5841] unlink("./3/binderfs") = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, [pid 5842] mkdir("./4", 0777 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] rmdir("./3") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] mkdir("./4", 0777 [pid 5842] <... openat resumed>) = 3 [pid 5841] <... mkdir resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FDexecuting program [pid 5869] write(3, "1000", 4 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] close(3 [pid 5869] <... write resumed>) = 4 [pid 5841] <... openat resumed>) = 3 [pid 5869] close(3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5869] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs" [pid 5841] close(3 [pid 5869] <... symlink resumed>) = 0 [pid 5869] write(1, "executing program\n", 18) = 18 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] <... close resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5869] <... memfd_create resumed>) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5868] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5867] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5868] <... open resumed>) = 5 [pid 5868] truncate("./file1", 16784380 [pid 5867] <... open resumed>) = 5 [pid 5867] truncate("./file1", 16784380 [pid 5868] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5867] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5867] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5867] exit_group(0) = ? [pid 5868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 6 [pid 5868] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5867] +++ exited with 0 +++ [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] exit_group(0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5868] <... exit_group resumed>) = ? [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5870 [pid 5839] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x55558b799660, 24) = 0 [pid 5870] chdir("./4") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5870] write(1, "executing program\n", 18) = 18 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5870] memfd_create("syzkaller", 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5871 attached [pid 5869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5871 [pid 5839] <... umount2 resumed>) = 0 [pid 5843] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] set_robust_list(0x55558b799660, 24 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... set_robust_list resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] chdir("./4" [pid 5843] <... openat resumed>) = 3 [pid 5871] <... chdir resumed>) = 0 [pid 5843] newfstatat(3, "", [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... prctl resumed>) = 0 [pid 5843] getdents64(3, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] setpgid(0, 0 [pid 5843] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... setpgid resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] newfstatat(4, "", [pid 5871] <... openat resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] write(3, "1000", 4 [pid 5839] getdents64(4, [pid 5871] <... write resumed>) = 4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5871] close(3 [pid 5839] getdents64(4, [pid 5871] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./3/file1" [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5871] write(1, "executing program\n", 18 [pid 5839] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = -1 EINVAL (Invalid argument) [pid 5871] <... write resumed>) = 18 [pid 5843] <... umount2 resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5871] memfd_create("syzkaller", 0 [pid 5843] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./3/file1", [pid 5839] unlink("./3/binderfs" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5871] <... memfd_create resumed>) = 3 [pid 5839] getdents64(3, [pid 5843] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5869] <... write resumed>) = 2097152 [pid 5870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] close(3 [pid 5843] <... openat resumed>) = 4 [pid 5843] newfstatat(4, "", [pid 5839] <... close resumed>) = 0 [pid 5869] munmap(0x7f9875600000, 138412032 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] rmdir("./3" [pid 5843] getdents64(4, [pid 5871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... munmap resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... rmdir resumed>) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] mkdir("./4", 0777 [pid 5869] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5843] close(4 [pid 5839] <... mkdir resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] rmdir("./3/file1") = 0 [pid 5839] <... openat resumed>) = 3 [pid 5843] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3) = 0 [pid 5843] unlink("./3/binderfs" [ 95.606862][ T5869] loop1: detected capacity change from 0 to 4096 [pid 5869] close(4 [pid 5870] <... write resumed>) = 2097152 [pid 5870] munmap(0x7f9875600000, 138412032 [pid 5869] <... close resumed>) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5869] mkdir("./file1", 0777 [pid 5843] getdents64(3, [pid 5869] <... mkdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 5870] <... munmap resumed>) = 0 [pid 5869] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 5871] <... write resumed>) = 2097152 [pid 5870] <... openat resumed>) = 4 [pid 5843] rmdir("./3" [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5871] munmap(0x7f9875600000, 138412032 [pid 5843] <... rmdir resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] mkdir("./4", 0777 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5872 ./strace-static-x86_64: Process 5872 attached [pid 5872] set_robust_list(0x55558b799660, 24) = 0 [pid 5872] chdir("./4") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... mkdir resumed>) = 0 [pid 5872] <... prctl resumed>) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... ioctl resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5870] close(3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5870] <... close resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5870] close(4) = 0 [pid 5870] mkdir("./file1", 0777 [pid 5843] close(3 [pid 5870] <... mkdir resumed>) = 0 [pid 5872] write(3, "1000", 4 [pid 5871] <... munmap resumed>) = 0 [pid 5872] <... write resumed>) = 4 [pid 5872] close(3) = 0 [ 95.690784][ T5869] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 95.701823][ T5870] loop2: detected capacity change from 0 to 4096 [pid 5870] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5872] symlink("/dev/binderfs", "./binderfs" [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... symlink resumed>) = 0 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] memfd_create("syzkaller", 0 [pid 5871] <... ioctl resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5872] <... memfd_create resumed>) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 ./strace-static-x86_64: Process 5873 attached [pid 5871] close(3) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5873 [pid 5871] close(4) = 0 [pid 5869] <... mount resumed>) = 0 [pid 5873] set_robust_list(0x55558b799660, 24 [pid 5869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] mkdir("./file1", 0777 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5873] chdir("./4" [pid 5869] chdir("./file1" [pid 5873] <... chdir resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... prctl resumed>) = 0 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5873] setpgid(0, 0 [pid 5869] open("./file1", O_RDONLY|O_DIRECT [pid 5871] <... mkdir resumed>) = 0 [pid 5873] <... setpgid resumed>) = 0 [ 95.733031][ T5870] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 95.744914][ T5871] loop3: detected capacity change from 0 to 4096 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5871] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5869] <... open resumed>) = 4 [pid 5873] <... openat resumed>) = 3 [pid 5870] <... mount resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] write(3, "1000", 4 [pid 5869] preadv2(4, [pid 5873] <... write resumed>) = 4 [pid 5869] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5873] close(3 [pid 5869] memfd_create("syzkaller", 0 [pid 5873] <... close resumed>) = 0 [pid 5869] <... memfd_create resumed>) = 5 [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] <... symlink resumed>) = 0 [pid 5869] <... mmap resumed>) = 0x7f9875600000 [pid 5873] write(1, "executing program\n", 18) = 18 [pid 5873] memfd_create("syzkaller", 0 [pid 5870] chdir("./file1") = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] <... memfd_create resumed>) = 3 [pid 5870] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] preadv2(4, [pid 5873] <... mmap resumed>) = 0x7f9875600000 [pid 5870] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5870] memfd_create("syzkaller", 0) = 5 [ 95.806472][ T5871] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5872] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... mount resumed>) = 0 [pid 5872] <... write resumed>) = 2097152 [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5872] munmap(0x7f9875600000, 138412032) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] chdir("./file1" [pid 5870] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... chdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] open("./file1", O_RDONLY|O_DIRECT [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... open resumed>) = 4 [pid 5871] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5871] memfd_create("syzkaller", 0) = 5 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 95.994537][ T5872] loop0: detected capacity change from 0 to 4096 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file1", 0777) = 0 [pid 5872] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5869] <... write resumed>) = 2097152 [pid 5869] munmap(0x7f9875600000, 138412032 [pid 5873] <... write resumed>) = 2097152 [pid 5869] <... munmap resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] close(5 [pid 5873] munmap(0x7f9875600000, 138412032) = 0 [ 96.040439][ T5872] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3 [pid 5871] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] <... write resumed>) = 2097152 [pid 5869] <... close resumed>) = 0 [pid 5873] <... ioctl resumed>) = 0 [pid 5872] <... mount resumed>) = 0 [pid 5870] munmap(0x7f9875600000, 138412032 [pid 5873] close(3 [pid 5872] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5869] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5873] <... close resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5873] close(4 [pid 5872] chdir("./file1" [pid 5873] <... close resumed>) = 0 [pid 5872] <... chdir resumed>) = 0 [pid 5873] mkdir("./file1", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5872] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] open("./file1", O_RDONLY|O_DIRECT [pid 5870] <... munmap resumed>) = 0 [ 96.103814][ T5873] loop4: detected capacity change from 0 to 4096 [pid 5872] <... open resumed>) = 4 [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] preadv2(4, [pid 5869] <... open resumed>) = 5 [pid 5872] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] truncate("./file1", 16784380 [pid 5872] memfd_create("syzkaller", 0 [pid 5869] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5872] <... memfd_create resumed>) = 5 [pid 5869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = 6 [pid 5872] <... mmap resumed>) = 0x7f9875600000 [pid 5869] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5870] close(5 [pid 5869] <... mmap resumed>) = 0x200000001000 [pid 5869] exit_group(0) = ? [pid 5869] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.165122][ T5873] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./4/file1", [pid 5870] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5871] munmap(0x7f9875600000, 138412032 [pid 5840] getdents64(4, [pid 5870] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./4/file1" [pid 5870] <... open resumed>) = 5 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./4/binderfs") = 0 [pid 5870] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5840] getdents64(3, [pid 5870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./4") = 0 [pid 5840] mkdir("./5", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5873] <... mount resumed>) = 0 [pid 5872] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5873] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] <... munmap resumed>) = 0 [pid 5870] <... openat resumed>) = 6 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5873] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5873] chdir("./file1" [pid 5840] close(3 [pid 5873] <... chdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] <... close resumed>) = 0 [pid 5871] close(5 [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... mmap resumed>) = 0x200000001000 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] open("./file1", O_RDONLY|O_DIRECT [pid 5870] exit_group(0./strace-static-x86_64: Process 5874 attached ) = ? [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5874 [pid 5874] set_robust_list(0x55558b799660, 24 [pid 5870] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5841] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... set_robust_list resumed>) = 0 [pid 5873] <... open resumed>) = 4 [pid 5871] <... close resumed>) = 0 [pid 5874] chdir("./5" [pid 5871] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5874] <... chdir resumed>) = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... open resumed>) = 5 [pid 5874] <... prctl resumed>) = 0 [pid 5874] setpgid(0, 0 [pid 5873] preadv2(4, [pid 5871] truncate("./file1", 16784380 [pid 5874] <... setpgid resumed>) = 0 [ 96.368324][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 96.368342][ T30] audit: type=1800 audit(1750615377.635:48): pid=5873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5871] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5873] memfd_create("syzkaller", 0 [pid 5872] <... write resumed>) = 2097152 [pid 5874] write(3, "1000", 4 [pid 5873] <... memfd_create resumed>) = 5 [pid 5871] <... openat resumed>) = 6 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5872] munmap(0x7f9875600000, 138412032 [pid 5874] <... write resumed>) = 4 [pid 5871] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5874] close(3 [pid 5872] <... munmap resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] <... mmap resumed>) = 0x200000001000 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] close(5 [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5871] exit_group(0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... symlink resumed>) = 0 [pid 5871] <... exit_group resumed>) = ? [pid 5841] newfstatat(AT_FDCWD, "./4/file1", executing program [pid 5874] write(1, "executing program\n", 18 [pid 5871] +++ exited with 0 +++ [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5874] <... write resumed>) = 18 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] memfd_create("syzkaller", 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... restart_syscall resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... memfd_create resumed>) = 3 [pid 5873] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... openat resumed>) = 4 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... close resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5872] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.509457][ T30] audit: type=1804 audit(1750615377.675:49): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/4/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5842] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5842] <... openat resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5872] <... open resumed>) = 5 [pid 5842] newfstatat(3, "", [pid 5841] close(4 [pid 5872] truncate("./file1", 16784380 [pid 5841] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] rmdir("./4/file1" [pid 5872] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] getdents64(3, [pid 5841] <... rmdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5841] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5872] <... mmap resumed>) = 0x200000001000 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] exit_group(0) = ? [pid 5842] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5872] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5841] unlink("./4/binderfs" [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./4" [pid 5873] <... write resumed>) = 2097152 [pid 5841] <... rmdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5841] mkdir("./5", 0777 [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... mkdir resumed>) = 0 [ 96.595753][ T30] audit: type=1804 audit(1750615377.835:50): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/4/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] munmap(0x7f9875600000, 138412032 [pid 5841] <... openat resumed>) = 3 [pid 5842] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... ioctl resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] newfstatat(AT_FDCWD, "./4/file1", [pid 5841] close(3 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./4/file1") = 0 [pid 5839] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./4/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./4") = 0 [pid 5839] mkdir("./5", 0777) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5873] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5875 attached [pid 5842] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] set_robust_list(0x55558b799660, 24 [pid 5842] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5875 [pid 5842] newfstatat(4, "", [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] chdir("./5") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] getdents64(4, [pid 5875] <... memfd_create resumed>) = 3 [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] close(5 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./4/file1" [pid 5875] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5876 attached [pid 5842] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] set_robust_list(0x55558b799660, 24 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5876 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5876] chdir("./5" [pid 5874] <... write resumed>) = 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5876] <... chdir resumed>) = 0 [pid 5842] unlink("./4/binderfs" [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... unlink resumed>) = 0 [pid 5876] <... prctl resumed>) = 0 [pid 5842] getdents64(3, [pid 5876] setpgid(0, 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5876] <... setpgid resumed>) = 0 [pid 5842] close(3 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./4" [pid 5874] munmap(0x7f9875600000, 138412032 [pid 5876] <... openat resumed>) = 3 [pid 5873] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5876] write(3, "1000", 4 [pid 5873] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] mkdir("./5", 0777) = 0 [pid 5876] <... write resumed>) = 4 [pid 5874] <... munmap resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5876] close(3 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5876] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5876] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... openat resumed>) = 4 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5876] <... symlink resumed>) = 0 [pid 5874] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... ioctl resumed>) = 0 [pid 5876] write(1, "executing program\n", 18 [pid 5875] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5873] <... open resumed>) = 5 [pid 5842] close(3executing program [pid 5876] <... write resumed>) = 18 [pid 5876] memfd_create("syzkaller", 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5873] truncate("./file1", 16784380 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./file1", 0777 [pid 5873] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5874] <... mkdir resumed>) = 0 [ 96.771918][ T30] audit: type=1804 audit(1750615378.045:51): pid=5873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/4/file1/file1" dev="loop4" ino=30 res=1 errno=0 [ 96.808774][ T5874] loop1: detected capacity change from 0 to 4096 [pid 5874] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5873] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5876] <... memfd_create resumed>) = 3 [pid 5873] <... openat resumed>) = 6 [pid 5873] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] <... mmap resumed>) = 0x200000001000 [pid 5876] <... mmap resumed>) = 0x7f9875600000 [pid 5873] exit_group(0) = ? [pid 5842] <... close resumed>) = 0 [pid 5875] <... write resumed>) = 2097152 [pid 5873] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] munmap(0x7f9875600000, 138412032 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5877 attached [pid 5843] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5877 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] set_robust_list(0x55558b799660, 24 [pid 5875] <... munmap resumed>) = 0 [ 96.833961][ T5874] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5875] ioctl(4, LOOP_SET_FD, 3 [pid 5877] chdir("./5") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5877] setpgid(0, 0 [pid 5843] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] <... setpgid resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5877] <... openat resumed>) = 3 [pid 5875] <... ioctl resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file1", 0777) = 0 [pid 5877] write(3, "1000", 4 [pid 5843] newfstatat(4, "", [pid 5877] <... write resumed>) = 4 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [ 96.901434][ T5875] loop0: detected capacity change from 0 to 4096 [pid 5843] getdents64(4, [pid 5877] close(3 [pid 5875] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5877] <... close resumed>) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs" [pid 5876] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] close(4 [pid 5877] <... symlink resumed>) = 0 executing program [pid 5843] <... close resumed>) = 0 [pid 5877] write(1, "executing program\n", 18 [pid 5843] rmdir("./4/file1" [pid 5877] <... write resumed>) = 18 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5874] <... mount resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./file1") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] open("./file1", O_RDONLY|O_DIRECT [pid 5843] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.947737][ T5875] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5874] <... open resumed>) = 4 [pid 5843] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5874] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] memfd_create("syzkaller", 0 [pid 5843] unlink("./4/binderfs" [pid 5874] <... memfd_create resumed>) = 5 [pid 5843] <... unlink resumed>) = 0 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] getdents64(3, [pid 5874] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] <... write resumed>) = 2097152 [pid 5843] close(3) = 0 [ 96.993897][ T30] audit: type=1800 audit(1750615378.265:52): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5843] rmdir("./4") = 0 [pid 5843] mkdir("./5", 0777 [pid 5876] munmap(0x7f9875600000, 138412032 [pid 5843] <... mkdir resumed>) = 0 [pid 5874] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5877] <... write resumed>) = 2097152 [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... openat resumed>) = 3 [pid 5876] <... openat resumed>) = 4 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... ioctl resumed>) = 0 [pid 5877] munmap(0x7f9875600000, 138412032 [pid 5843] close(3 [pid 5876] <... ioctl resumed>) = 0 [pid 5877] <... munmap resumed>) = 0 [pid 5875] <... mount resumed>) = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file1") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] open("./file1", O_RDONLY|O_DIRECT [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5876] close(3 [pid 5875] <... open resumed>) = 4 [pid 5843] <... close resumed>) = 0 [pid 5875] preadv2(4, [pid 5877] <... openat resumed>) = 4 [pid 5876] <... close resumed>) = 0 [pid 5875] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5874] <... write resumed>) = 2097152 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5877] ioctl(4, LOOP_SET_FD, 3 [ 97.120945][ T5876] loop2: detected capacity change from 0 to 4096 [ 97.139698][ T30] audit: type=1800 audit(1750615378.415:53): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5876] close(4 [pid 5875] memfd_create("syzkaller", 0) = 5 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5874] munmap(0x7f9875600000, 138412032 [pid 5876] <... close resumed>) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5878 [pid 5876] mkdir("./file1", 0777./strace-static-x86_64: Process 5878 attached [pid 5877] <... ioctl resumed>) = 0 [pid 5876] <... mkdir resumed>) = 0 [pid 5874] <... munmap resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.173611][ T5877] loop3: detected capacity change from 0 to 4096 [pid 5874] close(5 [pid 5877] close(3 [pid 5876] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5878] set_robust_list(0x55558b799660, 24) = 0 [pid 5877] <... close resumed>) = 0 [pid 5878] chdir("./5" [pid 5877] close(4) = 0 [pid 5877] mkdir("./file1", 0777 [pid 5878] <... chdir resumed>) = 0 [pid 5877] <... mkdir resumed>) = 0 executing program [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5877] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5878] <... prctl resumed>) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5874] <... close resumed>) = 0 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 97.219001][ T5876] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 97.252968][ T5877] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5875] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5874] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5874] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5874] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [ 97.282418][ T30] audit: type=1804 audit(1750615378.555:54): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/5/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5874] exit_group(0 [pid 5875] <... write resumed>) = 2097152 [pid 5875] munmap(0x7f9875600000, 138412032 [pid 5874] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5840] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] <... munmap resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] close(5 [pid 5878] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5875] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./5/file1") = 0 [pid 5875] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./5/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./5") = 0 [pid 5877] <... mount resumed>) = 0 [pid 5877] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] mkdir("./6", 0777) = 0 [pid 5877] chdir("./file1") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] open("./file1", O_RDONLY|O_DIRECT [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5877] <... open resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 5877] preadv2(4, [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached [pid 5877] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5877] memfd_create("syzkaller", 0) = 5 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5879] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5879] chdir("./6") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 97.462035][ T30] audit: type=1804 audit(1750615378.735:55): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/5/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5879] write(3, "1000", 4 [pid 5878] <... write resumed>) = 2097152 [pid 5879] <... write resumed>) = 4 [pid 5878] munmap(0x7f9875600000, 138412032 [pid 5876] <... mount resumed>) = 0 [pid 5875] <... open resumed>) = 5 [pid 5879] close(3 [pid 5878] <... munmap resumed>) = 0 [pid 5876] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5875] truncate("./file1", 16784380 [pid 5879] <... close resumed>) = 0 [pid 5876] <... openat resumed>) = 3 [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5875] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5879] <... symlink resumed>) = 0 [pid 5876] chdir("./file1" [pid 5879] write(1, "executing program\n", 18executing program [pid 5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5879] <... write resumed>) = 18 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5876] <... chdir resumed>) = 0 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] <... openat resumed>) = 4 [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5875] <... openat resumed>) = 6 [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5875] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5876] open("./file1", O_RDONLY|O_DIRECT [pid 5875] <... mmap resumed>) = 0x200000001000 [pid 5876] <... open resumed>) = 4 [pid 5875] exit_group(0 [pid 5876] preadv2(4, [pid 5875] <... exit_group resumed>) = ? [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5875] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5876] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] memfd_create("syzkaller", 0) = 5 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = 0 [ 97.565273][ T30] audit: type=1800 audit(1750615378.735:56): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./5/file1", [pid 5879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] <... ioctl resumed>) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file1", 0777) = 0 [pid 5878] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [ 97.620427][ T5878] loop4: detected capacity change from 0 to 4096 [ 97.638884][ T30] audit: type=1800 audit(1750615378.815:57): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5839] rmdir("./5/file1" [pid 5876] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./5/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./5") = 0 [pid 5839] mkdir("./6", 0777) = 0 [pid 5877] <... write resumed>) = 2097152 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [ 97.674067][ T5878] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5877] munmap(0x7f9875600000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] close(5 [pid 5876] <... write resumed>) = 2097152 [pid 5879] <... write resumed>) = 2097152 [pid 5876] munmap(0x7f9875600000, 138412032 [pid 5839] <... close resumed>) = 0 [pid 5879] munmap(0x7f9875600000, 138412032 [pid 5878] <... mount resumed>) = 0 [pid 5879] <... munmap resumed>) = 0 [pid 5876] <... munmap resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5877] <... close resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5880 attached ) = 4 [pid 5877] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5878] <... openat resumed>) = 3 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5880 [pid 5880] set_robust_list(0x55558b799660, 24 [pid 5878] chdir("./file1" [pid 5877] <... open resumed>) = 5 [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5880] <... set_robust_list resumed>) = 0 [pid 5880] chdir("./6" [pid 5877] truncate("./file1", 16784380 [pid 5878] <... chdir resumed>) = 0 [pid 5876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] <... chdir resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5876] close(5 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5877] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] memfd_create("syzkaller", 0 [pid 5879] <... ioctl resumed>) = 0 [pid 5878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5878] open("./file1", O_RDONLY|O_DIRECT [pid 5877] <... openat resumed>) = 6 [pid 5877] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5880] <... memfd_create resumed>) = 3 [pid 5879] close(3 [pid 5877] <... mmap resumed>) = 0x200000001000 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] <... close resumed>) = 0 [pid 5880] <... mmap resumed>) = 0x7f9875600000 [pid 5879] close(4 [pid 5878] <... open resumed>) = 4 [pid 5877] exit_group(0 [pid 5878] preadv2(4, [pid 5877] <... exit_group resumed>) = ? [pid 5879] <... close resumed>) = 0 [pid 5879] mkdir("./file1", 0777) = 0 [pid 5878] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5877] +++ exited with 0 +++ [ 97.812870][ T5879] loop1: detected capacity change from 0 to 4096 [pid 5879] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5878] memfd_create("syzkaller", 0 [pid 5876] <... close resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5878] <... memfd_create resumed>) = 5 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5876] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5876] <... open resumed>) = 5 [pid 5878] <... mmap resumed>) = 0x7f9875600000 [pid 5876] truncate("./file1", 16784380 [pid 5842] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5876] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5876] exit_group(0) = ? [pid 5842] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5876] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [ 97.861538][ T5879] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5842] getdents64(3, [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] <... write resumed>) = 2097152 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(4, "", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] munmap(0x7f9875600000, 138412032 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(AT_FDCWD, "./5/file1", [pid 5880] <... munmap resumed>) = 0 [pid 5878] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] getdents64(4, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] getdents64(4, [pid 5841] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] <... mount resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5841] <... openat resumed>) = 4 [pid 5879] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] <... close resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5879] <... openat resumed>) = 3 [pid 5842] rmdir("./5/file1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] chdir("./file1" [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5879] <... chdir resumed>) = 0 [pid 5842] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(4, [pid 5879] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] unlink("./5/binderfs" [pid 5841] <... close resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5841] rmdir("./5/file1" [pid 5879] open("./file1", O_RDONLY|O_DIRECT [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5842] close(3 [pid 5880] <... ioctl resumed>) = 0 [pid 5879] <... open resumed>) = 4 [pid 5878] <... write resumed>) = 2097152 [pid 5841] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./5" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 5878] munmap(0x7f9875600000, 138412032 [pid 5880] <... close resumed>) = 0 [pid 5879] preadv2(4, [pid 5841] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5880] close(4) = 0 [pid 5880] mkdir("./file1", 0777) = 0 [pid 5880] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5878] <... munmap resumed>) = 0 [pid 5842] mkdir("./6", 0777 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... mkdir resumed>) = 0 [pid 5841] unlink("./5/binderfs" [pid 5879] memfd_create("syzkaller", 0 [pid 5878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... unlink resumed>) = 0 [pid 5879] <... memfd_create resumed>) = 5 [pid 5878] close(5 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] close(3 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] rmdir("./5" [pid 5842] close(3 [pid 5879] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... rmdir resumed>) = 0 [ 98.005855][ T5880] loop0: detected capacity change from 0 to 4096 [ 98.036887][ T5880] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5880] <... mount resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5841] mkdir("./6", 0777 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] <... mkdir resumed>) = 0 [pid 5880] chdir("./file1") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5880] preadv2(4, [pid 5878] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5880] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... close resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] memfd_create("syzkaller", 0) = 5 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 ./strace-static-x86_64: Process 5881 attached [pid 5878] <... open resumed>) = 5 [pid 5841] close(3 [pid 5878] truncate("./file1", 16784380 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5881 [pid 5881] set_robust_list(0x55558b799660, 24 [pid 5879] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5878] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5881] chdir("./6" [pid 5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5881] <... chdir resumed>) = 0 [pid 5878] <... openat resumed>) = 6 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5881] <... prctl resumed>) = 0 [pid 5881] setpgid(0, 0 [pid 5878] <... mmap resumed>) = 0x200000001000 [pid 5881] <... setpgid resumed>) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5880] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] exit_group(0 [pid 5841] <... close resumed>) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5878] <... exit_group resumed>) = ? [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5881] write(3, "1000", 4./strace-static-x86_64: Process 5882 attached ) = 4 [pid 5882] set_robust_list(0x55558b799660, 24 [pid 5881] close(3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5882 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5881] <... close resumed>) = 0 [pid 5878] +++ exited with 0 +++ [pid 5882] chdir("./6" [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5882] <... chdir resumed>) = 0 [pid 5881] <... symlink resumed>) = 0 [pid 5879] <... write resumed>) = 2097152 [pid 5879] munmap(0x7f9875600000, 138412032executing program [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5881] write(1, "executing program\n", 18 [pid 5882] <... prctl resumed>) = 0 [pid 5881] <... write resumed>) = 18 [pid 5882] setpgid(0, 0 [pid 5881] memfd_create("syzkaller", 0 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5882] <... setpgid resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5881] <... memfd_create resumed>) = 3 [pid 5879] <... munmap resumed>) = 0 [pid 5843] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... openat resumed>) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] write(3, "1000", 4 [pid 5881] <... mmap resumed>) = 0x7f9875600000 [pid 5879] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... openat resumed>) = 3 [pid 5882] <... write resumed>) = 4 [pid 5880] <... write resumed>) = 2097152 [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5882] close(3 [pid 5843] newfstatat(3, "", [pid 5882] <... close resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5843] getdents64(3, executing program [pid 5882] <... symlink resumed>) = 0 [pid 5879] close(5 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5882] write(1, "executing program\n", 18 [pid 5843] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... write resumed>) = 18 [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5881] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] munmap(0x7f9875600000, 138412032 [pid 5882] <... mmap resumed>) = 0x7f9875600000 [pid 5879] <... close resumed>) = 0 [pid 5879] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5880] <... munmap resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] close(5 [pid 5879] <... open resumed>) = 5 [pid 5843] <... umount2 resumed>) = 0 [pid 5879] truncate("./file1", 16784380 [pid 5843] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] newfstatat(AT_FDCWD, "./5/file1", [pid 5879] <... openat resumed>) = 6 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... mmap resumed>) = 0x200000001000 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] exit_group(0 [pid 5843] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] <... exit_group resumed>) = ? [pid 5843] <... openat resumed>) = 4 [pid 5879] +++ exited with 0 +++ [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] getdents64(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5840] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./5/file1" [pid 5840] <... openat resumed>) = 3 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] unlink("./5/binderfs" [pid 5882] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] <... close resumed>) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5843] getdents64(3, [pid 5840] <... umount2 resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5880] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] close(3) = 0 [pid 5882] <... write resumed>) = 2097152 [pid 5881] <... write resumed>) = 2097152 [pid 5880] <... open resumed>) = 5 [pid 5843] rmdir("./5" [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] munmap(0x7f9875600000, 138412032 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] munmap(0x7f9875600000, 138412032 [pid 5880] truncate("./file1", 16784380 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./6/file1", [pid 5882] <... munmap resumed>) = 0 [pid 5880] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] mkdir("./6", 0777 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... openat resumed>) = 4 [pid 5880] <... openat resumed>) = 6 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5882] ioctl(4, LOOP_SET_FD, 3 [pid 5840] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5881] <... munmap resumed>) = 0 [pid 5880] <... mmap resumed>) = 0x200000001000 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5881] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5880] exit_group(0 [pid 5843] <... openat resumed>) = 3 [pid 5881] <... openat resumed>) = 4 [pid 5880] <... exit_group resumed>) = ? [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5882] <... ioctl resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5882] close(3 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... ioctl resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5882] <... close resumed>) = 0 [pid 5882] close(4 [pid 5881] <... ioctl resumed>) = 0 [pid 5880] +++ exited with 0 +++ [pid 5843] close(3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] <... close resumed>) = 0 [pid 5881] close(3 [pid 5840] getdents64(4, [pid 5882] mkdir("./file1", 0777 [pid 5881] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=10 /* 0.10 s */} --- [pid 5882] <... mkdir resumed>) = 0 [pid 5881] close(4 [pid 5840] getdents64(4, [pid 5882] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5881] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./6/file1") = 0 [pid 5840] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] mkdir("./file1", 0777 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] <... mkdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5839] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] unlink("./6/binderfs") = 0 [pid 5839] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] getdents64(3, [pid 5839] newfstatat(3, "", [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5881] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] close(3) = 0 [ 98.390605][ T5882] loop2: detected capacity change from 0 to 4096 [ 98.401329][ T5881] loop3: detected capacity change from 0 to 4096 [ 98.430619][ T5881] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] rmdir("./6") = 0 [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./7", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 98.439788][ T5882] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(3 [pid 5843] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x55558b799660, 24 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5883 [pid 5883] <... set_robust_list resumed>) = 0 [pid 5883] chdir("./6") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5883] <... openat resumed>) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5839] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] write(1, "executing program\n", 18 [pid 5839] <... openat resumed>) = 4 [pid 5883] <... write resumed>) = 18 [pid 5883] memfd_create("syzkaller", 0 [pid 5839] newfstatat(4, "", [pid 5883] <... memfd_create resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... close resumed>) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./6/file1") = 0 [pid 5839] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./6/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./6") = 0 [pid 5839] mkdir("./7", 0777 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5881] <... mount resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5884 attached [pid 5881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... ioctl resumed>) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5839] close(3 [pid 5884] set_robust_list(0x55558b799660, 24 [pid 5881] chdir("./file1" [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5884 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5881] <... chdir resumed>) = 0 [pid 5884] chdir("./7" [pid 5881] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5884] <... chdir resumed>) = 0 [pid 5881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5881] open("./file1", O_RDONLY|O_DIRECT [pid 5884] <... prctl resumed>) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] <... open resumed>) = 4 [pid 5884] write(3, "1000", 4 [pid 5881] preadv2(4, [pid 5884] <... write resumed>) = 4 [pid 5881] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5884] close(3 [pid 5881] memfd_create("syzkaller", 0 [pid 5884] <... close resumed>) = 0 [pid 5881] <... memfd_create resumed>) = 5 [pid 5884] symlink("/dev/binderfs", "./binderfs" [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] <... mount resumed>) = 0 [pid 5881] <... mmap resumed>) = 0x7f9875600000 executing program [pid 5884] <... symlink resumed>) = 0 [pid 5884] write(1, "executing program\n", 18 [pid 5882] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5884] <... write resumed>) = 18 [pid 5884] memfd_create("syzkaller", 0 [pid 5882] <... openat resumed>) = 3 [pid 5882] chdir("./file1") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] open("./file1", O_RDONLY|O_DIRECT [pid 5884] <... memfd_create resumed>) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5882] <... open resumed>) = 4 [pid 5882] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5882] memfd_create("syzkaller", 0 [pid 5839] <... close resumed>) = 0 [pid 5883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5882] <... memfd_create resumed>) = 5 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5882] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x55558b799660, 24) = 0 [pid 5885] chdir("./7") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5881] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5883] <... write resumed>) = 2097152 [pid 5883] munmap(0x7f9875600000, 138412032 [pid 5882] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5884] <... write resumed>) = 2097152 [pid 5883] <... munmap resumed>) = 0 [pid 5884] munmap(0x7f9875600000, 138412032 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5881] <... write resumed>) = 2097152 [pid 5885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5884] <... munmap resumed>) = 0 [pid 5883] <... openat resumed>) = 4 [pid 5881] munmap(0x7f9875600000, 138412032 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5881] <... munmap resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5882] <... write resumed>) = 2097152 [pid 5881] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] close(5 [pid 5884] <... openat resumed>) = 4 [pid 5882] munmap(0x7f9875600000, 138412032 [pid 5883] <... ioctl resumed>) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4 [pid 5885] <... write resumed>) = 2097152 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5883] <... close resumed>) = 0 [pid 5885] munmap(0x7f9875600000, 138412032 [pid 5883] mkdir("./file1", 0777) = 0 [pid 5883] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5885] <... munmap resumed>) = 0 [pid 5884] <... ioctl resumed>) = 0 [pid 5882] <... munmap resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5884] close(3 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5881] <... close resumed>) = 0 [pid 5882] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] <... close resumed>) = 0 [pid 5882] close(5 [pid 5881] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5881] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5881] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5885] <... openat resumed>) = 4 [pid 5884] close(4 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5881] exit_group(0 [pid 5884] <... close resumed>) = 0 [pid 5881] <... exit_group resumed>) = ? [pid 5884] mkdir("./file1", 0777 [pid 5881] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5884] <... mkdir resumed>) = 0 [ 98.807947][ T5883] loop4: detected capacity change from 0 to 4096 [ 98.836494][ T5884] loop1: detected capacity change from 0 to 4096 [ 98.843589][ T5883] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5884] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5882] <... close resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file1", 0777 [pid 5882] <... open resumed>) = 5 [pid 5882] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5882] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5882] exit_group(0 [pid 5885] <... mkdir resumed>) = 0 [pid 5883] <... mount resumed>) = 0 [pid 5882] <... exit_group resumed>) = ? [pid 5842] <... umount2 resumed>) = 0 [ 98.887837][ T5885] loop0: detected capacity change from 0 to 4096 [ 98.899562][ T5884] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5882] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5885] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] <... openat resumed>) = 3 [pid 5842] newfstatat(AT_FDCWD, "./6/file1", [pid 5841] <... openat resumed>) = 3 [pid 5883] chdir("./file1" [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] newfstatat(3, "", [pid 5883] <... chdir resumed>) = 0 [pid 5842] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5883] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... openat resumed>) = 4 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./6/file1") = 0 [pid 5842] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./6/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./6") = 0 [pid 5842] mkdir("./7", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5883] <... open resumed>) = 4 [pid 5883] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5883] memfd_create("syzkaller", 0) = 5 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.950524][ T5885] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./6/file1"./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x55558b799660, 24) = 0 [pid 5886] chdir("./7" [pid 5841] <... rmdir resumed>) = 0 [pid 5841] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5884] <... mount resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5886 [pid 5886] <... chdir resumed>) = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORYexecuting program [pid 5886] setpgid(0, 0 [pid 5884] <... openat resumed>) = 3 [pid 5886] <... setpgid resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5884] chdir("./file1" [pid 5841] unlink("./6/binderfs" [pid 5884] <... chdir resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5886] <... openat resumed>) = 3 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] open("./file1", O_RDONLY|O_DIRECT [pid 5886] write(3, "1000", 4 [pid 5841] <... unlink resumed>) = 0 [pid 5886] <... write resumed>) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18) = 18 [pid 5886] memfd_create("syzkaller", 0 [pid 5884] <... open resumed>) = 4 [pid 5841] getdents64(3, [pid 5884] preadv2(4, [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5886] <... memfd_create resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] rmdir("./6" [pid 5884] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... rmdir resumed>) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5841] mkdir("./7", 0777 [pid 5884] <... memfd_create resumed>) = 5 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5885] <... mount resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5883] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file1" [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5885] <... chdir resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5885] preadv2(4, [pid 5841] <... close resumed>) = 0 [pid 5885] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] <... memfd_create resumed>) = 5 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached [pid 5885] <... mmap resumed>) = 0x7f9875600000 [pid 5887] set_robust_list(0x55558b799660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5887 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5887] chdir("./7") = 0 [pid 5886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5883] <... write resumed>) = 2097152 [pid 5887] <... prctl resumed>) = 0 [pid 5883] munmap(0x7f9875600000, 138412032 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5883] <... munmap resumed>) = 0 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] memfd_create("syzkaller", 0 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] <... memfd_create resumed>) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5883] close(5 [pid 5887] <... mmap resumed>) = 0x7f9875600000 [pid 5884] <... write resumed>) = 2097152 [pid 5886] <... write resumed>) = 2097152 [pid 5885] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5883] <... close resumed>) = 0 [pid 5884] munmap(0x7f9875600000, 138412032) = 0 [pid 5883] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5886] munmap(0x7f9875600000, 138412032 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5883] <... open resumed>) = 5 [pid 5886] <... munmap resumed>) = 0 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5883] truncate("./file1", 16784380 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5884] close(5 [pid 5886] <... openat resumed>) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5887] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5883] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5885] <... write resumed>) = 2097152 [pid 5884] <... close resumed>) = 0 [pid 5883] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5886] <... ioctl resumed>) = 0 [pid 5883] <... mmap resumed>) = 0x200000001000 [pid 5883] exit_group(0) = ? [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] mkdir("./file1", 0777) = 0 [pid 5883] +++ exited with 0 +++ [pid 5886] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5885] munmap(0x7f9875600000, 138412032 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5885] <... munmap resumed>) = 0 [pid 5843] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5884] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] <... open resumed>) = 5 [pid 5884] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [ 99.381879][ T5886] loop3: detected capacity change from 0 to 4096 [ 99.417221][ T5886] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5884] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5885] close(5 [pid 5843] <... umount2 resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5886] <... mount resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5887] <... write resumed>) = 2097152 [pid 5843] newfstatat(AT_FDCWD, "./6/file1", [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5886] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 4 [pid 5886] chdir("./file1" [pid 5843] newfstatat(4, "", [pid 5886] <... chdir resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] getdents64(4, [pid 5887] munmap(0x7f9875600000, 138412032 [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5886] preadv2(4, [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5886] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... close resumed>) = 0 [pid 5886] memfd_create("syzkaller", 0 [pid 5843] rmdir("./6/file1" [pid 5886] <... memfd_create resumed>) = 5 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] <... rmdir resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5843] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] <... openat resumed>) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5843] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5885] <... close resumed>) = 0 [pid 5843] unlink("./6/binderfs") = 0 [pid 5843] getdents64(3, [pid 5840] <... umount2 resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] <... ioctl resumed>) = 0 [pid 5885] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... close resumed>) = 0 [pid 5887] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5887] <... close resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5843] rmdir("./6" [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5887] close(4 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5887] <... close resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./7/file1") = 0 [pid 5840] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5887] mkdir("./file1", 0777 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./7/binderfs" [pid 5887] <... mkdir resumed>) = 0 [pid 5885] <... open resumed>) = 5 [pid 5843] mkdir("./7", 0777 [pid 5885] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5843] <... mkdir resumed>) = 0 [pid 5887] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [ 99.527657][ T5887] loop2: detected capacity change from 0 to 4096 [pid 5840] close(3 [pid 5885] <... openat resumed>) = 6 [pid 5843] <... openat resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5885] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5840] rmdir("./7" [pid 5885] <... mmap resumed>) = 0x200000001000 [pid 5843] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./8", 0777 [pid 5885] exit_group(0 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5886] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] <... exit_group resumed>) = ? [pid 5885] +++ exited with 0 +++ [pid 5843] <... close resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5888 attached ) = 3 [pid 5839] newfstatat(3, "", [pid 5888] set_robust_list(0x55558b799660, 24 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5839] getdents64(3, [pid 5888] chdir("./7" [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5888 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5888] <... chdir resumed>) = 0 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [ 99.589910][ T5887] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5888] write(1, "executing program\n", 18) = 18 [pid 5887] <... mount resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5888] memfd_create("syzkaller", 0 [pid 5887] <... openat resumed>) = 3 [pid 5887] chdir("./file1" [pid 5888] <... memfd_create resumed>) = 3 [pid 5887] <... chdir resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5889 attached [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] <... write resumed>) = 2097152 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5889 [pid 5839] <... umount2 resumed>) = 0 [pid 5888] <... mmap resumed>) = 0x7f9875600000 [pid 5887] open("./file1", O_RDONLY|O_DIRECT [pid 5886] munmap(0x7f9875600000, 138412032 [pid 5889] set_robust_list(0x55558b799660, 24) = 0 [pid 5889] chdir("./8") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5887] <... open resumed>) = 4 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] <... openat resumed>) = 3 [pid 5887] preadv2(4, [pid 5886] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./7/file1", [pid 5889] write(3, "1000", 4 [pid 5887] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5888] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5889] <... write resumed>) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5889] write(1, "executing program\n", 18 [pid 5887] memfd_create("syzkaller", 0 [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5889] <... write resumed>) = 18 [pid 5839] <... openat resumed>) = 4 [pid 5889] memfd_create("syzkaller", 0 [pid 5887] <... memfd_create resumed>) = 5 [pid 5886] close(5 [pid 5839] newfstatat(4, "", [pid 5889] <... memfd_create resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5887] <... mmap resumed>) = 0x7f9875600000 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./7/file1" [pid 5886] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5888] <... write resumed>) = 2097152 [pid 5886] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./7/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5886] <... open resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./7" [pid 5886] truncate("./file1", 16784380 [pid 5839] <... rmdir resumed>) = 0 [pid 5886] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] mkdir("./8", 0777 [pid 5886] <... openat resumed>) = 6 [pid 5886] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5888] munmap(0x7f9875600000, 138412032 [pid 5887] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5886] <... mmap resumed>) = 0x200000001000 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5888] <... munmap resumed>) = 0 [pid 5886] exit_group(0 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5886] <... exit_group resumed>) = ? [pid 5839] <... ioctl resumed>) = 0 [pid 5886] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5839] close(3 [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5839] <... close resumed>) = 0 [pid 5888] mkdir("./file1", 0777) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... umount2 resumed>) = 0 [ 99.871900][ T5888] loop4: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 5890 attached [pid 5889] <... write resumed>) = 2097152 [pid 5888] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5890 [pid 5842] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5890] set_robust_list(0x55558b799660, 24 [pid 5842] getdents64(4, [pid 5890] <... set_robust_list resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5890] chdir("./8" [pid 5842] close(4) = 0 [pid 5842] rmdir("./7/file1") = 0 [pid 5890] <... chdir resumed>) = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5890] <... openat resumed>) = 3 [pid 5842] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./7/binderfs") = 0 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5842] getdents64(3, [pid 5890] <... symlink resumed>) = 0 [pid 5889] munmap(0x7f9875600000, 138412032 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5887] <... write resumed>) = 2097152 [pid 5890] write(1, "executing program\n", 18 [pid 5889] <... munmap resumed>) = 0 [pid 5887] munmap(0x7f9875600000, 138412032 [pid 5842] close(3 [pid 5890] <... write resumed>) = 18 [pid 5890] memfd_create("syzkaller", 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./7") = 0 [pid 5890] <... memfd_create resumed>) = 3 [pid 5842] mkdir("./8", 0777executing program [pid 5887] <... munmap resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5889] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 99.919438][ T5888] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5887] close(5 [pid 5889] <... ioctl resumed>) = 0 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./file1", 0777) = 0 [pid 5887] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [ 99.964981][ T5889] loop1: detected capacity change from 0 to 4096 [pid 5889] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5887] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5890] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] set_robust_list(0x55558b799660, 24) = 0 [pid 5887] <... open resumed>) = 5 [pid 5887] truncate("./file1", 16784380 [pid 5891] chdir("./8") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5887] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5891] <... prctl resumed>) = 0 [pid 5887] <... openat resumed>) = 6 [pid 5891] setpgid(0, 0 [pid 5887] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5891] <... setpgid resumed>) = 0 [pid 5887] <... mmap resumed>) = 0x200000001000 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] exit_group(0executing program [pid 5891] write(3, "1000", 4 [pid 5887] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5891] <... write resumed>) = 4 [pid 5891] close(3 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5891] <... close resumed>) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... restart_syscall resumed>) = 0 [pid 5891] <... symlink resumed>) = 0 [pid 5841] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5891] write(1, "executing program\n", 18) = 18 [ 100.012299][ T5889] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5888] <... mount resumed>) = 0 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5889] <... mount resumed>) = 0 [pid 5888] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file1" [pid 5889] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file1" [pid 5888] <... chdir resumed>) = 0 [pid 5889] <... chdir resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] open("./file1", O_RDONLY|O_DIRECT [pid 5889] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5888] <... open resumed>) = 4 [pid 5888] preadv2(4, [pid 5889] preadv2(4, [pid 5890] <... write resumed>) = 2097152 [pid 5889] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5888] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5889] memfd_create("syzkaller", 0) = 5 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5888] memfd_create("syzkaller", 0) = 5 [pid 5841] <... umount2 resumed>) = 0 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5888] <... mmap resumed>) = 0x7f9875600000 [pid 5841] newfstatat(AT_FDCWD, "./7/file1", [pid 5890] munmap(0x7f9875600000, 138412032 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5890] <... munmap resumed>) = 0 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5890] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5890] <... ioctl resumed>) = 0 [pid 5891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5890] close(3) = 0 [pid 5841] close(4 [pid 5890] close(4 [pid 5841] <... close resumed>) = 0 [pid 5890] <... close resumed>) = 0 [ 100.152499][ T5890] loop0: detected capacity change from 0 to 4096 [pid 5890] mkdir("./file1", 0777) = 0 [pid 5841] rmdir("./7/file1" [pid 5890] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... rmdir resumed>) = 0 [pid 5841] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./7/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./7") = 0 [pid 5889] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] mkdir("./8", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5888] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] <... write resumed>) = 2097152 [ 100.199412][ T5890] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5891] munmap(0x7f9875600000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... close resumed>) = 0 [pid 5891] <... ioctl resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached [pid 5889] <... write resumed>) = 2097152 [pid 5892] set_robust_list(0x55558b799660, 24) = 0 [pid 5892] chdir("./8") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5892 [pid 5892] <... prctl resumed>) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5892] write(1, "executing program\n", 18) = 18 [pid 5892] memfd_create("syzkaller", 0 [pid 5891] close(3 [pid 5890] <... mount resumed>) = 0 [pid 5889] munmap(0x7f9875600000, 138412032 [pid 5888] <... write resumed>) = 2097152 [pid 5891] <... close resumed>) = 0 [pid 5891] close(4 [pid 5892] <... memfd_create resumed>) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5890] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5891] <... close resumed>) = 0 [ 100.310326][ T5891] loop3: detected capacity change from 0 to 4096 [pid 5891] mkdir("./file1", 0777 [pid 5890] <... openat resumed>) = 3 [pid 5888] munmap(0x7f9875600000, 138412032 [pid 5890] chdir("./file1") = 0 [pid 5891] <... mkdir resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5890] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5889] <... munmap resumed>) = 0 [pid 5890] preadv2(4, [pid 5889] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5891] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5888] <... munmap resumed>) = 0 [pid 5890] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] close(5 [pid 5890] <... memfd_create resumed>) = 5 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5888] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5890] <... mmap resumed>) = 0x7f9875600000 [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 100.400900][ T5891] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5888] close(5 [pid 5889] <... close resumed>) = 0 [pid 5889] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5889] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5889] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5889] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5888] <... close resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5888] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] <... open resumed>) = 5 [pid 5888] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5888] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5890] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5888] <... mmap resumed>) = 0x200000001000 [pid 5888] exit_group(0) = ? [pid 5840] <... umount2 resumed>) = 0 [pid 5888] +++ exited with 0 +++ [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5840] rmdir("./8/file1" [pid 5843] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... rmdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./8/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./8") = 0 [pid 5892] <... write resumed>) = 2097152 [pid 5840] mkdir("./9", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5892] munmap(0x7f9875600000, 138412032 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5893 ./strace-static-x86_64: Process 5893 attached [pid 5891] <... mount resumed>) = 0 [pid 5891] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5890] <... write resumed>) = 2097152 [pid 5843] <... umount2 resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5891] <... openat resumed>) = 3 [pid 5843] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5891] chdir("./file1" [pid 5893] set_robust_list(0x55558b799660, 24) = 0 [pid 5893] chdir("./9" [pid 5891] <... chdir resumed>) = 0 [pid 5843] newfstatat(AT_FDCWD, "./7/file1", [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5893] <... chdir resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5892] <... openat resumed>) = 4 [pid 5891] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] <... prctl resumed>) = 0 [pid 5893] setpgid(0, 0 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5891] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] <... setpgid resumed>) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5893] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 4 [pid 5893] write(3, "1000", 4 [pid 5843] newfstatat(4, "", [pid 5893] <... write resumed>) = 4 [pid 5890] munmap(0x7f9875600000, 138412032 [pid 5891] <... open resumed>) = 4 [pid 5890] <... munmap resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5893] close(3 [pid 5843] getdents64(4, [pid 5893] <... close resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] getdents64(4, [pid 5893] write(1, "executing program\n", 18 executing program [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5891] preadv2(4, [pid 5893] <... write resumed>) = 18 [pid 5843] close(4 [pid 5891] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./7/file1" [pid 5891] memfd_create("syzkaller", 0) = 5 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5892] <... ioctl resumed>) = 0 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 100.630733][ T5892] loop2: detected capacity change from 0 to 4096 [pid 5890] close(5 [pid 5892] close(3 [pid 5891] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... rmdir resumed>) = 0 [pid 5892] <... close resumed>) = 0 [pid 5892] close(4) = 0 [pid 5892] mkdir("./file1", 0777) = 0 [pid 5892] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5890] <... close resumed>) = 0 [pid 5843] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./7/binderfs" [pid 5890] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... unlink resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./7") = 0 [pid 5890] <... open resumed>) = 5 [pid 5890] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5890] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] mkdir("./8", 0777 [pid 5890] <... mmap resumed>) = 0x200000001000 [pid 5890] exit_group(0) = ? [pid 5890] +++ exited with 0 +++ [pid 5843] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5843] <... openat resumed>) = 3 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [ 100.687365][ T5892] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5843] close(3 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5892] <... mount resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5892] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... close resumed>) = 0 [pid 5892] <... openat resumed>) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5892] chdir("./file1") = 0 [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5894 attached [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... openat resumed>) = 4 [pid 5894] set_robust_list(0x55558b799660, 24 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5894 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5894] <... set_robust_list resumed>) = 0 [pid 5892] <... open resumed>) = 4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5894] chdir("./8") = 0 [pid 5892] preadv2(4, [pid 5891] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] getdents64(4, [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./8/file1") = 0 [pid 5839] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./8/binderfs" [pid 5894] setpgid(0, 0 [pid 5892] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... unlink resumed>) = 0 [pid 5894] <... setpgid resumed>) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5892] <... memfd_create resumed>) = 5 [pid 5839] close(3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... close resumed>) = 0 [pid 5892] <... mmap resumed>) = 0x7f9875600000 [pid 5839] rmdir("./8" [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./9", 0777 [pid 5894] <... openat resumed>) = 3 [pid 5839] <... mkdir resumed>) = 0 [pid 5894] write(3, "1000", 4 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5894] <... write resumed>) = 4 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... close resumed>) = 0 [pid 5894] <... symlink resumed>) = 0 [pid 5893] <... write resumed>) = 2097152 [pid 5894] write(1, "executing program\n", 18 [pid 5893] munmap(0x7f9875600000, 138412032executing program [pid 5894] <... write resumed>) = 18 [pid 5893] <... munmap resumed>) = 0 [pid 5891] <... write resumed>) = 2097152 [pid 5894] memfd_create("syzkaller", 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5894] <... memfd_create resumed>) = 3 [pid 5891] munmap(0x7f9875600000, 138412032 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5895 ./strace-static-x86_64: Process 5895 attached [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5895] set_robust_list(0x55558b799660, 24) = 0 [pid 5895] chdir("./9" [pid 5891] <... munmap resumed>) = 0 [pid 5895] <... chdir resumed>) = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] <... ioctl resumed>) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5895] setpgid(0, 0) = 0 [pid 5891] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5891] close(5 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file1", 0777) = 0 [pid 5893] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5895] <... openat resumed>) = 3 [pid 5892] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3executing program ) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 100.930964][ T5893] loop1: detected capacity change from 0 to 4096 [ 100.966191][ T5893] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5891] <... close resumed>) = 0 [pid 5894] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5893] <... mount resumed>) = 0 [pid 5891] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file1") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5893] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5893] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5893] memfd_create("syzkaller", 0) = 5 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5892] <... write resumed>) = 2097152 [pid 5895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5892] munmap(0x7f9875600000, 138412032 [pid 5891] <... open resumed>) = 5 [pid 5891] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5892] <... munmap resumed>) = 0 [pid 5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5892] close(5 [pid 5894] <... write resumed>) = 2097152 [pid 5891] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5894] munmap(0x7f9875600000, 138412032 [pid 5891] <... mmap resumed>) = 0x200000001000 [pid 5893] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] exit_group(0) = ? [pid 5894] <... munmap resumed>) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3 [pid 5891] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] <... write resumed>) = 2097152 [pid 5894] <... ioctl resumed>) = 0 [pid 5892] <... close resumed>) = 0 [pid 5895] munmap(0x7f9875600000, 138412032 [pid 5894] close(3 [pid 5892] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5894] <... close resumed>) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./file1", 0777) = 0 [pid 5894] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5892] <... open resumed>) = 5 [pid 5895] <... munmap resumed>) = 0 [pid 5892] truncate("./file1", 16784380 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5892] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... umount2 resumed>) = 0 [ 101.121369][ T5894] loop4: detected capacity change from 0 to 4096 [ 101.157177][ T5894] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5895] <... openat resumed>) = 4 [pid 5892] <... openat resumed>) = 6 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5892] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./8/file1", [pid 5892] <... mmap resumed>) = 0x200000001000 [pid 5892] exit_group(0) = ? [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./8/file1") = 0 [pid 5842] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5893] <... write resumed>) = 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./8/binderfs" [pid 5895] <... ioctl resumed>) = 0 [pid 5893] munmap(0x7f9875600000, 138412032 [pid 5892] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5841] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... unlink resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5895] close(3 [pid 5893] <... munmap resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5895] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5841] newfstatat(3, "", [pid 5895] close(4 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] <... close resumed>) = 0 [pid 5842] close(3 [pid 5841] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5895] mkdir("./file1", 0777) = 0 [pid 5895] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 101.180096][ T5895] loop0: detected capacity change from 0 to 4096 [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] rmdir("./8") = 0 [pid 5842] mkdir("./9", 0777) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... ioctl resumed>) = 0 [pid 5893] close(5 [pid 5842] close(3) = 0 [pid 5893] <... close resumed>) = 0 [pid 5893] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5893] truncate("./file1", 16784380 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5896 attached [pid 5893] <... truncate resumed>) = -1 EFBIG (File too large) [ 101.236125][ T5895] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5896] set_robust_list(0x55558b799660, 24 [pid 5893] <... openat resumed>) = 6 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5893] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5896 [pid 5896] chdir("./9" [pid 5893] <... mmap resumed>) = 0x200000001000 [pid 5896] <... chdir resumed>) = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] exit_group(0 [pid 5896] <... prctl resumed>) = 0 [pid 5893] <... exit_group resumed>) = ? [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5896] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] write(3, "1000", 4 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] getdents64(3, [pid 5896] <... write resumed>) = 4 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5896] write(1, "executing program\n", 18 [pid 5894] <... mount resumed>) = 0 [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... write resumed>) = 18 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] memfd_create("syzkaller", 0 [pid 5841] newfstatat(AT_FDCWD, "./8/file1", [pid 5894] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5894] <... openat resumed>) = 3 [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5894] chdir("./file1" [pid 5841] newfstatat(4, "", [pid 5894] <... chdir resumed>) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5894] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(4, [pid 5894] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5896] <... memfd_create resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] close(4 [pid 5896] <... mmap resumed>) = 0x7f9875600000 [pid 5894] <... open resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./8/file1" [pid 5894] preadv2(4, [pid 5841] <... rmdir resumed>) = 0 [pid 5894] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5894] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] <... memfd_create resumed>) = 5 [pid 5841] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5894] <... mmap resumed>) = 0x7f9875600000 [pid 5841] unlink("./8/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5841] rmdir("./8" [pid 5840] <... umount2 resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./9", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... openat resumed>) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5895] chdir("./file1" [pid 5841] <... ioctl resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] <... chdir resumed>) = 0 [pid 5841] close(3 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5895] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... openat resumed>) = 4 [pid 5895] <... open resumed>) = 4 [pid 5895] preadv2(4, [pid 5841] <... close resumed>) = 0 [pid 5896] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5894] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] newfstatat(4, "", [pid 5895] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] <... memfd_create resumed>) = 5 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5897 [pid 5840] getdents64(4, ./strace-static-x86_64: Process 5897 attached [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5895] <... mmap resumed>) = 0x7f9875600000 [pid 5840] getdents64(4, [pid 5897] set_robust_list(0x55558b799660, 24 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5897] <... set_robust_list resumed>) = 0 [ 101.431023][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 101.431043][ T30] audit: type=1800 audit(1750615382.705:93): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5840] close(4 [pid 5897] chdir("./9" [pid 5840] <... close resumed>) = 0 [pid 5897] <... chdir resumed>) = 0 [pid 5840] rmdir("./9/file1" [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... rmdir resumed>) = 0 [pid 5897] <... prctl resumed>) = 0 [pid 5840] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] setpgid(0, 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] <... setpgid resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] <... openat resumed>) = 3 [pid 5840] unlink("./9/binderfs" [pid 5897] write(3, "1000", 4 [pid 5840] <... unlink resumed>) = 0 [pid 5897] <... write resumed>) = 4 [pid 5840] getdents64(3, [pid 5897] close(3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5897] <... close resumed>) = 0 [pid 5840] close(3 [pid 5897] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... close resumed>) = 0 executing program [pid 5897] <... symlink resumed>) = 0 [pid 5840] rmdir("./9") = 0 [pid 5897] write(1, "executing program\n", 18) = 18 [pid 5840] mkdir("./10", 0777 [pid 5897] memfd_create("syzkaller", 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5897] <... memfd_create resumed>) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5896] <... write resumed>) = 2097152 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5896] munmap(0x7f9875600000, 138412032 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5896] <... munmap resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5895] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5898 ./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x55558b799660, 24) = 0 [pid 5898] chdir("./10") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5894] <... write resumed>) = 2097152 [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] memfd_create("syzkaller", 0 [pid 5894] munmap(0x7f9875600000, 138412032) = 0 [pid 5898] <... memfd_create resumed>) = 3 [pid 5896] <... ioctl resumed>) = 0 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] close(3 [pid 5898] <... mmap resumed>) = 0x7f9875600000 [pid 5896] <... close resumed>) = 0 [pid 5896] close(4 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5896] <... close resumed>) = 0 [pid 5894] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 101.586477][ T5896] loop3: detected capacity change from 0 to 4096 [pid 5896] mkdir("./file1", 0777 [pid 5894] close(5 [pid 5897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] <... mkdir resumed>) = 0 [pid 5895] <... write resumed>) = 2097152 [pid 5896] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5895] munmap(0x7f9875600000, 138412032) = 0 [pid 5894] <... close resumed>) = 0 [pid 5894] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5894] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5894] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5894] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ [ 101.653201][ T5896] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] close(5 [pid 5896] <... mount resumed>) = 0 [pid 5843] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... openat resumed>) = 3 [pid 5896] chdir("./file1") = 0 [pid 5843] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] <... openat resumed>) = 3 [pid 5896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 101.681471][ T30] audit: type=1804 audit(1750615382.955:94): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/8/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5843] newfstatat(3, "", [pid 5896] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5896] <... open resumed>) = 4 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5896] memfd_create("syzkaller", 0) = 5 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] <... write resumed>) = 2097152 [pid 5896] <... mmap resumed>) = 0x7f9875600000 [pid 5895] <... close resumed>) = 0 [pid 5897] munmap(0x7f9875600000, 138412032 [pid 5895] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... umount2 resumed>) = 0 [pid 5898] <... write resumed>) = 2097152 [pid 5897] <... munmap resumed>) = 0 [pid 5843] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 101.777288][ T30] audit: type=1800 audit(1750615383.025:95): pid=5896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5898] munmap(0x7f9875600000, 138412032 [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] <... openat resumed>) = 4 [pid 5843] newfstatat(AT_FDCWD, "./8/file1", [pid 5897] ioctl(4, LOOP_SET_FD, 3 [pid 5898] <... munmap resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... ioctl resumed>) = 0 [pid 5895] <... open resumed>) = 5 [pid 5897] close(3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] truncate("./file1", 16784380 [pid 5897] <... close resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5898] <... openat resumed>) = 4 [pid 5897] close(4 [pid 5843] <... openat resumed>) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5897] <... close resumed>) = 0 [pid 5895] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] newfstatat(4, "", [pid 5897] mkdir("./file1", 0777) = 0 [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5897] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5895] <... openat resumed>) = 6 [pid 5843] getdents64(4, [pid 5896] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5898] <... ioctl resumed>) = 0 [pid 5843] getdents64(4, [pid 5898] close(3) = 0 [pid 5898] close(4) = 0 [pid 5898] mkdir("./file1", 0777) = 0 [pid 5895] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [ 101.811845][ T30] audit: type=1804 audit(1750615383.075:96): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/9/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 101.841273][ T5897] loop2: detected capacity change from 0 to 4096 [ 101.852286][ T5898] loop1: detected capacity change from 0 to 4096 [ 101.861351][ T5897] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5898] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5895] <... mmap resumed>) = 0x200000001000 [pid 5843] close(4) = 0 [pid 5895] exit_group(0) = ? [pid 5843] rmdir("./8/file1" [pid 5895] +++ exited with 0 +++ [pid 5843] <... rmdir resumed>) = 0 [pid 5843] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./8/binderfs" [pid 5839] <... restart_syscall resumed>) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5839] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] rmdir("./8" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... rmdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5843] mkdir("./9", 0777 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [ 101.881316][ T5898] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5843] close(3 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5897] <... mount resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] close(4 [pid 5897] chdir("./file1" [pid 5839] <... close resumed>) = 0 [pid 5897] <... chdir resumed>) = 0 [pid 5839] rmdir("./9/file1" [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... rmdir resumed>) = 0 [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] <... write resumed>) = 2097152 [pid 5843] <... close resumed>) = 0 [pid 5839] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./9/binderfs") = 0 [pid 5896] munmap(0x7f9875600000, 138412032 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5898] <... mount resumed>) = 0 [pid 5897] <... open resumed>) = 4 [pid 5839] rmdir("./9") = 0 [pid 5898] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5896] <... munmap resumed>) = 0 [pid 5898] <... openat resumed>) = 3 [pid 5898] chdir("./file1") = 0 [pid 5839] mkdir("./10", 0777 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] <... mkdir resumed>) = 0 [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5898] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached [pid 5898] preadv2(4, [pid 5897] preadv2(4, [pid 5896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] close(3 [pid 5899] set_robust_list(0x55558b799660, 24) = 0 [pid 5896] close(5 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5899 [pid 5898] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [ 101.995886][ T30] audit: type=1800 audit(1750615383.265:97): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5898] memfd_create("syzkaller", 0) = 5 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5899] chdir("./9" [pid 5897] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5899] <... chdir resumed>) = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5897] memfd_create("syzkaller", 0 [pid 5899] <... prctl resumed>) = 0 [ 102.033908][ T30] audit: type=1800 audit(1750615383.265:98): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5899] setpgid(0, 0 [pid 5897] <... memfd_create resumed>) = 5 [pid 5896] <... close resumed>) = 0 [pid 5899] <... setpgid resumed>) = 0 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5897] <... mmap resumed>) = 0x7f9875600000 [pid 5896] <... open resumed>) = 5 [pid 5896] truncate("./file1", 16784380executing program [pid 5899] <... openat resumed>) = 3 [pid 5897] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] <... close resumed>) = 0 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5896] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5896] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5899] symlink("/dev/binderfs", "./binderfs" [pid 5896] <... mmap resumed>) = 0x200000001000 [pid 5899] <... symlink resumed>) = 0 [pid 5896] exit_group(0) = ? [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5898] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5899] memfd_create("syzkaller", 0 [pid 5842] newfstatat(3, "", [pid 5899] <... memfd_create resumed>) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] getdents64(3, [pid 5899] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5900 attached [pid 5842] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5900 [ 102.120174][ T30] audit: type=1804 audit(1750615383.375:99): pid=5896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/9/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5900] set_robust_list(0x55558b799660, 24) = 0 [pid 5900] chdir("./10"executing program ) = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] memfd_create("syzkaller", 0) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... write resumed>) = 2097152 [pid 5897] <... write resumed>) = 2097152 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] munmap(0x7f9875600000, 138412032 [pid 5842] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] munmap(0x7f9875600000, 138412032) = 0 [pid 5899] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5897] close(5 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5900] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] <... munmap resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./9/file1") = 0 [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5898] close(5 [pid 5842] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5897] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./9/binderfs" [pid 5897] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5898] <... close resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5899] <... write resumed>) = 2097152 [pid 5898] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5900] <... write resumed>) = 2097152 [pid 5842] close(3) = 0 [pid 5899] munmap(0x7f9875600000, 138412032 [pid 5842] rmdir("./9") = 0 [pid 5897] <... open resumed>) = 5 [pid 5842] mkdir("./10", 0777 [pid 5897] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5897] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5897] exit_group(0) = ? [pid 5842] <... mkdir resumed>) = 0 [ 102.329897][ T30] audit: type=1804 audit(1750615383.595:100): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/9/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5900] munmap(0x7f9875600000, 138412032 [pid 5899] <... munmap resumed>) = 0 [pid 5898] <... open resumed>) = 5 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5898] truncate("./file1", 16784380 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5898] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] close(3 [pid 5898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5898] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5898] exit_group(0) = ? [pid 5898] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5900] <... munmap resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5842] <... close resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... restart_syscall resumed>) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5899] <... openat resumed>) = 4 [ 102.367725][ T30] audit: type=1804 audit(1750615383.625:101): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/10/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5900] <... openat resumed>) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5841] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] <... ioctl resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5840] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 5840] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... openat resumed>) = 3 [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... ioctl resumed>) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file1", 0777 [pid 5900] close(3 [pid 5899] <... mkdir resumed>) = 0 [pid 5900] <... close resumed>) = 0 [pid 5900] close(4 [pid 5899] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5900] <... close resumed>) = 0 [pid 5900] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 5901 attached [pid 5900] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5901] set_robust_list(0x55558b799660, 24) = 0 [ 102.429765][ T5900] loop0: detected capacity change from 0 to 4096 [ 102.437186][ T5899] loop4: detected capacity change from 0 to 4096 [pid 5901] chdir("./10") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5901 [pid 5901] <... prctl resumed>) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] <... umount2 resumed>) = 0 executing program [pid 5901] write(1, "executing program\n", 18) = 18 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(4) = 0 [pid 5841] newfstatat(AT_FDCWD, "./9/file1", [pid 5840] rmdir("./10/file1") = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 102.476314][ T5900] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 102.487207][ T5899] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5840] unlink("./10/binderfs" [pid 5841] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", [pid 5840] <... unlink resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] getdents64(4, [pid 5840] close(3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] rmdir("./9/file1" [pid 5840] rmdir("./10" [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./11", 0777 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./9/binderfs") = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] rmdir("./9") = 0 [pid 5840] <... openat resumed>) = 3 [pid 5900] <... mount resumed>) = 0 [pid 5841] mkdir("./10", 0777 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5841] <... mkdir resumed>) = 0 [pid 5901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5900] <... openat resumed>) = 3 [pid 5900] chdir("./file1") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] open("./file1", O_RDONLY|O_DIRECT [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5900] <... open resumed>) = 4 [pid 5900] preadv2(4, [pid 5841] close(3 [pid 5900] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5900] memfd_create("syzkaller", 0) = 5 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5902 ./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x55558b799660, 24) = 0 [pid 5902] chdir("./11") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5901] <... write resumed>) = 2097152 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5902] write(1, "executing program\n", 18) = 18 [pid 5902] memfd_create("syzkaller", 0 [ 102.610869][ T30] audit: type=1800 audit(1750615383.875:102): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5900] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5902] <... memfd_create resumed>) = 3 [pid 5901] munmap(0x7f9875600000, 138412032) = 0 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... close resumed>) = 0 [pid 5902] <... mmap resumed>) = 0x7f9875600000 [pid 5901] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 5903 attached [pid 5899] <... mount resumed>) = 0 [pid 5899] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file1") = 0 [pid 5903] set_robust_list(0x55558b799660, 24 [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] open("./file1", O_RDONLY|O_DIRECT [pid 5903] <... set_robust_list resumed>) = 0 [pid 5903] chdir("./10" [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5903 [pid 5903] <... chdir resumed>) = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0 [pid 5899] <... open resumed>) = 4 [pid 5903] <... setpgid resumed>) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4 [pid 5901] close(3 [pid 5899] preadv2(4, [pid 5901] <... close resumed>) = 0 [pid 5901] close(4 [pid 5899] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5901] <... close resumed>) = 0 [pid 5899] memfd_create("syzkaller", 0 [pid 5903] <... write resumed>) = 4 [pid 5901] mkdir("./file1", 0777 [pid 5899] <... memfd_create resumed>) = 5 [pid 5903] close(3) = 0 [ 102.692068][ T5901] loop3: detected capacity change from 0 to 4096 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] <... mkdir resumed>) = 0 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5901] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5899] <... mmap resumed>) = 0x7f9875600000 executing program [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5900] <... write resumed>) = 2097152 [pid 5903] <... mmap resumed>) = 0x7f9875600000 [ 102.760153][ T5901] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5902] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] munmap(0x7f9875600000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] close(5 [pid 5899] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5903] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5901] <... mount resumed>) = 0 [pid 5900] <... close resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file1") = 0 [pid 5900] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5901] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5900] <... open resumed>) = 5 [pid 5901] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5900] truncate("./file1", 16784380 [pid 5901] memfd_create("syzkaller", 0 [pid 5900] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5901] <... memfd_create resumed>) = 5 [pid 5900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5900] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5901] <... mmap resumed>) = 0x7f9875600000 [pid 5900] <... mmap resumed>) = 0x200000001000 [pid 5902] <... write resumed>) = 2097152 [pid 5900] exit_group(0) = ? [pid 5902] munmap(0x7f9875600000, 138412032 [pid 5900] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5902] <... munmap resumed>) = 0 [pid 5839] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5902] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... write resumed>) = 2097152 [pid 5899] <... write resumed>) = 2097152 [pid 5899] munmap(0x7f9875600000, 138412032 [pid 5903] munmap(0x7f9875600000, 138412032 [pid 5902] <... ioctl resumed>) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5902] mkdir("./file1", 0777 [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5902] <... mkdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5903] <... munmap resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./10/file1", [pid 5903] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5899] <... munmap resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... openat resumed>) = 4 [ 102.963295][ T5902] loop1: detected capacity change from 0 to 4096 [ 102.995624][ T5902] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 103.007311][ T5903] loop2: detected capacity change from 0 to 4096 [pid 5901] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] newfstatat(4, "", [pid 5899] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5899] close(5 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5903] <... ioctl resumed>) = 0 [pid 5839] rmdir("./10/file1" [pid 5903] close(3) = 0 [pid 5903] close(4 [pid 5839] <... rmdir resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5903] mkdir("./file1", 0777 [pid 5839] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5903] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./10/binderfs") = 0 [pid 5839] getdents64(3, [pid 5903] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5901] <... write resumed>) = 2097152 [pid 5899] <... close resumed>) = 0 [pid 5839] close(3) = 0 [pid 5901] munmap(0x7f9875600000, 138412032 [pid 5899] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5901] <... munmap resumed>) = 0 [pid 5839] rmdir("./10") = 0 [pid 5839] mkdir("./11", 0777 [pid 5902] <... mount resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5899] <... open resumed>) = 5 [pid 5839] <... openat resumed>) = 3 [pid 5899] truncate("./file1", 16784380 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5902] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5899] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] <... ioctl resumed>) = 0 [pid 5902] <... openat resumed>) = 3 [pid 5899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5902] chdir("./file1" [pid 5899] <... openat resumed>) = 6 [pid 5902] <... chdir resumed>) = 0 [pid 5899] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] close(3 [pid 5902] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5899] <... mmap resumed>) = 0x200000001000 [pid 5902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5899] exit_group(0 [pid 5902] open("./file1", O_RDONLY|O_DIRECT [pid 5899] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5901] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5902] <... open resumed>) = 4 [pid 5901] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [ 103.056987][ T5903] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5843] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] close(5 [pid 5902] preadv2(4, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5902] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5902] memfd_create("syzkaller", 0) = 5 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5901] <... close resumed>) = 0 [pid 5843] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5903] <... mount resumed>) = 0 [pid 5903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file1") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] open("./file1", O_RDONLY|O_DIRECT [pid 5901] <... open resumed>) = 5 [pid 5901] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5901] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5903] <... open resumed>) = 4 [pid 5901] <... mmap resumed>) = 0x200000001000 [pid 5839] <... close resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached [pid 5903] preadv2(4, [pid 5901] exit_group(0 [pid 5843] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5904 [pid 5904] <... set_robust_list resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] chdir("./11" [pid 5903] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5901] <... exit_group resumed>) = ? [pid 5843] newfstatat(AT_FDCWD, "./9/file1", [pid 5904] <... chdir resumed>) = 0 [pid 5903] memfd_create("syzkaller", 0 [pid 5901] +++ exited with 0 +++ [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [pid 5904] <... prctl resumed>) = 0 [pid 5903] <... memfd_create resumed>) = 5 [pid 5843] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5904] setpgid(0, 0 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... restart_syscall resumed>) = 0 [pid 5904] <... setpgid resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... openat resumed>) = 4 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5902] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] newfstatat(4, "", [pid 5842] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] <... openat resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] write(3, "1000", 4 [pid 5842] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5904] <... write resumed>) = 4 [pid 5904] close(3) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5904] symlink("/dev/binderfs", "./binderfs" [pid 5843] getdents64(4, [pid 5842] newfstatat(3, "", executing program [pid 5904] <... symlink resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5904] write(1, "executing program\n", 18 [pid 5843] getdents64(4, [pid 5842] getdents64(3, [pid 5904] <... write resumed>) = 18 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5904] memfd_create("syzkaller", 0 [pid 5843] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5904] <... memfd_create resumed>) = 3 [pid 5903] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] rmdir("./9/file1" [pid 5842] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5904] <... mmap resumed>) = 0x7f9875600000 [pid 5843] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5902] <... write resumed>) = 2097152 [pid 5843] unlink("./9/binderfs" [pid 5902] munmap(0x7f9875600000, 138412032 [pid 5843] <... unlink resumed>) = 0 [pid 5902] <... munmap resumed>) = 0 [pid 5843] getdents64(3, [pid 5842] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] newfstatat(AT_FDCWD, "./10/file1", [pid 5843] close(3) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] rmdir("./9" [pid 5842] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5902] close(5 [pid 5904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] mkdir("./10", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... openat resumed>) = 4 [pid 5843] <... openat resumed>) = 3 [pid 5842] newfstatat(4, "", [pid 5903] <... write resumed>) = 2097152 [pid 5902] <... close resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] munmap(0x7f9875600000, 138412032 [pid 5842] getdents64(4, [pid 5843] <... ioctl resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] close(3 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5903] <... munmap resumed>) = 0 [pid 5902] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5903] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] close(4 [pid 5903] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] close(5 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./10/file1" [pid 5903] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5904] <... write resumed>) = 2097152 [pid 5842] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5904] munmap(0x7f9875600000, 138412032 [pid 5842] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./10/binderfs" [pid 5904] <... munmap resumed>) = 0 [pid 5902] <... open resumed>) = 5 [pid 5842] <... unlink resumed>) = 0 [pid 5902] truncate("./file1", 16784380 [pid 5842] getdents64(3, [pid 5903] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5902] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] close(3 [pid 5902] <... openat resumed>) = 6 [pid 5902] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... close resumed>) = 0 [pid 5902] <... mmap resumed>) = 0x200000001000 [pid 5843] <... close resumed>) = 0 [pid 5842] rmdir("./10" [pid 5902] exit_group(0) = ? [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5902] +++ exited with 0 +++ [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... rmdir resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5903] <... open resumed>) = 5 [pid 5903] truncate("./file1", 16784380 [pid 5842] mkdir("./11", 0777 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5905 attached [pid 5903] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5903] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5903] exit_group(0 [pid 5905] set_robust_list(0x55558b799660, 24) = 0 [pid 5904] <... openat resumed>) = 4 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5905 [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... exit_group resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./11/file1", [pid 5905] chdir("./10" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5905] <... chdir resumed>) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5904] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5905] <... prctl resumed>) = 0 [pid 5904] close(3 [pid 5905] setpgid(0, 0 [pid 5904] <... close resumed>) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./11/file1" [pid 5905] <... setpgid resumed>) = 0 [pid 5904] close(4 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5904] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5905] <... openat resumed>) = 3 [pid 5904] mkdir("./file1", 0777 [pid 5840] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./11/binderfs") = 0 [pid 5840] getdents64(3, [pid 5904] <... mkdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [ 103.453863][ T5904] loop0: detected capacity change from 0 to 4096 [pid 5905] write(3, "1000", 4 [pid 5904] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... close resumed>) = 0 [pid 5840] close(3 [pid 5905] <... write resumed>) = 4 [pid 5905] close(3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5905] <... close resumed>) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... close resumed>) = 0 ./strace-static-x86_64: Process 5906 attached [pid 5905] <... symlink resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5906 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] rmdir("./11" [pid 5906] set_robust_list(0x55558b799660, 24 [pid 5905] write(1, "executing program\n", 18 [pid 5906] <... set_robust_list resumed>) = 0 [pid 5906] chdir("./11") = 0 executing program [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5905] <... write resumed>) = 18 [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... rmdir resumed>) = 0 [pid 5906] <... prctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] mkdir("./12", 0777 [pid 5906] setpgid(0, 0 [pid 5841] newfstatat(AT_FDCWD, "./10/file1", [pid 5840] <... mkdir resumed>) = 0 [pid 5906] <... setpgid resumed>) = 0 [pid 5905] memfd_create("syzkaller", 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5905] <... memfd_create resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... openat resumed>) = 4 [pid 5906] write(3, "1000", 4 [pid 5841] newfstatat(4, "", [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5906] <... write resumed>) = 4 [pid 5905] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5906] close(3 [pid 5841] getdents64(4, [pid 5840] close(3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5906] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5907 attached [pid 5906] <... symlink resumed>) = 0 [pid 5841] close(4 [pid 5906] write(1, "executing program\n", 18 [pid 5841] <... close resumed>) = 0 [pid 5907] set_robust_list(0x55558b799660, 24 [pid 5906] <... write resumed>) = 18 [pid 5841] rmdir("./10/file1" [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5907 [pid 5841] <... rmdir resumed>) = 0 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5906] memfd_create("syzkaller", 0 [pid 5907] chdir("./12" [pid 5841] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] <... chdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5907] <... prctl resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] setpgid(0, 0 [pid 5841] unlink("./10/binderfs" [pid 5907] <... setpgid resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] getdents64(3, [pid 5907] <... openat resumed>) = 3 [pid 5906] <... memfd_create resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 103.498019][ T5904] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] close(3 [pid 5907] write(3, "1000", 4 [pid 5906] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... close resumed>) = 0 [pid 5907] <... write resumed>) = 4 [pid 5841] rmdir("./10" [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] memfd_create("syzkaller", 0 [pid 5841] mkdir("./11", 0777 [pid 5907] <... memfd_create resumed>) = 3 [pid 5841] <... mkdir resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5907] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5905] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5904] <... mount resumed>) = 0 [pid 5904] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./file1") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached executing program [pid 5907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5904] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5908 [pid 5908] set_robust_list(0x55558b799660, 24) = 0 [pid 5908] chdir("./11") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18) = 18 [pid 5905] <... write resumed>) = 2097152 [pid 5904] <... open resumed>) = 4 [pid 5908] memfd_create("syzkaller", 0 [pid 5905] munmap(0x7f9875600000, 138412032 [pid 5904] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5908] <... memfd_create resumed>) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5905] <... munmap resumed>) = 0 [pid 5904] memfd_create("syzkaller", 0) = 5 [pid 5905] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5905] <... openat resumed>) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4 [pid 5906] <... write resumed>) = 2097152 [pid 5905] <... close resumed>) = 0 [pid 5906] munmap(0x7f9875600000, 138412032 [pid 5905] mkdir("./file1", 0777 [pid 5906] <... munmap resumed>) = 0 [pid 5905] <... mkdir resumed>) = 0 [ 103.730823][ T5905] loop4: detected capacity change from 0 to 4096 [pid 5907] <... write resumed>) = 2097152 [pid 5905] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5907] munmap(0x7f9875600000, 138412032 [pid 5908] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5904] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5907] <... munmap resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5906] <... openat resumed>) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... openat resumed>) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5906] <... ioctl resumed>) = 0 [pid 5907] close(4) = 0 [pid 5908] <... write resumed>) = 2097152 [pid 5907] mkdir("./file1", 0777 [pid 5906] close(3) = 0 [pid 5907] <... mkdir resumed>) = 0 [pid 5906] close(4) = 0 [pid 5908] munmap(0x7f9875600000, 138412032 [pid 5907] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5906] mkdir("./file1", 0777) = 0 [ 103.798574][ T5905] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 103.827279][ T5906] loop3: detected capacity change from 0 to 4096 [ 103.835481][ T5907] loop1: detected capacity change from 0 to 4096 [pid 5906] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5904] <... write resumed>) = 2097152 [pid 5908] <... munmap resumed>) = 0 [pid 5904] munmap(0x7f9875600000, 138412032 [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3 [pid 5904] <... munmap resumed>) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5908] <... ioctl resumed>) = 0 [pid 5908] close(3) = 0 [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5908] close(4) = 0 [pid 5908] mkdir("./file1", 0777) = 0 [pid 5904] close(5 [ 103.870961][ T5907] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 103.880491][ T5906] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 103.910843][ T5908] loop2: detected capacity change from 0 to 4096 [pid 5908] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5904] <... close resumed>) = 0 [pid 5905] <... mount resumed>) = 0 [pid 5905] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file1") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] open("./file1", O_RDONLY|O_DIRECT [ 103.957856][ T5908] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5904] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5905] <... open resumed>) = 4 [pid 5906] <... mount resumed>) = 0 [pid 5905] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5905] memfd_create("syzkaller", 0 [pid 5906] <... openat resumed>) = 3 [pid 5905] <... memfd_create resumed>) = 5 [pid 5904] <... open resumed>) = 5 [pid 5904] truncate("./file1", 16784380 [pid 5906] chdir("./file1" [pid 5904] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5906] <... chdir resumed>) = 0 [pid 5904] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5907] <... mount resumed>) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] <... mmap resumed>) = 0x7f9875600000 [pid 5907] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5906] open("./file1", O_RDONLY|O_DIRECT [pid 5904] exit_group(0 [pid 5907] <... openat resumed>) = 3 [pid 5907] chdir("./file1") = 0 [pid 5904] <... exit_group resumed>) = ? [pid 5906] <... open resumed>) = 4 [pid 5904] +++ exited with 0 +++ [pid 5907] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5906] preadv2(4, [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5906] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5906] memfd_create("syzkaller", 0) = 5 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5907] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... restart_syscall resumed>) = 0 [pid 5907] open("./file1", O_RDONLY|O_DIRECT [pid 5839] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] <... open resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] preadv2(4, [pid 5908] <... mount resumed>) = 0 [pid 5907] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5907] memfd_create("syzkaller", 0 [pid 5908] <... openat resumed>) = 3 [pid 5907] <... memfd_create resumed>) = 5 [pid 5908] chdir("./file1" [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5908] <... chdir resumed>) = 0 [pid 5907] <... mmap resumed>) = 0x7f9875600000 [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5908] open("./file1", O_RDONLY|O_DIRECT [pid 5905] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5908] <... open resumed>) = 4 [pid 5839] <... umount2 resumed>) = 0 [pid 5908] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5908] memfd_create("syzkaller", 0 [pid 5906] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5908] <... memfd_create resumed>) = 5 [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./11/file1", [pid 5907] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5906] <... write resumed>) = 2097152 [pid 5839] <... openat resumed>) = 4 [pid 5905] <... write resumed>) = 2097152 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5906] munmap(0x7f9875600000, 138412032 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5906] <... munmap resumed>) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] close(5 [pid 5839] rmdir("./11/file1") = 0 [pid 5905] munmap(0x7f9875600000, 138412032 [pid 5839] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] munmap(0x7f9875600000, 138412032 [pid 5839] unlink("./11/binderfs" [pid 5908] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5905] <... munmap resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5907] <... munmap resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] close(3) = 0 [pid 5905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] rmdir("./11" [pid 5906] <... close resumed>) = 0 [pid 5905] close(5 [pid 5839] <... rmdir resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] close(5 [pid 5839] mkdir("./12", 0777 [pid 5906] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... mkdir resumed>) = 0 [pid 5906] <... open resumed>) = 5 [pid 5906] truncate("./file1", 16784380 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5906] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5906] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] <... ioctl resumed>) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] close(3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] <... close resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5907] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5908] <... write resumed>) = 2097152 [pid 5905] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... close resumed>) = 0 [pid 5907] <... open resumed>) = 5 [pid 5907] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5907] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5907] exit_group(0) = ? [pid 5908] munmap(0x7f9875600000, 138412032 [pid 5905] <... open resumed>) = 5 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... umount2 resumed>) = 0 [pid 5908] <... munmap resumed>) = 0 [pid 5907] +++ exited with 0 +++ [pid 5905] truncate("./file1", 16784380 [pid 5842] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5909 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./11/file1", [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5905] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5908] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] close(5 [pid 5905] <... openat resumed>) = 6 [pid 5842] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5905] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... openat resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5909 attached [pid 5842] newfstatat(4, "", [pid 5840] getdents64(3, [pid 5905] <... mmap resumed>) = 0x200000001000 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5909] set_robust_list(0x55558b799660, 24 [pid 5842] getdents64(4, [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] <... set_robust_list resumed>) = 0 [pid 5905] exit_group(0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5909] chdir("./12" [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5905] <... exit_group resumed>) = ? [pid 5842] close(4 [pid 5909] <... chdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./11/file1" [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... rmdir resumed>) = 0 [pid 5909] <... openat resumed>) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5842] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] close(3 [pid 5905] +++ exited with 0 +++ [pid 5909] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] symlink("/dev/binderfs", "./binderfs" [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5842] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5909] <... symlink resumed>) = 0 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] write(1, "executing program\n", 18 [pid 5842] unlink("./11/binderfs" [pid 5840] <... umount2 resumed>) = 0 executing program [pid 5909] <... write resumed>) = 18 [pid 5842] <... unlink resumed>) = 0 [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] <... close resumed>) = 0 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5842] getdents64(3, [pid 5908] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5840] newfstatat(AT_FDCWD, "./12/file1", [pid 5843] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] memfd_create("syzkaller", 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] rmdir("./11" [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5909] <... memfd_create resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 5843] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... rmdir resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... openat resumed>) = 3 [pid 5842] mkdir("./12", 0777 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] <... mmap resumed>) = 0x7f9875600000 [pid 5843] newfstatat(3, "", [pid 5840] getdents64(4, [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(3, [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] getdents64(4, [pid 5842] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] close(4 [pid 5843] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./12/file1" [pid 5842] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5908] <... open resumed>) = 5 [pid 5840] unlink("./12/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5908] truncate("./file1", 16784380 [pid 5840] close(3 [pid 5908] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... close resumed>) = 0 [pid 5908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5908] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] rmdir("./12" [pid 5908] <... mmap resumed>) = 0x200000001000 [pid 5842] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5908] exit_group(0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5908] <... exit_group resumed>) = ? [pid 5840] mkdir("./13", 0777./strace-static-x86_64: Process 5910 attached ) = 0 [pid 5910] set_robust_list(0x55558b799660, 24 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5910] <... set_robust_list resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5910] chdir("./12" [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5910 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5910] <... chdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] close(3 [pid 5910] <... prctl resumed>) = 0 [pid 5908] +++ exited with 0 +++ [pid 5910] setpgid(0, 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5910] <... setpgid resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5910] write(3, "1000", 4 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5910] <... write resumed>) = 4 [pid 5843] newfstatat(AT_FDCWD, "./10/file1", [pid 5910] close(3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5910] <... close resumed>) = 0 [pid 5843] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5910] <... symlink resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 executing program [pid 5910] write(1, "executing program\n", 18 [pid 5843] newfstatat(4, "", [pid 5910] <... write resumed>) = 18 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5910] memfd_create("syzkaller", 0 [pid 5843] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5910] <... memfd_create resumed>) = 3 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] close(4 [pid 5910] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./10/file1" [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./10/binderfs") = 0 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./10") = 0 [pid 5843] mkdir("./11", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5841] newfstatat(AT_FDCWD, "./11/file1", [pid 5843] <... ioctl resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached [pid 5843] close(3 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5911 [pid 5911] set_robust_list(0x55558b799660, 24 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5911] <... set_robust_list resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5911] chdir("./13" [pid 5841] newfstatat(4, "", [pid 5911] <... chdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] getdents64(4, [pid 5911] <... prctl resumed>) = 0 [pid 5911] setpgid(0, 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5911] <... setpgid resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5911] <... openat resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5911] write(3, "1000", 4 [pid 5841] close(4) = 0 [pid 5911] <... write resumed>) = 4 [pid 5911] close(3 [pid 5910] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] rmdir("./11/file1" [pid 5911] <... close resumed>) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... rmdir resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5912 attached [pid 5911] <... symlink resumed>) = 0 [pid 5841] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] write(1, "executing program\n", 18 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5912 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] set_robust_list(0x55558b799660, 24 [pid 5911] <... write resumed>) = 18 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5912] chdir("./11" [pid 5911] memfd_create("syzkaller", 0 [pid 5909] <... write resumed>) = 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5912] <... chdir resumed>) = 0 [pid 5911] <... memfd_create resumed>) = 3 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] unlink("./11/binderfs" [pid 5912] <... prctl resumed>) = 0 [pid 5912] setpgid(0, 0 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5909] munmap(0x7f9875600000, 138412032 [pid 5841] <... unlink resumed>) = 0 [pid 5912] <... setpgid resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5911] <... mmap resumed>) = 0x7f9875600000 [pid 5841] getdents64(3, [pid 5912] <... openat resumed>) = 3 [pid 5909] <... munmap resumed>) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5912] write(3, "1000", 4 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5912] <... write resumed>) = 4 [pid 5841] close(3 [pid 5912] close(3 [pid 5909] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5912] <... close resumed>) = 0 [pid 5910] <... write resumed>) = 2097152 [pid 5841] rmdir("./11" [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5910] munmap(0x7f9875600000, 138412032 [pid 5912] <... symlink resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5912] write(1, "executing program\n", 18 [pid 5841] mkdir("./12", 0777executing program ) = 0 [pid 5912] <... write resumed>) = 18 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5912] memfd_create("syzkaller", 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5910] <... munmap resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] close(3 [pid 5912] <... memfd_create resumed>) = 3 [pid 5910] <... openat resumed>) = 4 [pid 5909] <... ioctl resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file1", 0777) = 0 [ 104.667162][ T5909] loop0: detected capacity change from 0 to 4096 [pid 5909] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5912] <... mmap resumed>) = 0x7f9875600000 [pid 5910] <... ioctl resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5910] close(3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5910] <... close resumed>) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 5913 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5913 [pid 5910] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5913] set_robust_list(0x55558b799660, 24) = 0 [pid 5913] chdir("./12") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 104.712856][ T5910] loop3: detected capacity change from 0 to 4096 [ 104.730574][ T5909] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5911] <... write resumed>) = 2097152 [pid 5913] close(3) = 0 [pid 5911] munmap(0x7f9875600000, 138412032 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5913] write(1, "executing program\n", 18executing program ) = 18 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 104.765040][ T5910] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5912] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5911] <... munmap resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5909] <... mount resumed>) = 0 [pid 5909] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file1") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5909] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5909] memfd_create("syzkaller", 0) = 5 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5910] <... mount resumed>) = 0 [pid 5910] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./file1" [pid 5913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] <... chdir resumed>) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5912] <... write resumed>) = 2097152 [pid 5911] close(3 [pid 5910] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5912] munmap(0x7f9875600000, 138412032 [pid 5911] <... close resumed>) = 0 [pid 5910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5911] close(4) = 0 [pid 5911] mkdir("./file1", 0777 [pid 5910] open("./file1", O_RDONLY|O_DIRECT [pid 5911] <... mkdir resumed>) = 0 [pid 5910] <... open resumed>) = 4 [ 104.854434][ T5911] loop1: detected capacity change from 0 to 4096 [pid 5912] <... munmap resumed>) = 0 [pid 5911] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5910] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5910] memfd_create("syzkaller", 0 [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5913] <... write resumed>) = 2097152 [pid 5912] <... openat resumed>) = 4 [pid 5910] <... memfd_create resumed>) = 5 [pid 5909] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5913] munmap(0x7f9875600000, 138412032 [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5913] <... munmap resumed>) = 0 [pid 5910] <... mmap resumed>) = 0x7f9875600000 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3 [pid 5912] <... ioctl resumed>) = 0 [ 104.928020][ T5911] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 104.954068][ T5912] loop4: detected capacity change from 0 to 4096 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./file1", 0777) = 0 [pid 5912] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5913] <... ioctl resumed>) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file1", 0777) = 0 [pid 5911] <... mount resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5911] chdir("./file1" [pid 5909] <... write resumed>) = 2097152 [pid 5911] <... chdir resumed>) = 0 [ 104.973785][ T5913] loop2: detected capacity change from 0 to 4096 [ 104.995236][ T5912] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5909] munmap(0x7f9875600000, 138412032 [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5910] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5911] open("./file1", O_RDONLY|O_DIRECT [pid 5912] <... mount resumed>) = 0 [pid 5911] <... open resumed>) = 4 [pid 5909] <... munmap resumed>) = 0 [pid 5911] preadv2(4, [pid 5912] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5911] memfd_create("syzkaller", 0 [pid 5912] chdir("./file1" [pid 5911] <... memfd_create resumed>) = 5 [pid 5912] <... chdir resumed>) = 0 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.056377][ T5913] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5909] close(5 [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5912] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5912] memfd_create("syzkaller", 0) = 5 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5910] <... write resumed>) = 2097152 [pid 5909] <... close resumed>) = 0 [pid 5912] <... mmap resumed>) = 0x7f9875600000 [pid 5910] munmap(0x7f9875600000, 138412032 [pid 5909] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5909] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5909] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5909] exit_group(0) = ? [pid 5910] <... munmap resumed>) = 0 [pid 5909] +++ exited with 0 +++ [pid 5910] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5910] close(5 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] <... mount resumed>) = 0 [pid 5913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./file1") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5913] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5913] memfd_create("syzkaller", 0) = 5 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = 0 [pid 5911] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5910] <... close resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./12/file1") = 0 [pid 5910] <... open resumed>) = 5 [pid 5839] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] truncate("./file1", 16784380 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./12/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5910] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] close(3) = 0 [pid 5839] rmdir("./12") = 0 [pid 5839] mkdir("./13", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5910] <... openat resumed>) = 6 [pid 5839] <... ioctl resumed>) = 0 [pid 5910] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] close(3 [pid 5912] <... write resumed>) = 2097152 [pid 5911] <... write resumed>) = 2097152 [pid 5910] <... mmap resumed>) = 0x200000001000 [pid 5910] exit_group(0) = ? [pid 5913] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] +++ exited with 0 +++ [pid 5912] munmap(0x7f9875600000, 138412032 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5911] munmap(0x7f9875600000, 138412032 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... munmap resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5911] <... munmap resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5912] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] close(5 [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5911] close(5) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached [pid 5914] set_robust_list(0x55558b799660, 24 [pid 5912] <... close resumed>) = 0 [pid 5911] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5914 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5842] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5914] chdir("./13" [pid 5842] newfstatat(AT_FDCWD, "./12/file1", [pid 5914] <... chdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5912] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] <... prctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] setpgid(0, 0 [pid 5913] <... write resumed>) = 2097152 [pid 5911] <... open resumed>) = 5 [pid 5914] <... setpgid resumed>) = 0 [pid 5913] munmap(0x7f9875600000, 138412032 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5911] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5911] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5912] <... open resumed>) = 5 [pid 5911] <... mmap resumed>) = 0x200000001000 [pid 5842] newfstatat(4, "", [pid 5912] truncate("./file1", 16784380 [pid 5911] exit_group(0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5914] <... openat resumed>) = 3 [pid 5913] <... munmap resumed>) = 0 [pid 5912] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5911] <... exit_group resumed>) = ? [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5914] write(3, "1000", 4 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5914] <... write resumed>) = 4 [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5914] close(3 [pid 5913] close(5 [pid 5912] <... openat resumed>) = 6 [pid 5914] <... close resumed>) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./12/file1") = 0 [pid 5842] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs" [pid 5912] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5911] +++ exited with 0 +++ [pid 5914] <... symlink resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] unlink("./12/binderfs" [pid 5912] <... mmap resumed>) = 0x200000001000 [pid 5914] write(1, "executing program\n", 18executing program ) = 18 [pid 5912] exit_group(0 [pid 5840] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... exit_group resumed>) = ? [pid 5842] <... unlink resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./12" [pid 5914] memfd_create("syzkaller", 0 [pid 5912] +++ exited with 0 +++ [pid 5840] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5914] <... memfd_create resumed>) = 3 [pid 5843] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... mmap resumed>) = 0x7f9875600000 [pid 5843] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(3, [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5842] mkdir("./13", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5913] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5913] <... open resumed>) = 5 [pid 5843] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./11/file1", [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5915 attached [pid 5913] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./13/file1", [pid 5913] <... openat resumed>) = 6 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5913] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5843] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] exit_group(0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5915 [pid 5915] set_robust_list(0x55558b799660, 24 [pid 5913] <... exit_group resumed>) = ? [pid 5843] <... openat resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] <... set_robust_list resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5840] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] chdir("./13" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5915] <... chdir resumed>) = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5913] +++ exited with 0 +++ [pid 5843] getdents64(4, [pid 5840] <... openat resumed>) = 4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] newfstatat(4, "", [pid 5843] getdents64(4, [pid 5915] <... openat resumed>) = 3 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5915] write(3, "1000", 4 [pid 5843] close(4 [pid 5840] getdents64(4, [pid 5915] <... write resumed>) = 4 [pid 5915] close(3 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5915] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5840] getdents64(4, [pid 5915] symlink("/dev/binderfs", "./binderfs" [pid 5843] rmdir("./11/file1" [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5915] <... symlink resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] close(4executing program [pid 5915] write(1, "executing program\n", 18 [pid 5843] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5915] <... write resumed>) = 18 [pid 5915] memfd_create("syzkaller", 0 [pid 5914] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] rmdir("./13/file1" [pid 5843] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5841] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5915] <... memfd_create resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] <... rmdir resumed>) = 0 [pid 5843] unlink("./11/binderfs" [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5841] getdents64(3, [pid 5843] getdents64(3, [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 5840] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] rmdir("./11" [pid 5840] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] unlink("./13/binderfs" [pid 5843] mkdir("./12", 0777 [pid 5840] <... unlink resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5840] getdents64(3, [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5840] close(3 [pid 5843] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5843] close(3 [pid 5840] rmdir("./13") = 0 [pid 5840] mkdir("./14", 0777) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5841] newfstatat(AT_FDCWD, "./12/file1", [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3 [pid 5915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5916 attached ) = 4 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5916 [pid 5916] set_robust_list(0x55558b799660, 24 [pid 5914] <... write resumed>) = 2097152 [pid 5841] newfstatat(4, "", [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5916] <... set_robust_list resumed>) = 0 [pid 5914] munmap(0x7f9875600000, 138412032 [pid 5916] chdir("./12" [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x55558b799660, 24) = 0 [pid 5917] chdir("./14" [pid 5916] <... chdir resumed>) = 0 [pid 5914] <... munmap resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5917 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5916] <... prctl resumed>) = 0 [pid 5841] close(4 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5916] setpgid(0, 0 [pid 5841] <... close resumed>) = 0 [pid 5916] <... setpgid resumed>) = 0 [pid 5917] <... chdir resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5914] <... openat resumed>) = 4 [pid 5841] rmdir("./12/file1" [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] <... openat resumed>) = 3 [pid 5917] setpgid(0, 0) = 0 [pid 5916] write(3, "1000", 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... openat resumed>) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5917] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5916] <... write resumed>) = 4 [pid 5841] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5916] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5916] <... close resumed>) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5916] write(1, "executing program\n", 18) = 18 [pid 5841] unlink("./12/binderfs" [pid 5917] <... memfd_create resumed>) = 3 [pid 5916] memfd_create("syzkaller", 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5916] <... memfd_create resumed>) = 3 [pid 5914] close(3 [pid 5841] getdents64(3, [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5914] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5917] <... mmap resumed>) = 0x7f9875600000 [pid 5916] <... mmap resumed>) = 0x7f9875600000 [pid 5914] close(4 [pid 5841] close(3 [pid 5914] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5914] mkdir("./file1", 0777 [pid 5841] rmdir("./12") = 0 [pid 5914] <... mkdir resumed>) = 0 [pid 5841] mkdir("./13", 0777 [pid 5914] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5915] <... write resumed>) = 2097152 [pid 5841] <... openat resumed>) = 3 [ 105.694160][ T5914] loop0: detected capacity change from 0 to 4096 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5915] munmap(0x7f9875600000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 105.736924][ T5914] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5915] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... close resumed>) = 0 [ 105.779708][ T5915] loop3: detected capacity change from 0 to 4096 [pid 5917] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] <... ioctl resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached [pid 5915] close(3) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5918 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file1", 0777) = 0 [pid 5915] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5918] set_robust_list(0x55558b799660, 24) = 0 [pid 5918] chdir("./13") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5917] <... write resumed>) = 2097152 [ 105.875922][ T5915] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5917] munmap(0x7f9875600000, 138412032executing program [pid 5914] <... mount resumed>) = 0 [pid 5918] write(1, "executing program\n", 18 [pid 5914] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5918] <... write resumed>) = 18 [pid 5914] <... openat resumed>) = 3 [pid 5914] chdir("./file1" [pid 5918] memfd_create("syzkaller", 0 [pid 5914] <... chdir resumed>) = 0 [pid 5917] <... munmap resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] open("./file1", O_RDONLY|O_DIRECT [pid 5917] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3 [pid 5918] <... memfd_create resumed>) = 3 [pid 5914] <... open resumed>) = 4 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5914] preadv2(4, [pid 5917] <... ioctl resumed>) = 0 [pid 5917] close(3) = 0 [pid 5917] close(4) = 0 [pid 5917] mkdir("./file1", 0777) = 0 [pid 5917] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5916] <... write resumed>) = 2097152 [pid 5916] munmap(0x7f9875600000, 138412032 [pid 5914] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5914] memfd_create("syzkaller", 0) = 5 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5916] <... munmap resumed>) = 0 [ 105.956516][ T5917] loop1: detected capacity change from 0 to 4096 [ 105.986062][ T5917] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5916] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5915] <... mount resumed>) = 0 [pid 5915] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file1") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5915] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5915] memfd_create("syzkaller", 0) = 5 [pid 5916] <... ioctl resumed>) = 0 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5918] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5916] close(3) = 0 [ 106.049528][ T5916] loop4: detected capacity change from 0 to 4096 [pid 5916] close(4) = 0 [pid 5916] mkdir("./file1", 0777) = 0 [pid 5916] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 106.143893][ T5916] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5914] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5916] <... mount resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./file1") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5916] preadv2(4, [pid 5917] <... mount resumed>) = 0 [pid 5918] <... write resumed>) = 2097152 [pid 5917] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5916] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5915] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5917] <... openat resumed>) = 3 [pid 5916] memfd_create("syzkaller", 0 [pid 5917] chdir("./file1") = 0 [pid 5916] <... memfd_create resumed>) = 5 [pid 5918] munmap(0x7f9875600000, 138412032 [pid 5917] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5918] <... munmap resumed>) = 0 [pid 5917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5916] <... mmap resumed>) = 0x7f9875600000 [pid 5917] open("./file1", O_RDONLY|O_DIRECT [pid 5914] <... write resumed>) = 2097152 [pid 5918] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3 [pid 5914] munmap(0x7f9875600000, 138412032) = 0 [pid 5917] <... open resumed>) = 4 [pid 5917] preadv2(4, [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] close(5 [pid 5917] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5918] <... ioctl resumed>) = 0 [pid 5918] close(3 [pid 5917] memfd_create("syzkaller", 0 [pid 5918] <... close resumed>) = 0 [pid 5918] close(4) = 0 [pid 5917] <... memfd_create resumed>) = 5 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5918] mkdir("./file1", 0777) = 0 [pid 5918] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5915] <... write resumed>) = 2097152 [ 106.271370][ T5918] loop2: detected capacity change from 0 to 4096 [ 106.311318][ T5918] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5915] munmap(0x7f9875600000, 138412032 [pid 5916] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] <... munmap resumed>) = 0 [pid 5914] <... close resumed>) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] close(5 [pid 5914] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5915] <... close resumed>) = 0 [pid 5914] <... open resumed>) = 5 [pid 5915] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5914] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5914] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5914] exit_group(0) = ? [pid 5917] <... write resumed>) = 2097152 [pid 5916] <... write resumed>) = 2097152 [pid 5917] munmap(0x7f9875600000, 138412032) = 0 [pid 5916] munmap(0x7f9875600000, 138412032 [pid 5918] <... mount resumed>) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5915] <... open resumed>) = 5 [pid 5915] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5915] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5916] <... munmap resumed>) = 0 [pid 5915] <... mmap resumed>) = 0x200000001000 [pid 5918] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5916] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5915] exit_group(0 [pid 5914] +++ exited with 0 +++ [ 106.463918][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 106.463935][ T30] audit: type=1804 audit(1750615387.735:137): pid=5915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/13/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5918] <... openat resumed>) = 3 [pid 5917] close(5 [pid 5916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5915] <... exit_group resumed>) = ? [pid 5918] chdir("./file1" [pid 5915] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [pid 5918] <... chdir resumed>) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5918] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5916] close(5 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5839] <... restart_syscall resumed>) = 0 [pid 5918] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(3, "", [pid 5839] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5918] <... open resumed>) = 4 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5918] preadv2(4, [pid 5842] getdents64(3, [pid 5839] newfstatat(3, "", [pid 5918] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5918] memfd_create("syzkaller", 0 [pid 5842] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(3, [pid 5918] <... memfd_create resumed>) = 5 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5918] <... mmap resumed>) = 0x7f9875600000 [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... close resumed>) = 0 [pid 5916] <... close resumed>) = 0 [pid 5917] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [ 106.555442][ T30] audit: type=1800 audit(1750615387.825:138): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5916] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5917] <... open resumed>) = 5 [pid 5916] <... open resumed>) = 5 [pid 5842] <... umount2 resumed>) = 0 [pid 5917] truncate("./file1", 16784380 [ 106.606393][ T30] audit: type=1804 audit(1750615387.875:139): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/12/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5916] truncate("./file1", 16784380 [pid 5917] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5916] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5917] <... openat resumed>) = 6 [pid 5916] <... openat resumed>) = 6 [pid 5917] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5916] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5917] <... mmap resumed>) = 0x200000001000 [pid 5916] <... mmap resumed>) = 0x200000001000 [pid 5917] exit_group(0 [pid 5916] exit_group(0 [pid 5917] <... exit_group resumed>) = ? [pid 5916] <... exit_group resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- [pid 5842] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./13/file1", [pid 5840] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(AT_FDCWD, "./13/file1", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 106.651772][ T30] audit: type=1804 audit(1750615387.875:140): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/14/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5842] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(3, "", [pid 5839] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./13/file1") = 0 [pid 5839] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./13/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./13") = 0 [pid 5839] mkdir("./14", 0777 [pid 5842] newfstatat(4, "", [pid 5840] getdents64(3, [pid 5839] <... mkdir resumed>) = 0 [pid 5916] +++ exited with 0 +++ [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [pid 5842] getdents64(4, [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 3 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5918] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] close(4) = 0 [pid 5842] rmdir("./13/file1") = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5840] getdents64(4, [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./13/binderfs" [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5840] close(4 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... close resumed>) = 0 [pid 5842] close(3 [pid 5840] rmdir("./14/file1" [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./13" [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5842] mkdir("./14", 0777 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] unlink("./14/binderfs" [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] <... unlink resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5840] getdents64(3, [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5843] <... umount2 resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./14") = 0 [pid 5840] mkdir("./15", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5843] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] newfstatat(AT_FDCWD, "./12/file1", ./strace-static-x86_64: Process 5919 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5919 [pid 5843] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5919] set_robust_list(0x55558b799660, 24 [pid 5843] <... close resumed>) = 0 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5843] rmdir("./12/file1" [pid 5919] chdir("./14" [pid 5843] <... rmdir resumed>) = 0 [pid 5919] <... chdir resumed>) = 0 [pid 5843] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] unlink("./12/binderfs" [pid 5919] <... prctl resumed>) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5919] setpgid(0, 0 [pid 5843] getdents64(3, [pid 5919] <... setpgid resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] close(3) = 0 [pid 5843] rmdir("./12") = 0 [pid 5919] <... openat resumed>) = 3 [pid 5843] mkdir("./13", 0777) = 0 [pid 5919] write(3, "1000", 4 [pid 5918] <... write resumed>) = 2097152 [pid 5842] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5919] <... write resumed>) = 4 [pid 5919] close(3) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] symlink("/dev/binderfs", "./binderfs" [pid 5918] munmap(0x7f9875600000, 138412032 [pid 5843] <... openat resumed>) = 3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5919] <... symlink resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5920 attached [pid 5919] write(1, "executing program\n", 18 [pid 5918] <... munmap resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5919] <... write resumed>) = 18 ./strace-static-x86_64: Process 5921 attached [pid 5920] set_robust_list(0x55558b799660, 24 [pid 5919] memfd_create("syzkaller", 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5920 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5921 [pid 5921] set_robust_list(0x55558b799660, 24 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5843] close(3 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] chdir("./15" [pid 5920] chdir("./14" [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5918] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5921] <... chdir resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5919] <... mmap resumed>) = 0x7f9875600000 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5921] <... prctl resumed>) = 0 [pid 5920] <... prctl resumed>) = 0 [pid 5921] setpgid(0, 0 [pid 5920] setpgid(0, 0 [pid 5921] <... setpgid resumed>) = 0 [pid 5920] <... setpgid resumed>) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] <... openat resumed>) = 3 [pid 5843] <... close resumed>) = 0 [pid 5921] write(3, "1000", 4 [pid 5920] <... openat resumed>) = 3 [pid 5918] close(5 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached [pid 5919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] set_robust_list(0x55558b799660, 24 [pid 5921] <... write resumed>) = 4 [pid 5920] write(3, "1000", 4 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5921] close(3 [pid 5920] <... write resumed>) = 4 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5922 [pid 5921] <... close resumed>) = 0 [pid 5920] close(3 [pid 5922] chdir("./13" [pid 5921] symlink("/dev/binderfs", "./binderfs" [pid 5920] <... close resumed>) = 0 [pid 5922] <... chdir resumed>) = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 executing program [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] <... symlink resumed>) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5921] write(1, "executing program\n", 18 [pid 5922] <... openat resumed>) = 3 [pid 5920] <... symlink resumed>) = 0 [pid 5921] <... write resumed>) = 18 [pid 5920] write(1, "executing program\n", 18executing program [pid 5921] memfd_create("syzkaller", 0 [pid 5920] <... write resumed>) = 18 [pid 5922] write(3, "1000", 4 [pid 5921] <... memfd_create resumed>) = 3 [pid 5922] <... write resumed>) = 4 [pid 5922] close(3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] memfd_create("syzkaller", 0 [pid 5918] <... close resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5921] <... mmap resumed>) = 0x7f9875600000 [pid 5920] <... memfd_create resumed>) = 3 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5922] write(1, "executing program\n", 18 [pid 5920] <... mmap resumed>) = 0x7f9875600000 [pid 5922] <... write resumed>) = 18 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5918] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5919] <... write resumed>) = 2097152 [pid 5919] munmap(0x7f9875600000, 138412032) = 0 [pid 5922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5918] <... open resumed>) = 5 [pid 5918] truncate("./file1", 16784380) = -1 EFBIG (File too large) [ 106.968557][ T30] audit: type=1804 audit(1750615388.235:141): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/13/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5918] <... openat resumed>) = 6 [pid 5918] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5919] <... openat resumed>) = 4 [pid 5918] <... mmap resumed>) = 0x200000001000 [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5918] exit_group(0) = ? [pid 5918] +++ exited with 0 +++ [pid 5921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... ioctl resumed>) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file1", 0777) = 0 [pid 5920] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [ 107.042729][ T5919] loop0: detected capacity change from 0 to 4096 [pid 5919] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5922] <... write resumed>) = 2097152 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5922] munmap(0x7f9875600000, 138412032 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5922] <... munmap resumed>) = 0 [pid 5841] rmdir("./13/file1") = 0 [pid 5841] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./13/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./13") = 0 [pid 5841] mkdir("./14", 0777 [pid 5922] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... mkdir resumed>) = 0 [pid 5922] <... openat resumed>) = 4 [pid 5921] <... write resumed>) = 2097152 [pid 5920] <... write resumed>) = 2097152 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [ 107.100016][ T5919] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5920] munmap(0x7f9875600000, 138412032 [pid 5921] munmap(0x7f9875600000, 138412032 [pid 5920] <... munmap resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5922] <... ioctl resumed>) = 0 [pid 5921] <... munmap resumed>) = 0 [pid 5919] <... mount resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5920] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5920] <... openat resumed>) = 4 [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5922] close(3 [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5920] ioctl(4, LOOP_SET_FD, 3 [pid 5919] <... openat resumed>) = 3 [ 107.158360][ T5922] loop4: detected capacity change from 0 to 4096 [pid 5919] chdir("./file1" [pid 5922] <... close resumed>) = 0 [pid 5921] <... openat resumed>) = 4 [pid 5919] <... chdir resumed>) = 0 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5922] close(4 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5922] <... close resumed>) = 0 [pid 5922] mkdir("./file1", 0777 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5922] <... mkdir resumed>) = 0 [pid 5920] <... ioctl resumed>) = 0 [pid 5919] open("./file1", O_RDONLY|O_DIRECT [pid 5922] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5920] close(3) = 0 [pid 5919] <... open resumed>) = 4 [pid 5920] close(4) = 0 [ 107.200656][ T5920] loop3: detected capacity change from 0 to 4096 [ 107.204681][ T5921] loop1: detected capacity change from 0 to 4096 [ 107.220606][ T5922] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5920] mkdir("./file1", 0777 [pid 5919] preadv2(4, [pid 5841] <... close resumed>) = 0 [pid 5921] <... ioctl resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file1", 0777) = 0 [pid 5921] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"./strace-static-x86_64: Process 5923 attached [pid 5920] <... mkdir resumed>) = 0 [pid 5919] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 executing program [pid 5920] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5923 [pid 5923] set_robust_list(0x55558b799660, 24) = 0 [pid 5923] chdir("./14") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5923] memfd_create("syzkaller", 0 [pid 5919] memfd_create("syzkaller", 0 [pid 5923] <... memfd_create resumed>) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5919] <... memfd_create resumed>) = 5 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 107.231245][ T30] audit: type=1800 audit(1750615388.485:142): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 107.268018][ T5921] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 107.284484][ T5920] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5922] <... mount resumed>) = 0 [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./file1") = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] open("./file1", O_RDONLY|O_DIRECT [pid 5923] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] <... open resumed>) = 4 [pid 5919] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5922] memfd_create("syzkaller", 0) = 5 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] <... mount resumed>) = 0 [ 107.363564][ T30] audit: type=1800 audit(1750615388.635:143): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5922] <... mmap resumed>) = 0x7f9875600000 [pid 5921] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file1") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5921] preadv2(4, [pid 5920] <... mount resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file1") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5921] memfd_create("syzkaller", 0 [pid 5920] open("./file1", O_RDONLY|O_DIRECT [pid 5921] <... memfd_create resumed>) = 5 [pid 5920] <... open resumed>) = 4 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5920] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5920] memfd_create("syzkaller", 0) = 5 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 107.444425][ T30] audit: type=1800 audit(1750615388.705:144): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5919] <... write resumed>) = 2097152 [pid 5923] <... write resumed>) = 2097152 [pid 5919] munmap(0x7f9875600000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] close(5 [pid 5922] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5920] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5923] munmap(0x7f9875600000, 138412032 [pid 5919] <... close resumed>) = 0 [ 107.550424][ T30] audit: type=1800 audit(1750615388.715:145): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5923] <... munmap resumed>) = 0 [pid 5919] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5922] <... write resumed>) = 2097152 [pid 5923] <... openat resumed>) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5921] <... write resumed>) = 2097152 [pid 5919] <... open resumed>) = 5 [pid 5919] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5921] munmap(0x7f9875600000, 138412032 [pid 5919] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5922] munmap(0x7f9875600000, 138412032 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ [pid 5921] <... munmap resumed>) = 0 [pid 5920] <... write resumed>) = 2097152 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] close(5 [pid 5923] <... ioctl resumed>) = 0 [pid 5922] <... munmap resumed>) = 0 [pid 5920] munmap(0x7f9875600000, 138412032 [pid 5923] close(3 [pid 5922] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5923] <... close resumed>) = 0 [pid 5923] close(4 [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] <... close resumed>) = 0 [pid 5922] close(5 [ 107.632392][ T5923] loop2: detected capacity change from 0 to 4096 [ 107.646155][ T30] audit: type=1804 audit(1750615388.885:146): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/14/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5923] mkdir("./file1", 0777) = 0 [pid 5923] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] <... munmap resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5920] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5920] close(5 [pid 5922] <... close resumed>) = 0 [pid 5922] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5922] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5922] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5922] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] <... umount2 resumed>) = 0 [pid 5922] exit_group(0) = ? [pid 5922] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=11 /* 0.11 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5923] <... mount resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./14/file1", [pid 5923] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5921] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] <... openat resumed>) = 3 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] chdir("./file1" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5923] <... chdir resumed>) = 0 [pid 5843] getdents64(3, [pid 5839] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] <... open resumed>) = 5 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] <... openat resumed>) = 4 [pid 5923] open("./file1", O_RDONLY|O_DIRECT [pid 5921] truncate("./file1", 16784380 [ 107.705365][ T5923] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] newfstatat(4, "", [pid 5843] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] getdents64(4, [pid 5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5923] <... open resumed>) = 4 [pid 5921] <... openat resumed>) = 6 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5923] preadv2(4, [pid 5921] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] getdents64(4, [pid 5921] <... mmap resumed>) = 0x200000001000 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5923] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5921] exit_group(0 [pid 5839] close(4 [pid 5923] memfd_create("syzkaller", 0 [pid 5921] <... exit_group resumed>) = ? [pid 5920] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./14/file1" [pid 5923] <... memfd_create resumed>) = 5 [pid 5920] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... rmdir resumed>) = 0 [pid 5921] +++ exited with 0 +++ [pid 5839] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] <... mmap resumed>) = 0x7f9875600000 [pid 5839] unlink("./14/binderfs") = 0 [pid 5839] getdents64(3, [pid 5843] <... umount2 resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... open resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 5920] truncate("./file1", 16784380 [pid 5839] rmdir("./14" [pid 5920] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... rmdir resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] <... openat resumed>) = 6 [pid 5843] newfstatat(AT_FDCWD, "./13/file1", [pid 5920] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] mkdir("./15", 0777 [pid 5920] <... mmap resumed>) = 0x200000001000 [pid 5920] exit_group(0) = ? [pid 5843] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... mkdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... openat resumed>) = 3 [pid 5843] getdents64(4, [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5843] close(4 [pid 5839] close(3 [pid 5920] +++ exited with 0 +++ [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./13/file1") = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5843] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] unlink("./13/binderfs" [pid 5842] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... unlink resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5842] getdents64(3, [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] close(3 [pid 5842] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... close resumed>) = 0 [pid 5923] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] rmdir("./13") = 0 [pid 5843] mkdir("./14", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./15/file1", [pid 5839] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] newfstatat(4, "", ./strace-static-x86_64: Process 5924 attached [pid 5842] <... umount2 resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5924] set_robust_list(0x55558b799660, 24 [pid 5842] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, [pid 5924] <... set_robust_list resumed>) = 0 [pid 5924] chdir("./15" [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5924 [pid 5923] <... write resumed>) = 2097152 [pid 5924] <... chdir resumed>) = 0 [pid 5923] munmap(0x7f9875600000, 138412032 [pid 5840] getdents64(4, [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5923] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5924] <... prctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./15/file1" [pid 5924] setpgid(0, 0) = 0 [pid 5842] newfstatat(AT_FDCWD, "./14/file1", [pid 5840] <... rmdir resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] close(5 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5924] <... openat resumed>) = 3 [pid 5840] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5924] write(3, "1000", 4 [pid 5843] <... close resumed>) = 0 [pid 5842] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5924] <... write resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] unlink("./15/binderfs"./strace-static-x86_64: Process 5925 attached [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5925 [pid 5842] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... unlink resumed>) = 0 [pid 5924] close(3 [pid 5840] getdents64(3, [pid 5842] <... openat resumed>) = 4 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5924] <... close resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5840] close(3 [pid 5924] symlink("/dev/binderfs", "./binderfs" [pid 5925] set_robust_list(0x55558b799660, 24 [pid 5840] <... close resumed>) = 0 [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] chdir("./14" [pid 5924] <... symlink resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] rmdir("./15" [pid 5925] <... chdir resumed>) = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 5925] setpgid(0, 0 [pid 5924] write(1, "executing program\n", 18 [pid 5842] getdents64(4, [pid 5840] <... rmdir resumed>) = 0 [pid 5925] <... setpgid resumed>) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5924] <... write resumed>) = 18 [pid 5840] mkdir("./16", 0777 [pid 5842] getdents64(4, [pid 5925] <... openat resumed>) = 3 [pid 5925] write(3, "1000", 4 [pid 5924] memfd_create("syzkaller", 0 [pid 5923] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... mkdir resumed>) = 0 executing program [pid 5925] <... write resumed>) = 4 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] close(4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5924] <... memfd_create resumed>) = 3 [pid 5923] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... close resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5925] memfd_create("syzkaller", 0 [pid 5842] rmdir("./14/file1" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] <... open resumed>) = 5 [pid 5840] <... ioctl resumed>) = 0 [pid 5925] <... memfd_create resumed>) = 3 [pid 5923] truncate("./file1", 16784380 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] close(3 [pid 5924] <... mmap resumed>) = 0x7f9875600000 [pid 5842] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5923] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5923] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5923] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5923] exit_group(0) = ? [pid 5923] +++ exited with 0 +++ [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./14/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5842] rmdir("./14") = 0 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] mkdir("./15", 0777 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... mkdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... openat resumed>) = 4 [pid 5842] <... openat resumed>) = 3 [pid 5841] newfstatat(4, "", [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] close(3 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./14/file1") = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./14/binderfs") = 0 [pid 5841] getdents64(3, [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./14") = 0 [pid 5841] mkdir("./15", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5926 ./strace-static-x86_64: Process 5926 attached [pid 5926] set_robust_list(0x55558b799660, 24) = 0 [pid 5926] chdir("./16" [pid 5924] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5926] <... chdir resumed>) = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... close resumed>) = 0 [pid 5926] <... prctl resumed>) = 0 [pid 5926] setpgid(0, 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5926] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5927 attached [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5927 [pid 5927] set_robust_list(0x55558b799660, 24) = 0 [pid 5926] <... openat resumed>) = 3 [pid 5927] chdir("./15" [pid 5926] write(3, "1000", 4 [pid 5927] <... chdir resumed>) = 0 [pid 5926] <... write resumed>) = 4 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5926] close(3 [pid 5927] <... prctl resumed>) = 0 [pid 5926] <... close resumed>) = 0 [pid 5927] setpgid(0, 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] <... close resumed>) = 0 [pid 5927] <... setpgid resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] write(1, "executing program\n", 18executing program ) = 18 executing program [pid 5927] memfd_create("syzkaller", 0 [pid 5926] write(1, "executing program\n", 18 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5927] <... memfd_create resumed>) = 3 [pid 5926] <... write resumed>) = 18 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5926] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5928 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5928 [pid 5926] <... memfd_create resumed>) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5928] set_robust_list(0x55558b799660, 24) = 0 [pid 5928] chdir("./15") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0 [pid 5925] <... write resumed>) = 2097152 [pid 5925] munmap(0x7f9875600000, 138412032 [pid 5928] <... setpgid resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] <... munmap resumed>) = 0 executing program [pid 5928] write(1, "executing program\n", 18) = 18 [pid 5928] memfd_create("syzkaller", 0 [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5928] <... memfd_create resumed>) = 3 [pid 5924] <... write resumed>) = 2097152 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5924] munmap(0x7f9875600000, 138412032) = 0 [pid 5925] <... ioctl resumed>) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file1", 0777) = 0 [ 108.217398][ T5925] loop4: detected capacity change from 0 to 4096 [pid 5925] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5926] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file1", 0777) = 0 [ 108.260889][ T5925] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 108.271943][ T5924] loop0: detected capacity change from 0 to 4096 [pid 5924] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5928] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] <... write resumed>) = 2097152 [ 108.311627][ T5924] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5927] munmap(0x7f9875600000, 138412032) = 0 [pid 5926] <... write resumed>) = 2097152 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5926] munmap(0x7f9875600000, 138412032) = 0 [pid 5925] <... mount resumed>) = 0 [pid 5925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./file1") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] open("./file1", O_RDONLY|O_DIRECT [pid 5928] <... write resumed>) = 2097152 [pid 5928] munmap(0x7f9875600000, 138412032 [pid 5925] <... open resumed>) = 4 [pid 5926] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5925] preadv2(4, [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5925] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5925] memfd_create("syzkaller", 0) = 5 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5928] <... munmap resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5927] <... ioctl resumed>) = 0 [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5926] <... ioctl resumed>) = 0 [pid 5927] mkdir("./file1", 0777 [pid 5926] close(3 [pid 5927] <... mkdir resumed>) = 0 [pid 5926] <... close resumed>) = 0 [ 108.392676][ T5927] loop3: detected capacity change from 0 to 4096 [ 108.415415][ T5926] loop1: detected capacity change from 0 to 4096 [ 108.434727][ T5928] loop2: detected capacity change from 0 to 4096 [pid 5926] close(4 [pid 5927] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5926] <... close resumed>) = 0 [pid 5926] mkdir("./file1", 0777) = 0 [pid 5924] <... mount resumed>) = 0 [pid 5928] <... ioctl resumed>) = 0 [pid 5928] close(3 [pid 5924] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file1") = 0 [pid 5928] <... close resumed>) = 0 [pid 5928] close(4 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5928] <... close resumed>) = 0 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5928] mkdir("./file1", 0777) = 0 [pid 5926] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5924] open("./file1", O_RDONLY|O_DIRECT [pid 5928] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5924] <... open resumed>) = 4 [ 108.455768][ T5927] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 108.491993][ T5926] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5924] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5924] memfd_create("syzkaller", 0) = 5 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 108.509670][ T5928] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5925] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] <... mount resumed>) = 0 [pid 5927] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file1") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5928] <... mount resumed>) = 0 [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] open("./file1", O_RDONLY|O_DIRECT [pid 5928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file1" [pid 5927] <... open resumed>) = 4 [pid 5928] <... chdir resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] preadv2(4, [pid 5928] open("./file1", O_RDONLY|O_DIRECT [pid 5927] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5927] memfd_create("syzkaller", 0 [pid 5928] <... open resumed>) = 4 [pid 5927] <... memfd_create resumed>) = 5 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] <... write resumed>) = 2097152 [pid 5928] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5928] memfd_create("syzkaller", 0 [pid 5927] <... mmap resumed>) = 0x7f9875600000 [pid 5928] <... memfd_create resumed>) = 5 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5925] munmap(0x7f9875600000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] close(5) = 0 [pid 5925] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5924] <... write resumed>) = 2097152 [pid 5924] munmap(0x7f9875600000, 138412032 [pid 5925] <... open resumed>) = 5 [pid 5924] <... munmap resumed>) = 0 [pid 5928] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5926] <... mount resumed>) = 0 [pid 5925] truncate("./file1", 16784380 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5925] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5924] close(5 [pid 5926] <... openat resumed>) = 3 [pid 5925] <... openat resumed>) = 6 [pid 5926] chdir("./file1" [pid 5925] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5926] <... chdir resumed>) = 0 [pid 5925] <... mmap resumed>) = 0x200000001000 [pid 5925] exit_group(0 [pid 5926] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5925] <... exit_group resumed>) = ? [pid 5926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5925] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [pid 5926] preadv2(4, [pid 5843] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... close resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5926] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5926] memfd_create("syzkaller", 0 [pid 5843] newfstatat(3, "", [pid 5926] <... memfd_create resumed>) = 5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5924] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5928] <... write resumed>) = 2097152 [pid 5926] <... mmap resumed>) = 0x7f9875600000 [pid 5928] munmap(0x7f9875600000, 138412032 [pid 5924] <... open resumed>) = 5 [pid 5924] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5924] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5928] <... munmap resumed>) = 0 [pid 5924] <... mmap resumed>) = 0x200000001000 [pid 5924] exit_group(0) = ? [pid 5927] <... write resumed>) = 2097152 [pid 5924] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5927] munmap(0x7f9875600000, 138412032 [pid 5839] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5928] close(5 [pid 5927] <... munmap resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... umount2 resumed>) = 0 [pid 5843] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] getdents64(4, [pid 5927] close(5 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] newfstatat(AT_FDCWD, "./15/file1", [pid 5843] getdents64(4, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] close(4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5843] rmdir("./14/file1" [pid 5839] rmdir("./15/file1" [pid 5843] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5843] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5839] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./14/binderfs" [pid 5839] unlink("./15/binderfs" [pid 5843] <... unlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] getdents64(3, [pid 5843] close(3 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5928] <... close resumed>) = 0 [pid 5927] <... close resumed>) = 0 [pid 5926] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... close resumed>) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./15") = 0 [pid 5839] mkdir("./16", 0777) = 0 [pid 5843] rmdir("./14") = 0 [pid 5843] mkdir("./15", 0777 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... mkdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5929 attached ) = 0 [pid 5843] close(3 [pid 5929] set_robust_list(0x55558b799660, 24) = 0 [pid 5929] chdir("./16") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5929 [pid 5929] <... prctl resumed>) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4 [pid 5928] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5927] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5929] <... write resumed>) = 4 [pid 5929] close(3) = 0 [pid 5927] <... open resumed>) = 5 [pid 5929] symlink("/dev/binderfs", "./binderfs" [pid 5928] <... open resumed>) = 5 [pid 5929] <... symlink resumed>) = 0 [pid 5928] truncate("./file1", 16784380executing program [pid 5929] write(1, "executing program\n", 18 [pid 5928] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5927] truncate("./file1", 16784380 [pid 5929] <... write resumed>) = 18 [pid 5928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5927] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5928] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5927] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5929] memfd_create("syzkaller", 0 [pid 5928] exit_group(0 [pid 5927] <... mmap resumed>) = 0x200000001000 [pid 5929] <... memfd_create resumed>) = 3 [pid 5928] <... exit_group resumed>) = ? [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] +++ exited with 0 +++ [pid 5927] exit_group(0 [pid 5929] <... mmap resumed>) = 0x7f9875600000 [pid 5927] <... exit_group resumed>) = ? [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5927] +++ exited with 0 +++ [pid 5926] <... write resumed>) = 2097152 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5926] munmap(0x7f9875600000, 138412032 [pid 5843] <... close resumed>) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 5841] newfstatat(3, "", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5841] getdents64(3, [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x55558b799650) = 5930 [pid 5930] set_robust_list(0x55558b799660, 24) = 0 [pid 5930] chdir("./15") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5926] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5930] <... openat resumed>) = 3 [pid 5930] write(3, "1000", 4 [pid 5926] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... write resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] close(3 [pid 5926] close(5 [pid 5842] newfstatat(AT_FDCWD, "./15/file1", [pid 5841] newfstatat(AT_FDCWD, "./15/file1", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] symlink("/dev/binderfs", "./binderfs" [pid 5842] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", [pid 5841] newfstatat(4, "", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] <... symlink resumed>) = 0 [pid 5930] write(1, "executing program\n", 18 [pid 5842] getdents64(4, [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 executing program [pid 5930] <... write resumed>) = 18 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5930] memfd_create("syzkaller", 0 [pid 5842] getdents64(4, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5842] close(4 [pid 5930] <... memfd_create resumed>) = 3 [pid 5842] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] rmdir("./15/file1" [pid 5841] rmdir("./15/file1" [pid 5930] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5842] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5926] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./15/binderfs" [pid 5841] unlink("./15/binderfs" [pid 5842] <... unlink resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5842] getdents64(3, [pid 5841] getdents64(3, [pid 5926] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5841] close(3) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] rmdir("./15" [pid 5842] rmdir("./15" [pid 5841] <... rmdir resumed>) = 0 [pid 5926] <... open resumed>) = 5 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] mkdir("./16", 0777 [pid 5926] truncate("./file1", 16784380 [pid 5842] mkdir("./16", 0777 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... mkdir resumed>) = 0 [pid 5926] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... openat resumed>) = 3 [pid 5926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5842] <... openat resumed>) = 3 [pid 5926] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5926] <... mmap resumed>) = 0x200000001000 [pid 5841] <... close resumed>) = 0 [pid 5926] exit_group(0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5926] <... exit_group resumed>) = ? [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5842] <... ioctl resumed>) = 0 [pid 5926] +++ exited with 0 +++ [pid 5842] close(3 [pid 5931] set_robust_list(0x55558b799660, 24 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} --- [pid 5931] <... set_robust_list resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5931] chdir("./16" [pid 5929] <... write resumed>) = 2097152 [pid 5930] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5931] <... chdir resumed>) = 0 [pid 5840] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5931] <... prctl resumed>) = 0 [pid 5929] munmap(0x7f9875600000, 138412032 [pid 5840] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] setpgid(0, 0 [pid 5929] <... munmap resumed>) = 0 [pid 5931] <... setpgid resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5931] <... openat resumed>) = 3 [pid 5929] <... openat resumed>) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3 [pid 5842] <... close resumed>) = 0 [pid 5931] <... close resumed>) = 0 [pid 5929] <... ioctl resumed>) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file1", 0777 [pid 5931] symlink("/dev/binderfs", "./binderfs" [pid 5929] <... mkdir resumed>) = 0 [pid 5929] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"executing program [pid 5931] <... symlink resumed>) = 0 [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5932 attached [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5932 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5932] set_robust_list(0x55558b799660, 24 [pid 5840] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] <... set_robust_list resumed>) = 0 [pid 5932] chdir("./16" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5932] <... chdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0 [pid 5840] <... openat resumed>) = 4 [pid 5932] <... setpgid resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5932] <... openat resumed>) = 3 [ 109.241628][ T5929] loop0: detected capacity change from 0 to 4096 [ 109.271489][ T5929] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(4) = 0 [pid 5930] <... write resumed>) = 2097152 [pid 5840] rmdir("./16/file1" [pid 5932] write(3, "1000", 4 [pid 5840] <... rmdir resumed>) = 0 [pid 5932] <... write resumed>) = 4 [pid 5930] munmap(0x7f9875600000, 138412032 [pid 5840] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5932] write(1, "executing program\n", 18) = 18 [pid 5932] memfd_create("syzkaller", 0 [pid 5931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] <... munmap resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5932] <... memfd_create resumed>) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] unlink("./16/binderfs" [pid 5932] <... mmap resumed>) = 0x7f9875600000 [pid 5930] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, [pid 5929] <... mount resumed>) = 0 [pid 5929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file1") = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] close(3 [pid 5930] <... openat resumed>) = 4 [pid 5929] open("./file1", O_RDONLY|O_DIRECT [pid 5930] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... close resumed>) = 0 [pid 5929] <... open resumed>) = 4 [pid 5840] rmdir("./16" [pid 5929] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... rmdir resumed>) = 0 [pid 5929] memfd_create("syzkaller", 0 [pid 5840] mkdir("./17", 0777 [pid 5929] <... memfd_create resumed>) = 5 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... mkdir resumed>) = 0 [pid 5930] <... ioctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5930] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5930] <... close resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5930] close(4 [ 109.390889][ T5930] loop4: detected capacity change from 0 to 4096 [pid 5840] close(3 [pid 5932] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] <... close resumed>) = 0 [pid 5931] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5930] mkdir("./file1", 0777 [pid 5931] munmap(0x7f9875600000, 138412032 [pid 5930] <... mkdir resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5930] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5931] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5933 attached [pid 5933] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5933 [pid 5931] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5933] <... set_robust_list resumed>) = 0 [pid 5931] <... openat resumed>) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5933] chdir("./17") = 0 [pid 5929] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5931] <... ioctl resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5931] close(3) = 0 [pid 5933] <... openat resumed>) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5931] close(4 [pid 5933] close(3) = 0 [pid 5931] <... close resumed>) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs" [pid 5931] mkdir("./file1", 0777 [pid 5933] <... symlink resumed>) = 0 [pid 5931] <... mkdir resumed>) = 0 [ 109.486330][ T5930] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 109.510995][ T5931] loop2: detected capacity change from 0 to 4096 [pid 5931] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"executing program [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5932] <... write resumed>) = 2097152 [pid 5932] munmap(0x7f9875600000, 138412032) = 0 [ 109.540721][ T5931] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5932] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5929] <... write resumed>) = 2097152 [pid 5932] <... ioctl resumed>) = 0 [pid 5929] munmap(0x7f9875600000, 138412032) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file1", 0777 [pid 5933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5932] <... mkdir resumed>) = 0 [ 109.604172][ T5932] loop3: detected capacity change from 0 to 4096 [pid 5932] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5933] <... write resumed>) = 2097152 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5929] close(5 [pid 5931] <... mount resumed>) = 0 [pid 5933] munmap(0x7f9875600000, 138412032 [pid 5931] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./file1") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5931] open("./file1", O_RDONLY|O_DIRECT [pid 5930] <... mount resumed>) = 0 [pid 5930] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file1" [pid 5931] <... open resumed>) = 4 [pid 5930] <... chdir resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5931] preadv2(4, [pid 5930] open("./file1", O_RDONLY|O_DIRECT [pid 5933] <... munmap resumed>) = 0 [ 109.648900][ T5932] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5931] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5931] memfd_create("syzkaller", 0) = 5 [pid 5930] <... open resumed>) = 4 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5932] <... mount resumed>) = 0 [pid 5930] preadv2(4, [pid 5932] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5933] <... openat resumed>) = 4 [pid 5932] <... openat resumed>) = 3 [pid 5932] chdir("./file1") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] open("./file1", O_RDONLY|O_DIRECT [pid 5929] <... close resumed>) = 0 [pid 5929] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5932] <... open resumed>) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5930] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5932] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5930] memfd_create("syzkaller", 0 [pid 5932] memfd_create("syzkaller", 0) = 5 [pid 5929] <... open resumed>) = 5 [pid 5929] truncate("./file1", 16784380 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5930] <... memfd_create resumed>) = 5 [pid 5929] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5933] <... ioctl resumed>) = 0 [pid 5929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5929] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5929] exit_group(0) = ? [pid 5933] close(3 [pid 5929] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5933] <... close resumed>) = 0 [pid 5839] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] close(4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] <... close resumed>) = 0 [pid 5933] mkdir("./file1", 0777) = 0 [ 109.733702][ T5933] loop1: detected capacity change from 0 to 4096 [pid 5933] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5931] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./16/file1") = 0 [pid 5839] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./16/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./16") = 0 [pid 5839] mkdir("./17", 0777) = 0 [ 109.795722][ T5933] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5930] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached [pid 5934] set_robust_list(0x55558b799660, 24 [pid 5932] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5934 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5934] chdir("./17") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] write(1, "executing program\n", 18executing program [pid 5931] <... write resumed>) = 2097152 [pid 5934] <... write resumed>) = 18 [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5931] munmap(0x7f9875600000, 138412032 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5931] <... munmap resumed>) = 0 [pid 5934] <... mmap resumed>) = 0x7f9875600000 [pid 5932] <... write resumed>) = 2097152 [pid 5930] <... write resumed>) = 2097152 [pid 5931] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5930] munmap(0x7f9875600000, 138412032 [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5932] munmap(0x7f9875600000, 138412032 [pid 5931] close(5 [pid 5930] <... munmap resumed>) = 0 [pid 5932] <... munmap resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5933] <... mount resumed>) = 0 [pid 5932] close(5 [pid 5933] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5930] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5933] <... openat resumed>) = 3 [pid 5930] close(5 [pid 5933] chdir("./file1") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5931] <... close resumed>) = 0 [pid 5933] preadv2(4, [pid 5931] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5930] <... close resumed>) = 0 [pid 5933] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5930] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5933] memfd_create("syzkaller", 0) = 5 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5931] <... open resumed>) = 5 [pid 5930] <... open resumed>) = 5 [pid 5934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5933] <... mmap resumed>) = 0x7f9875600000 [pid 5931] truncate("./file1", 16784380 [pid 5930] truncate("./file1", 16784380 [pid 5931] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5932] <... close resumed>) = 0 [pid 5931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5931] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5931] exit_group(0) = ? [pid 5931] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [pid 5930] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5932] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5930] <... openat resumed>) = 6 [pid 5930] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] <... open resumed>) = 5 [pid 5930] exit_group(0 [pid 5932] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5930] <... exit_group resumed>) = ? [pid 5932] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5932] exit_group(0) = ? [pid 5932] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5843] <... restart_syscall resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... openat resumed>) = 3 [pid 5842] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5842] newfstatat(3, "", [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5842] getdents64(3, [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... write resumed>) = 2097152 [pid 5933] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5841] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./16/file1", [pid 5934] munmap(0x7f9875600000, 138412032 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5843] newfstatat(AT_FDCWD, "./15/file1", [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./16/file1" [pid 5934] <... munmap resumed>) = 0 [pid 5843] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5934] <... openat resumed>) = 4 [pid 5843] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5843] <... openat resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5841] unlink("./16/binderfs") = 0 [pid 5934] <... ioctl resumed>) = 0 [pid 5933] <... write resumed>) = 2097152 [pid 5843] newfstatat(4, "", [pid 5842] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5934] close(3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] <... close resumed>) = 0 [pid 5843] getdents64(4, [pid 5842] newfstatat(AT_FDCWD, "./16/file1", [pid 5934] close(4 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5934] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] mkdir("./file1", 0777 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] munmap(0x7f9875600000, 138412032 [pid 5841] close(3 [pid 5934] <... mkdir resumed>) = 0 [pid 5843] getdents64(4, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] rmdir("./16" [pid 5934] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5843] close(4) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] mkdir("./17", 0777 [pid 5843] rmdir("./15/file1" [pid 5842] getdents64(4, [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... mkdir resumed>) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] close(4) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5842] rmdir("./16/file1" [pid 5933] <... munmap resumed>) = 0 [pid 5843] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5933] close(5 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./15/binderfs") = 0 [pid 5842] unlink("./16/binderfs" [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 5842] <... unlink resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5843] rmdir("./15" [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5843] mkdir("./16", 0777) = 0 [pid 5842] rmdir("./16") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] mkdir("./17", 0777 [pid 5843] <... openat resumed>) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [ 110.172449][ T5934] loop0: detected capacity change from 0 to 4096 [ 110.195505][ T5934] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] close(3 [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5933] <... close resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5933] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5842] close(3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5935 ./strace-static-x86_64: Process 5935 attached [pid 5933] <... open resumed>) = 5 [pid 5933] truncate("./file1", 16784380 [pid 5935] set_robust_list(0x55558b799660, 24 [pid 5933] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5933] <... openat resumed>) = 6 [pid 5935] chdir("./16" [pid 5933] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5935] <... chdir resumed>) = 0 [pid 5933] <... mmap resumed>) = 0x200000001000 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5933] exit_group(0) = ? [pid 5935] <... prctl resumed>) = 0 [pid 5933] +++ exited with 0 +++ [pid 5935] setpgid(0, 0) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=11 /* 0.11 s */} --- ./strace-static-x86_64: Process 5936 attached [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5936] set_robust_list(0x55558b799660, 24) = 0 [pid 5936] chdir("./17") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] <... restart_syscall resumed>) = 0 executing program [pid 5936] write(3, "1000", 4 [pid 5935] <... openat resumed>) = 3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5936 [pid 5935] write(3, "1000", 4 [pid 5840] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5936] <... write resumed>) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] write(1, "executing program\n", 18) = 18 [pid 5935] <... write resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 5935] close(3 [pid 5840] newfstatat(3, "", [pid 5936] memfd_create("syzkaller", 0 [pid 5935] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs" [pid 5840] getdents64(3, [pid 5935] <... symlink resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5935] write(1, "executing program\n", 18 [pid 5840] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5936] <... memfd_create resumed>) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] <... write resumed>) = 18 [pid 5935] memfd_create("syzkaller", 0 [pid 5936] <... mmap resumed>) = 0x7f9875600000 [pid 5934] <... mount resumed>) = 0 [pid 5935] <... memfd_create resumed>) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5934] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] <... close resumed>) = 0 [pid 5934] <... openat resumed>) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5935] <... mmap resumed>) = 0x7f9875600000 [pid 5934] chdir("./file1"./strace-static-x86_64: Process 5937 attached [pid 5937] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5937 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5937] chdir("./17") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] <... chdir resumed>) = 0 [pid 5937] write(1, "executing program\n", 18 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] open("./file1", O_RDONLY|O_DIRECTexecuting program [pid 5937] <... write resumed>) = 18 [pid 5840] <... umount2 resumed>) = 0 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... open resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] preadv2(4, [pid 5840] newfstatat(AT_FDCWD, "./17/file1", [pid 5934] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] memfd_create("syzkaller", 0 [pid 5840] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... memfd_create resumed>) = 5 [pid 5936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] <... mmap resumed>) = 0x7f9875600000 [pid 5840] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5935] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./17/file1") = 0 [pid 5840] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./17/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./17") = 0 [pid 5840] mkdir("./18", 0777) = 0 [pid 5937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5936] <... write resumed>) = 2097152 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5934] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5935] <... write resumed>) = 2097152 [pid 5840] <... ioctl resumed>) = 0 [pid 5936] munmap(0x7f9875600000, 138412032 [pid 5840] close(3 [pid 5935] munmap(0x7f9875600000, 138412032 [pid 5936] <... munmap resumed>) = 0 [pid 5935] <... munmap resumed>) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5936] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5937] <... write resumed>) = 2097152 [pid 5936] <... ioctl resumed>) = 0 [pid 5935] <... ioctl resumed>) = 0 [pid 5934] <... write resumed>) = 2097152 [pid 5935] close(3) = 0 [ 110.559899][ T5936] loop2: detected capacity change from 0 to 4096 [ 110.571832][ T5935] loop4: detected capacity change from 0 to 4096 [pid 5935] close(4 [pid 5938] set_robust_list(0x55558b799660, 24 [pid 5936] close(3 [pid 5935] <... close resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5938 [pid 5936] <... close resumed>) = 0 [pid 5936] close(4) = 0 [pid 5935] mkdir("./file1", 0777 [pid 5936] mkdir("./file1", 0777) = 0 [pid 5936] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5938] <... set_robust_list resumed>) = 0 [pid 5937] munmap(0x7f9875600000, 138412032 [pid 5935] <... mkdir resumed>) = 0 [pid 5935] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5938] chdir("./18") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5934] munmap(0x7f9875600000, 138412032 [pid 5938] <... prctl resumed>) = 0 [pid 5937] <... munmap resumed>) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] write(1, "executing program\n", 18executing program [pid 5934] <... munmap resumed>) = 0 [pid 5938] <... write resumed>) = 18 [pid 5938] memfd_create("syzkaller", 0 [ 110.608372][ T5936] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 110.624098][ T5935] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5937] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5938] <... memfd_create resumed>) = 3 [pid 5934] close(5 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5937] <... ioctl resumed>) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file1", 0777) = 0 [ 110.650256][ T5937] loop3: detected capacity change from 0 to 4096 [pid 5937] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5936] <... mount resumed>) = 0 [pid 5936] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file1") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] <... close resumed>) = 0 [pid 5936] open("./file1", O_RDONLY|O_DIRECT [pid 5935] <... mount resumed>) = 0 [pid 5935] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5936] <... open resumed>) = 4 [pid 5935] <... openat resumed>) = 3 [ 110.692335][ T5937] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5936] preadv2(4, [pid 5935] chdir("./file1" [pid 5934] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5935] <... chdir resumed>) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5936] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5936] memfd_create("syzkaller", 0) = 5 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5935] open("./file1", O_RDONLY|O_DIRECT [pid 5936] <... mmap resumed>) = 0x7f9875600000 [pid 5934] <... open resumed>) = 5 [pid 5934] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5935] <... open resumed>) = 4 [pid 5934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5934] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5935] preadv2(4, [pid 5934] exit_group(0) = ? [pid 5935] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5935] memfd_create("syzkaller", 0 [pid 5934] +++ exited with 0 +++ [pid 5937] <... mount resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5938] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5937] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5935] <... memfd_create resumed>) = 5 [pid 5937] <... openat resumed>) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5937] chdir("./file1" [pid 5839] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5937] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] <... openat resumed>) = 3 [pid 5937] open("./file1", O_RDONLY|O_DIRECT [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] <... open resumed>) = 4 [pid 5839] getdents64(3, [pid 5937] preadv2(4, [pid 5936] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5937] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5938] <... write resumed>) = 2097152 [pid 5937] memfd_create("syzkaller", 0 [pid 5839] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] <... memfd_create resumed>) = 5 [pid 5938] munmap(0x7f9875600000, 138412032 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5938] <... munmap resumed>) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5936] <... write resumed>) = 2097152 [pid 5936] munmap(0x7f9875600000, 138412032 [pid 5935] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5938] <... ioctl resumed>) = 0 [pid 5936] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./17/file1", [pid 5936] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5938] close(3 [pid 5936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5938] <... close resumed>) = 0 [pid 5936] close(5 [pid 5938] close(4 [pid 5839] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5938] <... close resumed>) = 0 [ 110.916876][ T5938] loop1: detected capacity change from 0 to 4096 [pid 5938] mkdir("./file1", 0777) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5938] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5937] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./17/file1") = 0 [pid 5839] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./17/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./17" [pid 5936] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./18", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [ 110.972355][ T5938] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5839] close(3 [pid 5936] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5936] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5936] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5936] exit_group(0) = ? [pid 5936] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5935] <... write resumed>) = 2097152 [pid 5938] <... mount resumed>) = 0 [pid 5841] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5938] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5935] munmap(0x7f9875600000, 138412032 [pid 5839] <... close resumed>) = 0 [pid 5938] <... openat resumed>) = 3 [pid 5935] <... munmap resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5938] chdir("./file1") = 0 [pid 5841] <... openat resumed>) = 3 [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] newfstatat(3, "", [pid 5938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5939 attached [pid 5938] open("./file1", O_RDONLY|O_DIRECT [pid 5937] <... write resumed>) = 2097152 [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] getdents64(3, [pid 5938] <... open resumed>) = 4 [pid 5938] preadv2(4, [pid 5935] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5939] set_robust_list(0x55558b799660, 24 [pid 5938] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5935] close(5 [pid 5841] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] memfd_create("syzkaller", 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5939 [pid 5939] chdir("./18" [pid 5938] <... memfd_create resumed>) = 5 [pid 5939] <... chdir resumed>) = 0 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5938] <... mmap resumed>) = 0x7f9875600000 [pid 5939] <... prctl resumed>) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] munmap(0x7f9875600000, 138412032 [pid 5939] write(3, "1000", 4 [pid 5937] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5939] <... write resumed>) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5939] write(1, "executing program\n", 18) = 18 [pid 5939] memfd_create("syzkaller", 0 [pid 5937] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] close(5 [pid 5841] newfstatat(AT_FDCWD, "./17/file1", [pid 5939] <... memfd_create resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5935] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5935] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] rmdir("./17/file1") = 0 [pid 5841] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5935] <... open resumed>) = 5 [pid 5841] unlink("./17/binderfs" [pid 5935] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5935] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5935] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5935] exit_group(0) = ? [pid 5937] <... close resumed>) = 0 [pid 5935] +++ exited with 0 +++ [pid 5841] <... unlink resumed>) = 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5843] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] newfstatat(3, "", [pid 5841] close(3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5938] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./17" [pid 5937] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./18", 0777 [pid 5937] truncate("./file1", 16784380 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5937] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] close(3 [pid 5937] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5937] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5937] exit_group(0 [pid 5939] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5937] <... exit_group resumed>) = ? [pid 5843] <... umount2 resumed>) = 0 [pid 5937] +++ exited with 0 +++ [pid 5843] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./16/file1", [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 4 [pid 5842] newfstatat(3, "", [pid 5843] newfstatat(4, "", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] getdents64(4, [pid 5842] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./16/file1") = 0 [pid 5843] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./16/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./16") = 0 [pid 5843] mkdir("./17", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3./strace-static-x86_64: Process 5940 attached [pid 5940] set_robust_list(0x55558b799660, 24 [pid 5938] <... write resumed>) = 2097152 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5940 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5940] chdir("./18" [pid 5938] munmap(0x7f9875600000, 138412032 [pid 5842] <... umount2 resumed>) = 0 [pid 5940] <... chdir resumed>) = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] <... munmap resumed>) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] <... openat resumed>) = 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5940] write(3, "1000", 4 [pid 5842] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5940] <... write resumed>) = 4 [pid 5939] <... write resumed>) = 2097152 [pid 5842] <... openat resumed>) = 4 [pid 5940] close(3 [pid 5842] newfstatat(4, "", [pid 5940] <... close resumed>) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs" [pid 5939] munmap(0x7f9875600000, 138412032 [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5940] <... symlink resumed>) = 0 [pid 5938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] getdents64(4, [pid 5938] close(5 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 executing program [pid 5940] write(1, "executing program\n", 18 [pid 5842] getdents64(4, [pid 5940] <... write resumed>) = 18 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5940] memfd_create("syzkaller", 0 [pid 5939] <... munmap resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5842] close(4 [pid 5940] <... memfd_create resumed>) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... close resumed>) = 0 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] rmdir("./17/file1"./strace-static-x86_64: Process 5941 attached [pid 5940] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./17/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5941 [pid 5842] <... close resumed>) = 0 [pid 5939] <... openat resumed>) = 4 [pid 5842] rmdir("./17") = 0 [pid 5941] set_robust_list(0x55558b799660, 24 [pid 5939] ioctl(4, LOOP_SET_FD, 3 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5939] <... ioctl resumed>) = 0 [pid 5842] mkdir("./18", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5941] chdir("./17" [pid 5938] <... close resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5941] <... chdir resumed>) = 0 [pid 5939] close(3 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5938] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5941] <... prctl resumed>) = 0 [pid 5941] setpgid(0, 0) = 0 [ 111.441658][ T5939] loop0: detected capacity change from 0 to 4096 [ 111.476411][ T30] kauditd_printk_skb: 34 callbacks suppressed [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5939] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5939] close(4 [pid 5941] <... openat resumed>) = 3 [pid 5939] <... close resumed>) = 0 [pid 5939] mkdir("./file1", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5941] write(3, "1000", 4 [pid 5940] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5938] <... open resumed>) = 5 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5941] <... write resumed>) = 4 [pid 5941] close(3 [pid 5938] truncate("./file1", 16784380 [pid 5941] <... close resumed>) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5938] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5941] <... symlink resumed>) = 0 [pid 5938] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5941] write(1, "executing program\n", 18 [pid 5938] <... openat resumed>) = 6 [pid 5938] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5938] exit_group(0) = ? executing program ./strace-static-x86_64: Process 5942 attached [pid 5941] <... write resumed>) = 18 [pid 5938] +++ exited with 0 +++ [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5942 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- [pid 5942] set_robust_list(0x55558b799660, 24 [pid 5941] memfd_create("syzkaller", 0 [pid 5840] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5942] <... set_robust_list resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] chdir("./18") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5941] <... memfd_create resumed>) = 3 [pid 5942] <... prctl resumed>) = 0 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5942] setpgid(0, 0 [pid 5941] <... mmap resumed>) = 0x7f9875600000 [pid 5942] <... setpgid resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.476428][ T30] audit: type=1804 audit(1750615392.745:181): pid=5938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/18/file1/file1" dev="loop1" ino=30 res=1 errno=0 [ 111.514155][ T5939] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] write(1, "executing program\n", 18executing program ) = 18 [pid 5942] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5942] <... memfd_create resumed>) = 3 [pid 5940] <... write resumed>) = 2097152 [pid 5939] <... mount resumed>) = 0 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5939] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5939] <... openat resumed>) = 3 [pid 5840] close(4 [pid 5939] chdir("./file1" [pid 5840] <... close resumed>) = 0 [pid 5939] <... chdir resumed>) = 0 [pid 5840] rmdir("./18/file1" [pid 5940] munmap(0x7f9875600000, 138412032 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... rmdir resumed>) = 0 [pid 5939] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./18/binderfs" [pid 5939] <... open resumed>) = 4 [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, [pid 5939] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5939] memfd_create("syzkaller", 0) = 5 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./18" [pid 5940] <... munmap resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./19", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5940] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5941] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... ioctl resumed>) = 0 [ 111.630557][ T30] audit: type=1800 audit(1750615392.885:182): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 111.647432][ T5940] loop2: detected capacity change from 0 to 4096 [pid 5840] close(3 [pid 5940] <... ioctl resumed>) = 0 [pid 5942] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5940] mkdir("./file1", 0777) = 0 [pid 5940] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... close resumed>) = 0 [pid 5939] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached , child_tidptr=0x55558b799650) = 5943 [pid 5943] set_robust_list(0x55558b799660, 24) = 0 [pid 5943] chdir("./19") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 111.715465][ T5940] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5941] <... write resumed>) = 2097152 [pid 5943] <... openat resumed>) = 3 [pid 5942] <... write resumed>) = 2097152 [pid 5941] munmap(0x7f9875600000, 138412032 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5943] write(1, "executing program\n", 18 [pid 5941] <... munmap resumed>) = 0 [pid 5943] <... write resumed>) = 18 [pid 5942] munmap(0x7f9875600000, 138412032 [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5943] memfd_create("syzkaller", 0 [pid 5941] <... openat resumed>) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3 [pid 5943] <... memfd_create resumed>) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5942] <... munmap resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5940] <... mount resumed>) = 0 [pid 5941] <... ioctl resumed>) = 0 [pid 5939] <... write resumed>) = 2097152 [pid 5940] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5941] close(3 [pid 5940] <... openat resumed>) = 3 [pid 5941] <... close resumed>) = 0 [pid 5940] chdir("./file1" [pid 5941] close(4 [pid 5940] <... chdir resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] munmap(0x7f9875600000, 138412032 [pid 5941] <... close resumed>) = 0 [ 111.804472][ T5941] loop4: detected capacity change from 0 to 4096 [ 111.820208][ T5942] loop3: detected capacity change from 0 to 4096 [pid 5940] open("./file1", O_RDONLY|O_DIRECT [pid 5941] mkdir("./file1", 0777) = 0 [pid 5940] <... open resumed>) = 4 [pid 5940] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5940] memfd_create("syzkaller", 0) = 5 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5942] <... ioctl resumed>) = 0 [pid 5939] <... munmap resumed>) = 0 [pid 5942] close(3 [pid 5941] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5942] <... close resumed>) = 0 [pid 5939] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5942] close(4 [pid 5939] close(5 [pid 5942] <... close resumed>) = 0 [pid 5942] mkdir("./file1", 0777) = 0 [ 111.847281][ T30] audit: type=1800 audit(1750615393.115:183): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [ 111.882220][ T5941] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5942] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5939] <... close resumed>) = 0 [ 111.883637][ T5942] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5939] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5939] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5939] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5939] exit_group(0) = ? [pid 5939] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5839] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 111.943744][ T30] audit: type=1804 audit(1750615393.205:184): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/18/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5839] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5941] <... mount resumed>) = 0 [pid 5839] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5943] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5943] munmap(0x7f9875600000, 138412032 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5943] <... munmap resumed>) = 0 [pid 5942] <... mount resumed>) = 0 [pid 5941] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] close(4 [pid 5941] <... openat resumed>) = 3 [pid 5941] chdir("./file1" [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./18/file1") = 0 [pid 5839] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5942] <... openat resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5942] chdir("./file1" [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5942] <... chdir resumed>) = 0 [pid 5839] unlink("./18/binderfs" [pid 5942] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... unlink resumed>) = 0 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(3, [pid 5942] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./18" [pid 5943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5941] <... chdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5943] <... openat resumed>) = 4 [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] mkdir("./19", 0777 [pid 5941] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... mkdir resumed>) = 0 [pid 5943] ioctl(4, LOOP_SET_FD, 3 [pid 5942] <... open resumed>) = 4 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5941] open("./file1", O_RDONLY|O_DIRECT [pid 5940] <... write resumed>) = 2097152 [pid 5942] preadv2(4, [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5942] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5942] memfd_create("syzkaller", 0) = 5 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5943] <... ioctl resumed>) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./file1", 0777) = 0 [ 112.055872][ T5943] loop1: detected capacity change from 0 to 4096 [ 112.060048][ T30] audit: type=1800 audit(1750615393.325:185): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5943] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5940] munmap(0x7f9875600000, 138412032 [pid 5941] <... open resumed>) = 4 [pid 5940] <... munmap resumed>) = 0 [ 112.097530][ T5943] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5941] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5940] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached [pid 5941] memfd_create("syzkaller", 0 [pid 5940] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] set_robust_list(0x55558b799660, 24 [pid 5941] <... memfd_create resumed>) = 5 [pid 5940] close(5 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5944 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5940] <... close resumed>) = 0 [pid 5941] <... mmap resumed>) = 0x7f9875600000 [pid 5944] chdir("./19" [pid 5943] <... mount resumed>) = 0 [ 112.149478][ T30] audit: type=1800 audit(1750615393.395:186): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5944] <... chdir resumed>) = 0 [pid 5943] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./file1") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5944] setpgid(0, 0) = 0 [pid 5942] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5943] memfd_create("syzkaller", 0) = 5 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5944] <... openat resumed>) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5940] <... open resumed>) = 5 [pid 5944] write(1, "executing program\n", 18) = 18 [pid 5940] truncate("./file1", 16784380 [pid 5941] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5944] memfd_create("syzkaller", 0) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5940] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5944] <... mmap resumed>) = 0x7f9875600000 [pid 5940] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [ 112.252897][ T30] audit: type=1800 audit(1750615393.485:187): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5940] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5942] <... write resumed>) = 2097152 [pid 5940] <... mmap resumed>) = 0x200000001000 [pid 5940] exit_group(0) = ? [pid 5940] +++ exited with 0 +++ [pid 5943] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5944] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5942] munmap(0x7f9875600000, 138412032) = 0 [pid 5841] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5942] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5943] <... write resumed>) = 2097152 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] <... write resumed>) = 2097152 [ 112.365774][ T30] audit: type=1804 audit(1750615393.505:188): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/18/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5943] munmap(0x7f9875600000, 138412032 [pid 5942] close(5 [pid 5941] munmap(0x7f9875600000, 138412032 [pid 5841] <... openat resumed>) = 3 [pid 5943] <... munmap resumed>) = 0 [pid 5941] <... munmap resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 5941] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] getdents64(3, [pid 5943] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5943] close(5 [pid 5941] close(5 [pid 5841] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... write resumed>) = 2097152 [pid 5944] munmap(0x7f9875600000, 138412032) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] <... close resumed>) = 0 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5941] <... close resumed>) = 0 [pid 5942] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5944] <... ioctl resumed>) = 0 [pid 5941] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5944] close(3) = 0 [pid 5943] <... close resumed>) = 0 [pid 5943] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5943] truncate("./file1", 16784380 [ 112.469150][ T5944] loop0: detected capacity change from 0 to 4096 [ 112.478048][ T30] audit: type=1804 audit(1750615393.745:189): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/17/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5944] close(4) = 0 [pid 5943] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5943] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5944] mkdir("./file1", 0777 [pid 5943] <... openat resumed>) = 6 [pid 5943] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5944] <... mkdir resumed>) = 0 [pid 5943] <... mmap resumed>) = 0x200000001000 [pid 5943] exit_group(0) = ? [pid 5944] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5943] +++ exited with 0 +++ [pid 5941] <... open resumed>) = 5 [pid 5941] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5941] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5841] <... umount2 resumed>) = 0 [pid 5941] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5941] <... mmap resumed>) = 0x200000001000 [pid 5941] exit_group(0 [pid 5840] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] <... exit_group resumed>) = ? [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5941] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=11 /* 0.11 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... openat resumed>) = 3 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5843] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 5843] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5942] <... open resumed>) = 5 [pid 5841] newfstatat(AT_FDCWD, "./18/file1", [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5840] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] truncate("./file1", 16784380 [pid 5841] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5942] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... openat resumed>) = 4 [pid 5942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5942] <... openat resumed>) = 6 [pid 5841] getdents64(4, [pid 5942] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5942] exit_group(0 [pid 5841] <... close resumed>) = 0 [pid 5942] <... exit_group resumed>) = ? [pid 5841] rmdir("./18/file1") = 0 [pid 5841] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.508020][ T30] audit: type=1804 audit(1750615393.755:190): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/19/file1/file1" dev="loop1" ino=30 res=1 errno=0 [ 112.540155][ T5944] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./18/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./18") = 0 [pid 5841] mkdir("./19", 0777) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... umount2 resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5842] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... mount resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5944] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] close(3 [pid 5840] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... openat resumed>) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] chdir("./file1" [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./17/file1", [pid 5840] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] <... chdir resumed>) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5944] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(4, "", [pid 5944] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... close resumed>) = 0 [pid 5843] getdents64(4, [pid 5840] rmdir("./19/file1") = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5842] <... umount2 resumed>) = 0 [pid 5944] <... open resumed>) = 4 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] preadv2(4, [pid 5843] close(4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./18/file1", [pid 5840] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5944] memfd_create("syzkaller", 0 [pid 5843] rmdir("./17/file1" [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] unlink("./19/binderfs" [pid 5944] <... memfd_create resumed>) = 5 [pid 5843] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... unlink resumed>) = 0 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(3, [pid 5944] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 4 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5842] newfstatat(4, "", [pid 5840] close(3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./19") = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] unlink("./17/binderfs" [pid 5842] getdents64(4, [pid 5843] <... unlink resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] mkdir("./20", 0777 [pid 5842] getdents64(4, [pid 5840] <... mkdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] getdents64(3, [pid 5842] <... close resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] rmdir("./18/file1" [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5843] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5840] close(3 [pid 5843] rmdir("./17" [pid 5842] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... close resumed>) = 0 ./strace-static-x86_64: Process 5945 attached [pid 5842] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5945 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./18/binderfs" [pid 5945] set_robust_list(0x55558b799660, 24 [pid 5842] <... unlink resumed>) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] chdir("./20" [pid 5842] close(3 [pid 5945] <... chdir resumed>) = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./18" [pid 5945] <... setpgid resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] mkdir("./18", 0777 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] mkdir("./19", 0777) = 0 ./strace-static-x86_64: Process 5946 attached [pid 5843] <... mkdir resumed>) = 0 [pid 5946] set_robust_list(0x55558b799660, 24 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5945] <... openat resumed>) = 3 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5945] write(3, "1000", 4 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] close(3 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5945] <... write resumed>) = 4 [pid 5843] <... openat resumed>) = 3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5946 [pid 5945] close(3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5946] chdir("./19" [pid 5945] <... close resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs" [pid 5843] close(3 [pid 5946] <... chdir resumed>) = 0 [pid 5945] <... symlink resumed>) = 0 [pid 5945] write(1, "executing program\n", 18executing program ) = 18 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0 [pid 5945] memfd_create("syzkaller", 0 [pid 5946] <... setpgid resumed>) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5945] <... memfd_create resumed>) = 3 [pid 5944] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... close resumed>) = 0 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5946] <... openat resumed>) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5843] <... close resumed>) = 0 [pid 5946] close(3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5946] <... close resumed>) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 ./strace-static-x86_64: Process 5947 attached [pid 5946] write(1, "executing program\n", 18 [pid 5947] set_robust_list(0x55558b799660, 24 [pid 5946] <... write resumed>) = 18 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5947 [pid 5946] memfd_create("syzkaller", 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5946] <... memfd_create resumed>) = 3 [pid 5947] chdir("./19" [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5947] <... chdir resumed>) = 0 [pid 5946] <... mmap resumed>) = 0x7f9875600000 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 5947] setpgid(0, 0) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5948 [pid 5948] set_robust_list(0x55558b799660, 24 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5948] <... set_robust_list resumed>) = 0 [pid 5948] chdir("./18") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18) = 18 [pid 5947] <... openat resumed>) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5948] memfd_create("syzkaller", 0 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5948] <... memfd_create resumed>) = 3 [pid 5947] write(1, "executing program\n", 18 [pid 5945] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] <... write resumed>) = 18 [pid 5947] memfd_create("syzkaller", 0 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5947] <... memfd_create resumed>) = 3 [pid 5944] <... write resumed>) = 2097152 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5944] munmap(0x7f9875600000, 138412032) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5944] close(5 [pid 5946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5945] <... write resumed>) = 2097152 [pid 5948] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5944] <... close resumed>) = 0 [pid 5945] munmap(0x7f9875600000, 138412032 [pid 5947] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5945] <... munmap resumed>) = 0 [pid 5944] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5945] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... write resumed>) = 2097152 [pid 5946] munmap(0x7f9875600000, 138412032) = 0 [pid 5944] <... open resumed>) = 5 [pid 5944] truncate("./file1", 16784380 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5946] <... openat resumed>) = 4 [pid 5944] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... openat resumed>) = 6 [pid 5945] <... ioctl resumed>) = 0 [pid 5948] <... write resumed>) = 2097152 [pid 5946] <... ioctl resumed>) = 0 [pid 5944] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5946] close(3 [pid 5945] close(3 [pid 5944] <... mmap resumed>) = 0x200000001000 [pid 5946] <... close resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5944] exit_group(0 [pid 5946] close(4 [pid 5945] close(4 [pid 5944] <... exit_group resumed>) = ? [pid 5948] munmap(0x7f9875600000, 138412032 [pid 5946] <... close resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5948] <... munmap resumed>) = 0 [pid 5945] mkdir("./file1", 0777 [pid 5944] +++ exited with 0 +++ [pid 5945] <... mkdir resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [ 113.000545][ T5945] loop1: detected capacity change from 0 to 4096 [ 113.022059][ T5946] loop2: detected capacity change from 0 to 4096 [pid 5946] mkdir("./file1", 0777 [pid 5945] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5946] <... mkdir resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5946] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5948] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 3 [pid 5948] ioctl(4, LOOP_SET_FD, 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] munmap(0x7f9875600000, 138412032 [pid 5948] <... ioctl resumed>) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./file1", 0777) = 0 [ 113.047264][ T5945] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 113.071066][ T5948] loop4: detected capacity change from 0 to 4096 [ 113.075820][ T5946] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5948] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5947] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5839] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./19/file1") = 0 [pid 5839] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./19/binderfs") = 0 [pid 5947] <... ioctl resumed>) = 0 [pid 5839] getdents64(3, [pid 5947] close(3 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5947] <... close resumed>) = 0 [pid 5839] close(3 [pid 5947] close(4 [pid 5839] <... close resumed>) = 0 [pid 5947] <... close resumed>) = 0 [ 113.099812][ T5948] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 113.123718][ T5947] loop3: detected capacity change from 0 to 4096 [pid 5839] rmdir("./19" [pid 5947] mkdir("./file1", 0777 [pid 5839] <... rmdir resumed>) = 0 [pid 5947] <... mkdir resumed>) = 0 [pid 5945] <... mount resumed>) = 0 [pid 5839] mkdir("./20", 0777) = 0 [pid 5947] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5946] <... mount resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5945] chdir("./file1" [pid 5946] <... openat resumed>) = 3 [pid 5945] <... chdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5945] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5946] chdir("./file1" [pid 5945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5945] open("./file1", O_RDONLY|O_DIRECT [pid 5946] <... chdir resumed>) = 0 [pid 5945] <... open resumed>) = 4 [pid 5839] <... ioctl resumed>) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] close(3 [pid 5946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5945] preadv2(4, [pid 5946] open("./file1", O_RDONLY|O_DIRECT [pid 5945] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5945] memfd_create("syzkaller", 0 [pid 5946] <... open resumed>) = 4 [pid 5945] <... memfd_create resumed>) = 5 [pid 5946] preadv2(4, [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 113.208606][ T5947] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5948] <... mount resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5946] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5946] memfd_create("syzkaller", 0) = 5 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] <... openat resumed>) = 3 [pid 5946] <... mmap resumed>) = 0x7f9875600000 [pid 5948] chdir("./file1") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5948] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5948] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5948] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5948] memfd_create("syzkaller", 0) = 5 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] <... mmap resumed>) = 0x7f9875600000 ./strace-static-x86_64: Process 5949 attached [pid 5949] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5949 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5949] chdir("./20") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5947] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] chdir("./file1") = 0 [pid 5946] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5947] open("./file1", O_RDONLY|O_DIRECT [pid 5948] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] <... open resumed>) = 4 [pid 5947] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5947] memfd_create("syzkaller", 0) = 5 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5945] <... write resumed>) = 2097152 [pid 5946] <... write resumed>) = 2097152 [pid 5945] munmap(0x7f9875600000, 138412032) = 0 [pid 5949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5946] munmap(0x7f9875600000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] close(5 [pid 5945] close(5 [pid 5948] <... write resumed>) = 2097152 [pid 5948] munmap(0x7f9875600000, 138412032) = 0 [pid 5947] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5949] <... write resumed>) = 2097152 [pid 5946] <... close resumed>) = 0 [pid 5949] munmap(0x7f9875600000, 138412032 [pid 5948] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5945] <... close resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5948] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] <... open resumed>) = 5 [pid 5948] close(5 [pid 5946] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5946] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5946] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5946] exit_group(0) = ? [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5947] <... write resumed>) = 2097152 [pid 5945] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5949] <... openat resumed>) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5946] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] munmap(0x7f9875600000, 138412032 [pid 5948] <... close resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5948] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5947] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] <... open resumed>) = 5 [pid 5949] <... ioctl resumed>) = 0 [pid 5948] truncate("./file1", 16784380 [pid 5947] close(5 [pid 5949] close(3 [pid 5948] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5945] <... open resumed>) = 5 [pid 5949] <... close resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5945] truncate("./file1", 16784380 [pid 5949] close(4) = 0 [pid 5948] <... openat resumed>) = 6 [ 113.634282][ T5949] loop0: detected capacity change from 0 to 4096 [pid 5948] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5949] mkdir("./file1", 0777 [pid 5947] <... close resumed>) = 0 [pid 5945] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... umount2 resumed>) = 0 [pid 5949] <... mkdir resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5948] <... mmap resumed>) = 0x200000001000 [pid 5945] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5948] exit_group(0 [pid 5945] exit_group(0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5945] <... exit_group resumed>) = ? [pid 5841] newfstatat(AT_FDCWD, "./19/file1", [pid 5947] <... open resumed>) = 5 [pid 5948] <... exit_group resumed>) = ? [pid 5947] truncate("./file1", 16784380 [pid 5948] +++ exited with 0 +++ [pid 5947] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5945] +++ exited with 0 +++ [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=11 /* 0.11 s */} --- [pid 5841] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] <... openat resumed>) = 6 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=8 /* 0.08 s */} --- [pid 5840] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] <... mmap resumed>) = 0x200000001000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5947] exit_group(0 [pid 5841] getdents64(4, [pid 5840] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] <... exit_group resumed>) = ? [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5841] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] close(4 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... close resumed>) = 0 [pid 5840] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./19/file1" [pid 5843] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] +++ exited with 0 +++ [pid 5843] getdents64(3, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 113.712222][ T5949] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5841] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5843] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] unlink("./19/binderfs" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... unlink resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 5841] getdents64(3, [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] getdents64(3, [pid 5841] close(3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./19" [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./20", 0777 [pid 5840] newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5949] <... mount resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] <... openat resumed>) = 4 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./20/file1") = 0 [pid 5840] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./20/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./20") = 0 [pid 5840] mkdir("./21", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5949] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file1") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... umount2 resumed>) = 0 [pid 5949] <... open resumed>) = 4 [pid 5949] preadv2(4, [pid 5843] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./18/file1", [pid 5949] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5843] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5949] memfd_create("syzkaller", 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5949] <... memfd_create resumed>) = 5 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] close(4 [pid 5842] newfstatat(AT_FDCWD, "./19/file1", [pid 5949] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] rmdir("./18/file1" [pid 5842] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5842] <... openat resumed>) = 4 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./18/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./18") = 0 [pid 5842] newfstatat(4, "", [pid 5843] mkdir("./19", 0777 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... mkdir resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5950] set_robust_list(0x55558b799660, 24 [pid 5843] <... ioctl resumed>) = 0 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5843] close(3 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5950 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5951 attached [pid 5950] chdir("./21" [pid 5842] getdents64(4, [pid 5951] set_robust_list(0x55558b799660, 24 [pid 5950] <... chdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5951 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] close(4 [pid 5950] write(3, "1000", 4 [pid 5951] chdir("./20" [pid 5950] <... write resumed>) = 4 [pid 5842] <... close resumed>) = 0 [pid 5951] <... chdir resumed>) = 0 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] memfd_create("syzkaller", 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] rmdir("./19/file1" [pid 5951] <... prctl resumed>) = 0 [pid 5951] setpgid(0, 0 [pid 5950] <... memfd_create resumed>) = 3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5951] <... setpgid resumed>) = 0 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] <... mmap resumed>) = 0x7f9875600000 [pid 5842] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] <... openat resumed>) = 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] write(3, "1000", 4 [pid 5842] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5951] <... write resumed>) = 4 [pid 5951] close(3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5951] <... close resumed>) = 0 [pid 5842] unlink("./19/binderfs" [pid 5951] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... unlink resumed>) = 0 executing program [pid 5951] <... symlink resumed>) = 0 [pid 5842] getdents64(3, [pid 5951] write(1, "executing program\n", 18 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5951] <... write resumed>) = 18 [pid 5951] memfd_create("syzkaller", 0 [pid 5842] close(3 [pid 5951] <... memfd_create resumed>) = 3 [pid 5842] <... close resumed>) = 0 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] rmdir("./19" [pid 5951] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... rmdir resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] mkdir("./20", 0777./strace-static-x86_64: Process 5952 attached [pid 5952] set_robust_list(0x55558b799660, 24) = 0 [pid 5952] chdir("./19") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5952 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5952] write(3, "1000", 4) = 4 [pid 5842] <... mkdir resumed>) = 0 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5952] write(1, "executing program\n", 18) = 18 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5952] memfd_create("syzkaller", 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5950] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5952] <... memfd_create resumed>) = 3 [pid 5842] <... ioctl resumed>) = 0 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] close(3 [pid 5952] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... close resumed>) = 0 [pid 5951] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached [pid 5950] <... write resumed>) = 2097152 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5953 [pid 5953] set_robust_list(0x55558b799660, 24 [pid 5950] munmap(0x7f9875600000, 138412032 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5949] <... write resumed>) = 2097152 [pid 5953] chdir("./20") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4 [pid 5949] munmap(0x7f9875600000, 138412032 [pid 5953] <... write resumed>) = 4 [pid 5953] close(3 [pid 5950] <... munmap resumed>) = 0 [pid 5953] <... close resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5950] ioctl(4, LOOP_SET_FD, 3executing program ) = 0 [pid 5953] write(1, "executing program\n", 18 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5953] <... write resumed>) = 18 [pid 5950] close(3 [pid 5949] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] memfd_create("syzkaller", 0 [pid 5950] <... close resumed>) = 0 [pid 5953] <... memfd_create resumed>) = 3 [pid 5950] close(4 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5950] <... close resumed>) = 0 [pid 5953] <... mmap resumed>) = 0x7f9875600000 [pid 5950] mkdir("./file1", 0777) = 0 [pid 5949] close(5 [pid 5950] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5949] <... close resumed>) = 0 [pid 5951] <... write resumed>) = 2097152 [pid 5953] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5952] <... write resumed>) = 2097152 [pid 5951] munmap(0x7f9875600000, 138412032 [ 114.150524][ T5950] loop1: detected capacity change from 0 to 4096 [ 114.179932][ T5950] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5949] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5949] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5952] munmap(0x7f9875600000, 138412032 [pid 5949] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5951] <... munmap resumed>) = 0 [pid 5949] <... openat resumed>) = 6 [pid 5950] <... mount resumed>) = 0 [pid 5949] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5950] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] <... mmap resumed>) = 0x200000001000 [pid 5950] chdir("./file1") = 0 [pid 5952] <... munmap resumed>) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5949] exit_group(0 [pid 5950] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5952] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5951] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5950] open("./file1", O_RDONLY|O_DIRECT [pid 5949] <... exit_group resumed>) = ? [pid 5953] <... write resumed>) = 2097152 [pid 5952] <... openat resumed>) = 4 [pid 5951] <... openat resumed>) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3 [pid 5951] ioctl(4, LOOP_SET_FD, 3 [pid 5953] munmap(0x7f9875600000, 138412032 [pid 5950] <... open resumed>) = 4 [pid 5949] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5952] <... ioctl resumed>) = 0 [pid 5950] preadv2(4, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5952] close(3 [pid 5839] newfstatat(3, "", [pid 5950] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5950] memfd_create("syzkaller", 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5952] <... close resumed>) = 0 [pid 5839] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5952] close(4 [pid 5950] <... memfd_create resumed>) = 5 [pid 5953] <... munmap resumed>) = 0 [pid 5952] <... close resumed>) = 0 [pid 5951] <... ioctl resumed>) = 0 [pid 5952] mkdir("./file1", 0777 [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5951] close(3 [ 114.258457][ T5952] loop4: detected capacity change from 0 to 4096 [ 114.266505][ T5951] loop2: detected capacity change from 0 to 4096 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] <... openat resumed>) = 4 [pid 5952] <... mkdir resumed>) = 0 [pid 5951] <... close resumed>) = 0 [pid 5950] <... mmap resumed>) = 0x7f9875600000 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5951] close(4 [pid 5952] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5951] <... close resumed>) = 0 [pid 5951] mkdir("./file1", 0777) = 0 [pid 5951] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5953] <... ioctl resumed>) = 0 [pid 5953] close(3 [pid 5839] newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5953] <... close resumed>) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./file1", 0777) = 0 [pid 5953] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 114.302351][ T5953] loop3: detected capacity change from 0 to 4096 [ 114.302585][ T5952] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 114.327278][ T5951] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./20/file1") = 0 [pid 5839] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./20/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [ 114.362772][ T5953] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5839] rmdir("./20" [pid 5950] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./21", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5952] <... mount resumed>) = 0 [pid 5951] <... mount resumed>) = 0 [pid 5951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5951] chdir("./file1") = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] open("./file1", O_RDONLY|O_DIRECT [pid 5952] <... openat resumed>) = 3 [pid 5953] <... mount resumed>) = 0 [pid 5952] chdir("./file1") = 0 [pid 5951] <... open resumed>) = 4 [pid 5952] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5953] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5951] preadv2(4, [pid 5953] <... openat resumed>) = 3 [pid 5952] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5951] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5953] chdir("./file1" [pid 5952] open("./file1", O_RDONLY|O_DIRECT [pid 5951] memfd_create("syzkaller", 0 [pid 5953] <... chdir resumed>) = 0 [pid 5951] <... memfd_create resumed>) = 5 [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5951] <... mmap resumed>) = 0x7f9875600000 [pid 5952] <... open resumed>) = 4 [pid 5953] open("./file1", O_RDONLY|O_DIRECT [pid 5952] preadv2(4, [pid 5950] <... write resumed>) = 2097152 [pid 5953] <... open resumed>) = 4 [pid 5950] munmap(0x7f9875600000, 138412032 [pid 5953] preadv2(4, [pid 5952] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5950] <... munmap resumed>) = 0 [pid 5952] memfd_create("syzkaller", 0) = 5 [pid 5839] <... close resumed>) = 0 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] <... mmap resumed>) = 0x7f9875600000 [pid 5953] <... memfd_create resumed>) = 5 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5950] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5950] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5950] close(5./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5954 [pid 5954] <... set_robust_list resumed>) = 0 [pid 5954] chdir("./21") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] <... close resumed>) = 0 [pid 5954] <... openat resumed>) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3 [pid 5952] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5951] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5954] <... close resumed>) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5954] write(1, "executing program\n", 18) = 18 [pid 5954] memfd_create("syzkaller", 0 [pid 5950] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5954] <... memfd_create resumed>) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5953] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5950] <... open resumed>) = 5 [pid 5950] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5950] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5950] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5950] exit_group(0) = ? [pid 5950] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5952] <... write resumed>) = 2097152 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5951] <... write resumed>) = 2097152 [pid 5954] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5953] <... write resumed>) = 2097152 [pid 5952] munmap(0x7f9875600000, 138412032 [pid 5951] munmap(0x7f9875600000, 138412032 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5953] munmap(0x7f9875600000, 138412032 [pid 5952] <... munmap resumed>) = 0 [pid 5951] <... munmap resumed>) = 0 [pid 5840] getdents64(3, [pid 5952] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5953] <... munmap resumed>) = 0 [pid 5952] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5952] close(5 [pid 5840] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] close(5 [pid 5953] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5953] close(5 [pid 5954] <... write resumed>) = 2097152 [pid 5954] munmap(0x7f9875600000, 138412032 [pid 5951] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5951] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] <... munmap resumed>) = 0 [pid 5953] <... close resumed>) = 0 [pid 5952] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5952] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5953] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] close(4) = 0 [pid 5840] rmdir("./21/file1") = 0 [pid 5840] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5954] <... openat resumed>) = 4 [pid 5952] <... open resumed>) = 5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5954] ioctl(4, LOOP_SET_FD, 3 [pid 5952] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5840] unlink("./21/binderfs" [pid 5952] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5840] <... unlink resumed>) = 0 [pid 5952] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5954] <... ioctl resumed>) = 0 [pid 5953] <... open resumed>) = 5 [pid 5951] <... open resumed>) = 5 [pid 5840] getdents64(3, [pid 5954] close(3) = 0 [pid 5954] close(4) = 0 [pid 5953] truncate("./file1", 16784380 [pid 5951] truncate("./file1", 16784380 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5954] mkdir("./file1", 0777 [pid 5951] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] close(3 [pid 5953] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./21") = 0 [pid 5952] <... mmap resumed>) = 0x200000001000 [pid 5954] <... mkdir resumed>) = 0 [pid 5953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] mkdir("./22", 0777 [pid 5954] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5953] <... openat resumed>) = 6 [pid 5952] exit_group(0 [pid 5951] <... openat resumed>) = 6 [pid 5840] <... mkdir resumed>) = 0 [pid 5953] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5951] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5952] <... exit_group resumed>) = ? [pid 5953] <... mmap resumed>) = 0x200000001000 [pid 5951] <... mmap resumed>) = 0x200000001000 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5953] exit_group(0 [pid 5951] exit_group(0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5953] <... exit_group resumed>) = ? [pid 5951] <... exit_group resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5840] <... ioctl resumed>) = 0 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5840] close(3 [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] +++ exited with 0 +++ [pid 5843] <... restart_syscall resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 114.794023][ T5954] loop0: detected capacity change from 0 to 4096 [ 114.825745][ T5954] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5842] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... openat resumed>) = 3 [pid 5843] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] newfstatat(3, "", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5842] getdents64(3, [pid 5843] newfstatat(3, "", [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... umount2 resumed>) = 0 [pid 5843] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 5954] <... mount resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5954] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5955 attached ) = 3 [pid 5842] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5955 [pid 5954] chdir("./file1") = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] newfstatat(AT_FDCWD, "./20/file1", [pid 5954] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5955] set_robust_list(0x55558b799660, 24 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5954] open("./file1", O_RDONLY|O_DIRECT [pid 5842] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5955] chdir("./22" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5955] <... chdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0 [pid 5842] <... openat resumed>) = 4 [pid 5955] <... setpgid resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] newfstatat(4, "", [pid 5955] <... openat resumed>) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5955] write(3, "1000", 4 [pid 5954] <... open resumed>) = 4 [pid 5842] getdents64(4, [pid 5955] <... write resumed>) = 4 [pid 5955] close(3 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5955] <... close resumed>) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs" [pid 5954] preadv2(4, [pid 5843] <... umount2 resumed>) = 0 [pid 5842] getdents64(4, [pid 5841] <... umount2 resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5955] <... symlink resumed>) = 0 [pid 5842] close(4) = 0 executing program [pid 5842] rmdir("./20/file1" [pid 5955] write(1, "executing program\n", 18) = 18 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./20/file1", [pid 5842] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5955] memfd_create("syzkaller", 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5954] memfd_create("syzkaller", 0 [pid 5843] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] unlink("./20/binderfs" [pid 5841] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] <... memfd_create resumed>) = 5 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] newfstatat(AT_FDCWD, "./19/file1", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5954] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... unlink resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] getdents64(3, [pid 5841] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5955] <... memfd_create resumed>) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5842] close(3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", [pid 5843] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5842] rmdir("./20" [pid 5841] getdents64(4, [pid 5843] newfstatat(4, "", [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5842] mkdir("./21", 0777 [pid 5843] getdents64(4, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] close(4 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5843] getdents64(4, [pid 5841] rmdir("./20/file1" [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] rmdir("./19/file1" [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5841] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] close(3 [pid 5841] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5954] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./20/binderfs" [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5841] <... unlink resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(3, [pid 5843] unlink("./19/binderfs" [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5841] close(3 [pid 5843] getdents64(3, [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./20" [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5955] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] close(3 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5843] rmdir("./19" [pid 5841] mkdir("./21", 0777 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] mkdir("./20", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5956 attached [pid 5954] <... write resumed>) = 2097152 [pid 5843] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5956] set_robust_list(0x55558b799660, 24 [pid 5841] <... ioctl resumed>) = 0 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5954] munmap(0x7f9875600000, 138412032 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5956 [pid 5843] <... openat resumed>) = 3 [pid 5955] <... write resumed>) = 2097152 [pid 5956] chdir("./21" [pid 5954] <... munmap resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5841] close(3 [pid 5956] <... chdir resumed>) = 0 [pid 5955] munmap(0x7f9875600000, 138412032 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... ioctl resumed>) = 0 [pid 5955] <... munmap resumed>) = 0 [pid 5843] close(3 [pid 5954] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5954] close(5 [pid 5956] <... prctl resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5956] setpgid(0, 0 [pid 5955] <... openat resumed>) = 4 [pid 5956] <... setpgid resumed>) = 0 [pid 5955] ioctl(4, LOOP_SET_FD, 3 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... close resumed>) = 0 [pid 5956] <... openat resumed>) = 3 [pid 5955] <... ioctl resumed>) = 0 [pid 5954] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5956] write(3, "1000", 4 [pid 5955] close(3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5956] <... write resumed>) = 4 [pid 5955] <... close resumed>) = 0 [pid 5956] close(3) = 0 executing program [pid 5956] symlink("/dev/binderfs", "./binderfs" [pid 5954] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006./strace-static-x86_64: Process 5958 attached ./strace-static-x86_64: Process 5957 attached [pid 5956] <... symlink resumed>) = 0 [pid 5955] close(4 [pid 5958] set_robust_list(0x55558b799660, 24 [pid 5957] set_robust_list(0x55558b799660, 24 [pid 5956] write(1, "executing program\n", 18 [pid 5955] <... close resumed>) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5958 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5957 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5957] <... set_robust_list resumed>) = 0 [pid 5956] <... write resumed>) = 18 [pid 5955] mkdir("./file1", 0777 [pid 5958] chdir("./20" [pid 5955] <... mkdir resumed>) = 0 [pid 5958] <... chdir resumed>) = 0 [pid 5957] chdir("./21" [pid 5955] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5954] <... open resumed>) = 5 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5957] <... chdir resumed>) = 0 [pid 5954] truncate("./file1", 16784380 [pid 5958] <... prctl resumed>) = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5958] setpgid(0, 0 [pid 5957] <... prctl resumed>) = 0 [pid 5956] memfd_create("syzkaller", 0 [pid 5958] <... setpgid resumed>) = 0 [pid 5956] <... memfd_create resumed>) = 3 [pid 5954] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5957] setpgid(0, 0) = 0 [pid 5958] <... openat resumed>) = 3 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5956] <... mmap resumed>) = 0x7f9875600000 [pid 5955] <... mount resumed>) = 0 [pid 5954] <... openat resumed>) = 6 [pid 5957] <... openat resumed>) = 3 [pid 5954] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5954] exit_group(0) = ? [pid 5954] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5958] write(3, "1000", 4 [pid 5957] write(3, "1000", 4 [pid 5955] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5958] <... write resumed>) = 4 [pid 5957] <... write resumed>) = 4 [pid 5955] <... openat resumed>) = 3 [pid 5958] close(3 [pid 5957] close(3 [pid 5955] chdir("./file1" [pid 5839] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] <... close resumed>) = 0 [pid 5957] <... close resumed>) = 0 [pid 5955] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5958] symlink("/dev/binderfs", "./binderfs" [pid 5957] symlink("/dev/binderfs", "./binderfs" [pid 5955] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 5839] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5957] <... symlink resumed>) = 0 [pid 5957] write(1, "executing program\n", 18 [pid 5955] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5957] <... write resumed>) = 18 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5957] memfd_create("syzkaller", 0 [ 115.111817][ T5955] loop1: detected capacity change from 0 to 4096 [ 115.136899][ T5955] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5839] getdents64(3, [pid 5958] <... symlink resumed>) = 0 [pid 5957] <... memfd_create resumed>) = 3 [pid 5955] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5958] write(1, "executing program\n", 18 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5958] <... write resumed>) = 18 [pid 5957] <... mmap resumed>) = 0x7f9875600000 [pid 5958] memfd_create("syzkaller", 0 [pid 5955] <... open resumed>) = 4 [pid 5955] preadv2(4, [pid 5956] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5955] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5955] memfd_create("syzkaller", 0) = 5 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5958] <... memfd_create resumed>) = 3 [pid 5955] <... mmap resumed>) = 0x7f9875600000 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./21/file1") = 0 [pid 5839] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./21/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./21") = 0 [pid 5839] mkdir("./22", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5958] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5957] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5956] <... write resumed>) = 2097152 [pid 5955] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5956] munmap(0x7f9875600000, 138412032) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5956] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached [pid 5956] <... ioctl resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5959 [pid 5959] set_robust_list(0x55558b799660, 24) = 0 [pid 5959] chdir("./22" [pid 5956] close(3 [pid 5959] <... chdir resumed>) = 0 [pid 5956] <... close resumed>) = 0 [pid 5956] close(4) = 0 [pid 5956] mkdir("./file1", 0777 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5956] <... mkdir resumed>) = 0 [pid 5959] <... prctl resumed>) = 0 [ 115.346949][ T5956] loop3: detected capacity change from 0 to 4096 [pid 5956] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] <... write resumed>) = 2097152 [pid 5959] write(3, "1000", 4) = 4 [pid 5958] <... write resumed>) = 2097152 [pid 5957] munmap(0x7f9875600000, 138412032 [pid 5955] <... write resumed>) = 2097152 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] munmap(0x7f9875600000, 138412032executing program [pid 5959] write(1, "executing program\n", 18 [pid 5958] munmap(0x7f9875600000, 138412032 [pid 5959] <... write resumed>) = 18 [pid 5957] <... munmap resumed>) = 0 [pid 5959] memfd_create("syzkaller", 0 [pid 5957] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 115.395119][ T5956] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5957] ioctl(4, LOOP_SET_FD, 3 [pid 5959] <... memfd_create resumed>) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5958] <... munmap resumed>) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3 [pid 5957] <... ioctl resumed>) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file1", 0777) = 0 [pid 5955] <... munmap resumed>) = 0 [ 115.445173][ T5957] loop2: detected capacity change from 0 to 4096 [ 115.463203][ T5958] loop4: detected capacity change from 0 to 4096 [pid 5957] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5958] <... ioctl resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5958] close(3) = 0 [pid 5958] close(4 [pid 5955] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5958] <... close resumed>) = 0 [pid 5958] mkdir("./file1", 0777) = 0 [pid 5958] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5956] <... mount resumed>) = 0 [pid 5955] close(5) = 0 [pid 5959] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5956] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5956] chdir("./file1") = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [ 115.491585][ T5957] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 115.527125][ T5958] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5956] open("./file1", O_RDONLY|O_DIRECT [pid 5955] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5956] <... open resumed>) = 4 [pid 5955] truncate("./file1", 16784380 [pid 5956] preadv2(4, [pid 5955] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5955] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5956] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5955] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5955] exit_group(0 [pid 5956] memfd_create("syzkaller", 0 [pid 5955] <... exit_group resumed>) = ? [pid 5956] <... memfd_create resumed>) = 5 [pid 5955] +++ exited with 0 +++ [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5957] <... mount resumed>) = 0 [pid 5840] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5956] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5957] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5958] <... mount resumed>) = 0 [pid 5957] <... openat resumed>) = 3 [pid 5957] chdir("./file1") = 0 [pid 5840] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5957] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5958] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5957] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5958] <... openat resumed>) = 3 [pid 5957] open("./file1", O_RDONLY|O_DIRECT [pid 5958] chdir("./file1" [pid 5840] <... openat resumed>) = 3 [pid 5958] <... chdir resumed>) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] newfstatat(3, "", [pid 5958] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5958] open("./file1", O_RDONLY|O_DIRECT [pid 5957] <... open resumed>) = 4 [pid 5840] getdents64(3, [pid 5958] <... open resumed>) = 4 [pid 5957] preadv2(4, [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5957] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5957] memfd_create("syzkaller", 0 [pid 5958] preadv2(4, [pid 5957] <... memfd_create resumed>) = 5 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5958] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5957] <... mmap resumed>) = 0x7f9875600000 [pid 5959] <... write resumed>) = 2097152 [pid 5958] memfd_create("syzkaller", 0 [pid 5959] munmap(0x7f9875600000, 138412032 [pid 5958] <... memfd_create resumed>) = 5 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5959] <... munmap resumed>) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5956] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... ioctl resumed>) = 0 [pid 5959] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5959] close(4) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5959] mkdir("./file1", 0777) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 115.700387][ T5959] loop0: detected capacity change from 0 to 4096 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5957] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./22/file1") = 0 [pid 5840] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./22/binderfs") = 0 [pid 5958] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./22") = 0 [ 115.763517][ T5959] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5840] mkdir("./23", 0777 [pid 5956] <... write resumed>) = 2097152 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5956] munmap(0x7f9875600000, 138412032 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5958] <... write resumed>) = 2097152 [pid 5959] <... mount resumed>) = 0 [pid 5957] <... write resumed>) = 2097152 [pid 5959] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] munmap(0x7f9875600000, 138412032 [pid 5959] chdir("./file1" [pid 5958] munmap(0x7f9875600000, 138412032 [pid 5957] <... munmap resumed>) = 0 [pid 5956] <... munmap resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5958] <... munmap resumed>) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5956] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5957] close(5 [pid 5956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5959] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5956] close(5 [pid 5840] <... close resumed>) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] close(5 [pid 5959] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5958] <... close resumed>) = 0 [pid 5959] preadv2(4, [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5960 ./strace-static-x86_64: Process 5960 attached [pid 5959] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5957] <... close resumed>) = 0 [pid 5960] set_robust_list(0x55558b799660, 24 [pid 5959] memfd_create("syzkaller", 0 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5957] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5960] chdir("./23" [pid 5959] <... memfd_create resumed>) = 5 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5960] <... chdir resumed>) = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5959] <... mmap resumed>) = 0x7f9875600000 [pid 5960] <... prctl resumed>) = 0 [pid 5960] setpgid(0, 0) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5960] write(3, "1000", 4executing program ) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5960] write(1, "executing program\n", 18) = 18 [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5958] <... open resumed>) = 5 [pid 5957] <... open resumed>) = 5 [pid 5956] <... close resumed>) = 0 [pid 5958] truncate("./file1", 16784380 [pid 5957] truncate("./file1", 16784380 [pid 5958] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5957] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5956] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5958] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5958] <... openat resumed>) = 6 [pid 5957] <... openat resumed>) = 6 [pid 5958] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5957] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5956] <... open resumed>) = 5 [pid 5956] truncate("./file1", 16784380 [pid 5958] <... mmap resumed>) = 0x200000001000 [pid 5956] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5957] exit_group(0 [pid 5956] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5957] <... exit_group resumed>) = ? [pid 5956] <... openat resumed>) = 6 [pid 5957] +++ exited with 0 +++ [pid 5956] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [pid 5956] exit_group(0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5958] exit_group(0 [pid 5956] <... exit_group resumed>) = ? [pid 5958] <... exit_group resumed>) = ? [pid 5841] <... restart_syscall resumed>) = 0 [pid 5958] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5841] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- [pid 5841] <... openat resumed>) = 3 [pid 5843] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(3, "", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] getdents64(3, [pid 5959] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5960] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] newfstatat(3, "", [pid 5841] <... umount2 resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] getdents64(3, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] newfstatat(AT_FDCWD, "./21/file1", [pid 5842] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] newfstatat(AT_FDCWD, "./20/file1", [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(4, [pid 5843] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] getdents64(4, [pid 5843] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5843] newfstatat(4, "", [pid 5841] <... close resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] rmdir("./21/file1" [pid 5843] getdents64(4, [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] getdents64(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5843] close(4) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] rmdir("./20/file1") = 0 [pid 5843] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] unlink("./21/binderfs") = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 5843] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5959] <... write resumed>) = 2097152 [pid 5843] unlink("./20/binderfs" [pid 5841] close(3) = 0 [pid 5841] rmdir("./21") = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] mkdir("./22", 0777) = 0 [pid 5960] <... write resumed>) = 2097152 [pid 5959] munmap(0x7f9875600000, 138412032 [pid 5843] close(3 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5960] munmap(0x7f9875600000, 138412032 [pid 5843] <... close resumed>) = 0 [pid 5842] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] rmdir("./20" [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... openat resumed>) = 3 [pid 5842] newfstatat(AT_FDCWD, "./21/file1", [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5843] mkdir("./21", 0777 [pid 5842] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... ioctl resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... mkdir resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5841] close(3 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5960] <... munmap resumed>) = 0 [pid 5959] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5960] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] close(4 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5960] <... openat resumed>) = 4 [pid 5959] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... close resumed>) = 0 [pid 5960] ioctl(4, LOOP_SET_FD, 3 [pid 5959] close(5 [pid 5842] rmdir("./21/file1" [pid 5843] <... ioctl resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5843] close(3 [pid 5841] <... close resumed>) = 0 [pid 5842] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./21/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./21") = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] mkdir("./22", 0777) = 0 ./strace-static-x86_64: Process 5961 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5961 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5961] set_robust_list(0x55558b799660, 24) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5961] chdir("./22" [pid 5960] <... ioctl resumed>) = 0 [pid 5959] <... close resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5960] close(3 [pid 5842] <... ioctl resumed>) = 0 [pid 5961] <... chdir resumed>) = 0 [pid 5842] close(3 [pid 5960] <... close resumed>) = 0 [pid 5960] close(4) = 0 [pid 5960] mkdir("./file1", 0777) = 0 [pid 5960] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5959] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... close resumed>) = 0 [pid 5961] <... openat resumed>) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5959] <... open resumed>) = 5 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5959] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5959] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5959] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5959] exit_group(0) = ? ./strace-static-x86_64: Process 5962 attached [pid 5961] symlink("/dev/binderfs", "./binderfs" [pid 5959] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5961] <... symlink resumed>) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5962 [pid 5962] set_robust_list(0x55558b799660, 24 [pid 5961] write(1, "executing program\n", 18 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5962] chdir("./21") = 0 [pid 5839] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", executing program {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] <... write resumed>) = 18 [pid 5842] <... close resumed>) = 0 [pid 5962] <... prctl resumed>) = 0 [ 116.129841][ T5960] loop1: detected capacity change from 0 to 4096 [ 116.167820][ T5960] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5962] setpgid(0, 0 [pid 5961] memfd_create("syzkaller", 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5962] <... setpgid resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5961] <... memfd_create resumed>) = 3 [pid 5962] <... openat resumed>) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5963 attached [pid 5962] write(3, "1000", 4 [pid 5960] <... mount resumed>) = 0 [pid 5963] set_robust_list(0x55558b799660, 24 [pid 5962] <... write resumed>) = 4 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5963 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5962] close(3 [pid 5960] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] <... close resumed>) = 0 [pid 5960] <... openat resumed>) = 3 executing program [pid 5839] newfstatat(AT_FDCWD, "./22/file1", [pid 5963] chdir("./22" [pid 5962] symlink("/dev/binderfs", "./binderfs" [pid 5960] chdir("./file1" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5963] <... chdir resumed>) = 0 [pid 5962] <... symlink resumed>) = 0 [pid 5839] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] <... chdir resumed>) = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5963] <... prctl resumed>) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5960] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5963] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 4 [pid 5960] open("./file1", O_RDONLY|O_DIRECT [pid 5839] newfstatat(4, "", [pid 5963] write(3, "1000", 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5963] <... write resumed>) = 4 [pid 5839] getdents64(4, [pid 5963] close(3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5963] <... close resumed>) = 0 [pid 5962] memfd_create("syzkaller", 0 [pid 5960] <... open resumed>) = 4 [pid 5963] symlink("/dev/binderfs", "./binderfs" [pid 5839] getdents64(4, [pid 5963] <... symlink resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4executing program ) = 0 [pid 5960] preadv2(4, [pid 5839] rmdir("./22/file1" [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5960] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] <... memfd_create resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5960] memfd_create("syzkaller", 0) = 5 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5963] <... memfd_create resumed>) = 3 [pid 5839] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] unlink("./22/binderfs") = 0 [pid 5961] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./22") = 0 [pid 5839] mkdir("./23", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5960] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5963] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5961] <... write resumed>) = 2097152 [pid 5961] munmap(0x7f9875600000, 138412032) = 0 [pid 5962] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5961] <... openat resumed>) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x55558b799650) = 5964 [pid 5964] set_robust_list(0x55558b799660, 24) = 0 [pid 5964] chdir("./23") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5961] <... ioctl resumed>) = 0 [pid 5961] close(3) = 0 [ 116.421549][ T5961] loop2: detected capacity change from 0 to 4096 [pid 5961] close(4 [pid 5963] <... write resumed>) = 2097152 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5962] <... write resumed>) = 2097152 [pid 5961] <... close resumed>) = 0 [pid 5960] <... write resumed>) = 2097152 [pid 5964] <... openat resumed>) = 3 [pid 5963] munmap(0x7f9875600000, 138412032 [pid 5962] munmap(0x7f9875600000, 138412032 [pid 5961] mkdir("./file1", 0777 [pid 5964] write(3, "1000", 4 [pid 5962] <... munmap resumed>) = 0 [pid 5961] <... mkdir resumed>) = 0 [pid 5960] munmap(0x7f9875600000, 138412032 [pid 5964] <... write resumed>) = 4 [pid 5961] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5964] close(3 [pid 5963] <... munmap resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5960] <... munmap resumed>) = 0 [pid 5964] <... close resumed>) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5964] write(1, "executing program\n", 18 [pid 5963] <... openat resumed>) = 4 [pid 5962] <... openat resumed>) = 4 [pid 5960] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5964] <... write resumed>) = 18 [pid 5963] ioctl(4, LOOP_SET_FD, 3 [pid 5964] memfd_create("syzkaller", 0 [pid 5962] ioctl(4, LOOP_SET_FD, 3 [pid 5960] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5960] close(5 [pid 5964] <... memfd_create resumed>) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5963] <... ioctl resumed>) = 0 [pid 5963] close(3) = 0 [pid 5962] <... ioctl resumed>) = 0 [pid 5963] close(4) = 0 [pid 5962] close(3) = 0 [pid 5963] mkdir("./file1", 0777 [pid 5962] close(4) = 0 [pid 5963] <... mkdir resumed>) = 0 [pid 5962] mkdir("./file1", 0777 [pid 5960] <... close resumed>) = 0 [pid 5963] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5962] <... mkdir resumed>) = 0 [pid 5960] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5961] <... mount resumed>) = 0 [ 116.506598][ T5961] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 116.521952][ T5963] loop3: detected capacity change from 0 to 4096 [ 116.536875][ T5962] loop4: detected capacity change from 0 to 4096 [pid 5961] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./file1") = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] open("./file1", O_RDONLY|O_DIRECT [ 116.594587][ T5963] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 116.606399][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 116.606416][ T30] audit: type=1804 audit(1750615397.875:225): pid=5960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/23/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5962] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5961] <... open resumed>) = 4 [pid 5961] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5961] memfd_create("syzkaller", 0) = 5 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5960] <... open resumed>) = 5 [pid 5960] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5960] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5960] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5964] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5960] exit_group(0) = ? [ 116.639861][ T5962] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5960] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=15 /* 0.15 s */} --- [pid 5840] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 116.718242][ T30] audit: type=1800 audit(1750615397.915:226): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5840] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5963] <... mount resumed>) = 0 [pid 5964] <... write resumed>) = 2097152 [pid 5963] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5964] munmap(0x7f9875600000, 138412032 [pid 5963] <... openat resumed>) = 3 [pid 5840] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5963] chdir("./file1" [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./23/file1" [pid 5963] <... chdir resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./23/binderfs" [pid 5963] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] <... unlink resumed>) = 0 [pid 5963] open("./file1", O_RDONLY|O_DIRECT [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./23") = 0 [pid 5840] mkdir("./24", 0777 [pid 5963] <... open resumed>) = 4 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5964] <... munmap resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5963] preadv2(4, [pid 5962] <... mount resumed>) = 0 [pid 5964] <... openat resumed>) = 4 [pid 5963] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5962] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5961] <... write resumed>) = 2097152 [pid 5840] close(3 [pid 5961] munmap(0x7f9875600000, 138412032 [pid 5964] ioctl(4, LOOP_SET_FD, 3 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] <... openat resumed>) = 3 [pid 5961] <... munmap resumed>) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] close(5 [pid 5962] chdir("./file1" [pid 5963] <... memfd_create resumed>) = 5 [pid 5962] <... chdir resumed>) = 0 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] <... mmap resumed>) = 0x7f9875600000 [pid 5962] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5840] <... close resumed>) = 0 [ 116.829451][ T30] audit: type=1800 audit(1750615398.085:227): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 116.866084][ T5964] loop0: detected capacity change from 0 to 4096 [pid 5964] <... ioctl resumed>) = 0 [pid 5962] preadv2(4, [pid 5964] close(3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5964] <... close resumed>) = 0 [pid 5962] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5961] <... close resumed>) = 0 [pid 5964] close(4 [pid 5961] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5965 [pid 5964] <... close resumed>) = 0 [pid 5962] memfd_create("syzkaller", 0 [pid 5964] mkdir("./file1", 0777 [pid 5962] <... memfd_create resumed>) = 5 [ 116.908268][ T30] audit: type=1800 audit(1750615398.175:228): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 ./strace-static-x86_64: Process 5965 attached [pid 5964] <... mkdir resumed>) = 0 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5965] set_robust_list(0x55558b799660, 24 [pid 5962] <... mmap resumed>) = 0x7f9875600000 [pid 5961] <... open resumed>) = 5 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5961] truncate("./file1", 16784380 [pid 5964] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5965] chdir("./24" [pid 5961] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5961] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5965] <... chdir resumed>) = 0 [pid 5961] <... openat resumed>) = 6 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5961] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5965] <... prctl resumed>) = 0 [ 116.945164][ T30] audit: type=1804 audit(1750615398.205:229): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/22/file1/file1" dev="loop2" ino=30 res=1 errno=0 [ 116.952723][ T5964] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5965] setpgid(0, 0 [pid 5961] <... mmap resumed>) = 0x200000001000 [pid 5965] <... setpgid resumed>) = 0 [pid 5961] exit_group(0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5961] <... exit_group resumed>) = ? [pid 5965] <... openat resumed>) = 3 [pid 5961] +++ exited with 0 +++ [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5965] write(1, "executing program\n", 18) = 18 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- [pid 5841] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5963] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./22/file1") = 0 [pid 5841] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./22/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./22") = 0 [pid 5963] <... write resumed>) = 2097152 [pid 5963] munmap(0x7f9875600000, 138412032 [pid 5962] <... write resumed>) = 2097152 [pid 5841] mkdir("./23", 0777 [pid 5963] <... munmap resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5962] munmap(0x7f9875600000, 138412032 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5963] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5962] <... munmap resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5963] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5963] close(5 [pid 5962] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] <... write resumed>) = 2097152 [pid 5962] close(5 [pid 5965] munmap(0x7f9875600000, 138412032) = 0 [pid 5964] <... mount resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5963] <... close resumed>) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5964] <... openat resumed>) = 3 [pid 5964] chdir("./file1" [pid 5965] <... openat resumed>) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5964] <... chdir resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5962] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5962] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5965] <... ioctl resumed>) = 0 [pid 5964] open("./file1", O_RDONLY|O_DIRECT [pid 5963] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5964] <... open resumed>) = 4 [pid 5964] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5964] memfd_create("syzkaller", 0) = 5 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5962] <... open resumed>) = 5 [pid 5962] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5962] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5962] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5962] exit_group(0) = ? ./strace-static-x86_64: Process 5966 attached [pid 5965] close(3) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5966 [ 117.222598][ T5965] loop1: detected capacity change from 0 to 4096 [ 117.242322][ T30] audit: type=1804 audit(1750615398.515:230): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/21/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5966] set_robust_list(0x55558b799660, 24 [pid 5965] close(4 [pid 5963] <... open resumed>) = 5 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5966] chdir("./23") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] +++ exited with 0 +++ [pid 5966] write(3, "1000", 4) = 4 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=10 /* 0.10 s */} --- [pid 5966] close(3 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5966] <... close resumed>) = 0 [pid 5965] <... close resumed>) = 0 [pid 5963] truncate("./file1", 16784380 [pid 5966] symlink("/dev/binderfs", "./binderfs" [pid 5965] mkdir("./file1", 0777 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5966] <... symlink resumed>) = 0 [pid 5965] <... mkdir resumed>) = 0 [pid 5963] <... truncate resumed>) = -1 EFBIG (File too large) executing program [pid 5966] write(1, "executing program\n", 18 [pid 5965] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5966] <... write resumed>) = 18 [pid 5843] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5963] <... openat resumed>) = 6 [pid 5966] memfd_create("syzkaller", 0 [pid 5963] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5963] <... mmap resumed>) = 0x200000001000 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5963] exit_group(0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5966] <... memfd_create resumed>) = 3 [pid 5963] <... exit_group resumed>) = ? [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5963] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5842] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5966] <... mmap resumed>) = 0x7f9875600000 [pid 5842] getdents64(3, [pid 5843] <... umount2 resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 117.275467][ T30] audit: type=1800 audit(1750615398.515:231): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 117.310663][ T5965] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5843] newfstatat(AT_FDCWD, "./21/file1", [pid 5965] <... mount resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5964] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] <... openat resumed>) = 3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = 0 [pid 5965] chdir("./file1" [pid 5842] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5965] <... chdir resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5842] newfstatat(AT_FDCWD, "./22/file1", [pid 5965] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] getdents64(4, [pid 5842] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [ 117.351913][ T30] audit: type=1804 audit(1750615398.535:232): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/22/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5965] <... open resumed>) = 4 [pid 5843] getdents64(4, [pid 5842] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5966] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5965] preadv2(4, [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5843] close(4 [pid 5842] newfstatat(4, "", [pid 5965] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5965] memfd_create("syzkaller", 0 [pid 5843] <... close resumed>) = 0 [pid 5842] getdents64(4, [pid 5964] <... write resumed>) = 2097152 [pid 5843] rmdir("./21/file1" [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5965] <... memfd_create resumed>) = 5 [pid 5964] munmap(0x7f9875600000, 138412032 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] getdents64(4, [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5964] <... munmap resumed>) = 0 [pid 5843] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5965] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(4) = 0 [pid 5842] rmdir("./22/file1" [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... rmdir resumed>) = 0 [pid 5964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5842] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] close(5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] unlink("./21/binderfs" [ 117.409547][ T30] audit: type=1800 audit(1750615398.675:233): pid=5965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5842] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5842] unlink("./22/binderfs" [pid 5843] getdents64(3, [pid 5842] <... unlink resumed>) = 0 [pid 5966] <... write resumed>) = 2097152 [pid 5965] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] getdents64(3, [pid 5843] close(3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... close resumed>) = 0 [pid 5842] close(3) = 0 [pid 5966] munmap(0x7f9875600000, 138412032 [pid 5843] rmdir("./21" [pid 5842] rmdir("./22" [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5843] mkdir("./22", 0777 [pid 5842] mkdir("./23", 0777) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5966] <... munmap resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5843] <... openat resumed>) = 3 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5964] <... close resumed>) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5964] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 5966] <... openat resumed>) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3 [pid 5965] <... write resumed>) = 2097152 [pid 5964] <... open resumed>) = 5 [pid 5842] <... close resumed>) = 0 [pid 5964] truncate("./file1", 16784380 [pid 5965] munmap(0x7f9875600000, 138412032 [pid 5964] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5965] <... munmap resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5964] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5964] exit_group(0) = ? [pid 5964] +++ exited with 0 +++ [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5965] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] close(5 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5839] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5967 ./strace-static-x86_64: Process 5968 attached [pid 5968] set_robust_list(0x55558b799660, 24 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5968 [pid 5968] <... set_robust_list resumed>) = 0 [ 117.550515][ T30] audit: type=1804 audit(1750615398.815:234): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/23/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 117.554709][ T5966] loop2: detected capacity change from 0 to 4096 [pid 5968] chdir("./22"executing program ) = 0 [pid 5966] <... ioctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0 [pid 5839] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5968] <... setpgid resumed>) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] <... write resumed>) = 4 [pid 5968] close(3 [pid 5839] newfstatat(AT_FDCWD, "./23/file1", [pid 5968] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5968] write(1, "executing program\n", 18) = 18 [pid 5966] close(3) = 0 [pid 5839] getdents64(4, [pid 5966] close(4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5966] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 5966] mkdir("./file1", 0777 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5966] <... mkdir resumed>) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./23/file1") = 0 ./strace-static-x86_64: Process 5967 attached [pid 5968] memfd_create("syzkaller", 0 [pid 5966] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] set_robust_list(0x55558b799660, 24 [pid 5965] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5967] <... set_robust_list resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./23/binderfs" [pid 5968] <... memfd_create resumed>) = 3 [pid 5967] chdir("./23" [pid 5839] <... unlink resumed>) = 0 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(3, [pid 5968] <... mmap resumed>) = 0x7f9875600000 [pid 5967] <... chdir resumed>) = 0 [pid 5965] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5965] <... open resumed>) = 5 [pid 5967] <... prctl resumed>) = 0 [pid 5965] truncate("./file1", 16784380 [pid 5839] close(3 [pid 5967] setpgid(0, 0) = 0 [pid 5839] <... close resumed>) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5965] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5967] <... openat resumed>) = 3 [pid 5965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] rmdir("./23" [pid 5967] write(3, "1000", 4 [pid 5965] <... openat resumed>) = 6 [pid 5967] <... write resumed>) = 4 [pid 5965] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5967] close(3 [pid 5965] <... mmap resumed>) = 0x200000001000 [pid 5967] <... close resumed>) = 0 [pid 5965] exit_group(0 [ 117.646425][ T5966] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] mkdir("./24", 0777executing program [pid 5967] symlink("/dev/binderfs", "./binderfs" [pid 5965] <... exit_group resumed>) = ? [pid 5839] <... mkdir resumed>) = 0 [pid 5967] <... symlink resumed>) = 0 [pid 5966] <... mount resumed>) = 0 [pid 5965] +++ exited with 0 +++ [pid 5967] write(1, "executing program\n", 18 [pid 5966] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5967] <... write resumed>) = 18 [pid 5966] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5967] memfd_create("syzkaller", 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5966] chdir("./file1" [pid 5840] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5966] <... chdir resumed>) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5966] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5966] open("./file1", O_RDONLY|O_DIRECT [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5966] <... open resumed>) = 4 [pid 5840] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] <... memfd_create resumed>) = 3 [pid 5966] preadv2(4, [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5966] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5966] memfd_create("syzkaller", 0) = 5 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5966] <... mmap resumed>) = 0x7f9875600000 [pid 5840] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached [pid 5969] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5969] chdir("./24" [pid 5840] newfstatat(4, "", [pid 5969] <... chdir resumed>) = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5969] <... prctl resumed>) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] getdents64(4, [pid 5969] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5968] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3 [pid 5840] close(4 [pid 5969] <... close resumed>) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5969] write(1, "executing program\n", 18) = 18 [pid 5969] memfd_create("syzkaller", 0 [pid 5967] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5969] <... memfd_create resumed>) = 3 [pid 5840] rmdir("./24/file1" [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5966] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./24/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./24" [pid 5968] <... write resumed>) = 2097152 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./25", 0777 [pid 5968] munmap(0x7f9875600000, 138412032 [pid 5840] <... mkdir resumed>) = 0 [pid 5968] <... munmap resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5968] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3 [pid 5967] <... write resumed>) = 2097152 [pid 5967] munmap(0x7f9875600000, 138412032) = 0 [pid 5969] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5968] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5968] close(3 [pid 5967] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5968] <... close resumed>) = 0 [pid 5967] <... openat resumed>) = 4 [pid 5968] close(4) = 0 [pid 5968] mkdir("./file1", 0777) = 0 [ 117.918822][ T5968] loop4: detected capacity change from 0 to 4096 [ 117.953892][ T5968] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5968] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5966] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5970 attached [pid 5966] munmap(0x7f9875600000, 138412032) = 0 [pid 5970] set_robust_list(0x55558b799660, 24 [pid 5969] <... write resumed>) = 2097152 [pid 5967] <... ioctl resumed>) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5970 [pid 5970] <... set_robust_list resumed>) = 0 [pid 5967] close(3 [pid 5966] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5970] chdir("./25" [pid 5967] <... close resumed>) = 0 [pid 5966] close(5 [pid 5970] <... chdir resumed>) = 0 [pid 5967] close(4 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5969] munmap(0x7f9875600000, 138412032 [pid 5967] <... close resumed>) = 0 [pid 5969] <... munmap resumed>) = 0 [pid 5967] mkdir("./file1", 0777 [pid 5970] <... prctl resumed>) = 0 [pid 5967] <... mkdir resumed>) = 0 [ 117.966437][ T5967] loop3: detected capacity change from 0 to 4096 [pid 5967] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5970] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] ioctl(4, LOOP_SET_FD, 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5968] <... mount resumed>) = 0 [pid 5970] close(3 [pid 5968] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5970] <... close resumed>) = 0 [pid 5968] <... openat resumed>) = 3 [pid 5970] symlink("/dev/binderfs", "./binderfs" [pid 5968] chdir("./file1") = 0 [pid 5970] <... symlink resumed>) = 0 [pid 5970] write(1, "executing program\n", 18 [pid 5968] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 5970] <... write resumed>) = 18 [pid 5968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5966] <... close resumed>) = 0 [pid 5969] <... ioctl resumed>) = 0 [pid 5968] open("./file1", O_RDONLY|O_DIRECT [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./file1", 0777 [pid 5966] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5969] <... mkdir resumed>) = 0 [pid 5970] memfd_create("syzkaller", 0 [pid 5968] <... open resumed>) = 4 [pid 5970] <... memfd_create resumed>) = 3 [pid 5968] preadv2(4, [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5969] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5966] <... open resumed>) = 5 [pid 5970] <... mmap resumed>) = 0x7f9875600000 [ 118.018996][ T5967] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 118.030849][ T5969] loop0: detected capacity change from 0 to 4096 [pid 5966] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5968] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5966] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5968] memfd_create("syzkaller", 0) = 5 [pid 5966] <... mmap resumed>) = 0x200000001000 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5966] exit_group(0) = ? [pid 5968] <... mmap resumed>) = 0x7f9875600000 [pid 5966] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5841] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 118.081376][ T5969] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5970] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5968] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./23/file1") = 0 [pid 5841] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./23/binderfs") = 0 [pid 5967] <... mount resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] getdents64(3, [pid 5967] <... openat resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5967] chdir("./file1" [pid 5841] close(3 [pid 5967] <... chdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] rmdir("./23" [pid 5967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... rmdir resumed>) = 0 [pid 5967] open("./file1", O_RDONLY|O_DIRECT [pid 5841] mkdir("./24", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5967] <... open resumed>) = 4 [pid 5967] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5967] memfd_create("syzkaller", 0) = 5 [pid 5969] <... mount resumed>) = 0 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5969] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5967] <... mmap resumed>) = 0x7f9875600000 [pid 5969] <... openat resumed>) = 3 [pid 5969] chdir("./file1") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5968] <... write resumed>) = 2097152 [pid 5969] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5969] open("./file1", O_RDONLY|O_DIRECT [pid 5968] munmap(0x7f9875600000, 138412032) = 0 [pid 5969] <... open resumed>) = 4 [pid 5968] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5970] <... write resumed>) = 2097152 [pid 5970] munmap(0x7f9875600000, 138412032) = 0 [pid 5969] preadv2(4, [pid 5968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5968] close(5 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached [pid 5969] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5971] set_robust_list(0x55558b799660, 24 [pid 5970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5969] memfd_create("syzkaller", 0 [pid 5971] <... set_robust_list resumed>) = 0 [pid 5970] <... openat resumed>) = 4 [pid 5969] <... memfd_create resumed>) = 5 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5971 [pid 5970] ioctl(4, LOOP_SET_FD, 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5971] chdir("./24" [pid 5969] <... mmap resumed>) = 0x7f9875600000 [pid 5968] <... close resumed>) = 0 [pid 5967] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5971] <... chdir resumed>) = 0 [pid 5970] <... ioctl resumed>) = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5968] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5970] close(3) = 0 [pid 5970] close(4) = 0 [pid 5970] mkdir("./file1", 0777) = 0 [pid 5971] <... prctl resumed>) = 0 [pid 5968] <... open resumed>) = 5 [pid 5970] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5968] truncate("./file1", 16784380 [pid 5971] setpgid(0, 0 [pid 5968] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5971] <... setpgid resumed>) = 0 [pid 5968] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5968] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5971] <... openat resumed>) = 3 [pid 5968] exit_group(0 [pid 5971] write(3, "1000", 4 [pid 5968] <... exit_group resumed>) = ? [pid 5968] +++ exited with 0 +++ [pid 5971] <... write resumed>) = 4 [pid 5971] close(3 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5971] <... close resumed>) = 0 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5971] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... restart_syscall resumed>) = 0 [pid 5971] <... symlink resumed>) = 0 executing program [pid 5971] write(1, "executing program\n", 18) = 18 [pid 5843] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] memfd_create("syzkaller", 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5971] <... memfd_create resumed>) = 3 [ 118.320618][ T5970] loop1: detected capacity change from 0 to 4096 [ 118.353073][ T5970] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5967] <... write resumed>) = 2097152 [pid 5969] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5967] munmap(0x7f9875600000, 138412032 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 5970] <... mount resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5970] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5970] chdir("./file1") = 0 [pid 5843] close(4 [pid 5970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 5970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] rmdir("./22/file1") = 0 [pid 5843] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5970] open("./file1", O_RDONLY|O_DIRECT [pid 5967] <... munmap resumed>) = 0 [pid 5843] unlink("./22/binderfs" [pid 5970] <... open resumed>) = 4 [pid 5970] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5970] memfd_create("syzkaller", 0 [pid 5967] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5970] <... memfd_create resumed>) = 5 [pid 5967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5967] close(5 [pid 5970] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... unlink resumed>) = 0 [pid 5971] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./22" [pid 5969] <... write resumed>) = 2097152 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] mkdir("./23", 0777) = 0 [pid 5967] <... close resumed>) = 0 [pid 5969] munmap(0x7f9875600000, 138412032 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5967] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5967] <... open resumed>) = 5 [pid 5970] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5969] <... munmap resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5971] <... write resumed>) = 2097152 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] close(3 [pid 5967] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5967] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5969] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5967] <... openat resumed>) = 6 [pid 5967] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5967] exit_group(0 [pid 5969] close(5 [pid 5967] <... exit_group resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5971] munmap(0x7f9875600000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5971] <... openat resumed>) = 4 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5971] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... openat resumed>) = 3 [pid 5971] <... ioctl resumed>) = 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5970] <... write resumed>) = 2097152 [pid 5843] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5970] munmap(0x7f9875600000, 138412032 [pid 5971] close(3 [pid 5969] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5971] <... close resumed>) = 0 [pid 5971] close(4) = 0 [pid 5971] mkdir("./file1", 0777 [pid 5969] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5971] <... mkdir resumed>) = 0 [pid 5969] <... open resumed>) = 5 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5972 [pid 5969] truncate("./file1", 16784380./strace-static-x86_64: Process 5972 attached ) = -1 EFBIG (File too large) [pid 5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5972] set_robust_list(0x55558b799660, 24 [pid 5969] <... openat resumed>) = 6 [pid 5972] <... set_robust_list resumed>) = 0 [pid 5971] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5969] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5972] chdir("./23") = 0 [pid 5969] <... mmap resumed>) = 0x200000001000 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5969] exit_group(0 [pid 5842] <... umount2 resumed>) = 0 [pid 5969] <... exit_group resumed>) = ? [ 118.562182][ T5971] loop2: detected capacity change from 0 to 4096 [pid 5972] <... prctl resumed>) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] <... munmap resumed>) = 0 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs" [pid 5970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5972] <... symlink resumed>) = 0 [pid 5970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5970] close(5executing program [pid 5972] write(1, "executing program\n", 18) = 18 [pid 5969] +++ exited with 0 +++ [pid 5972] memfd_create("syzkaller", 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5972] <... memfd_create resumed>) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.605786][ T5971] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5842] newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5971] <... mount resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./23/file1") = 0 [pid 5971] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5971] <... openat resumed>) = 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = 0 [pid 5971] chdir("./file1" [pid 5839] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5971] <... chdir resumed>) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./23/binderfs" [pid 5971] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... unlink resumed>) = 0 [pid 5971] open("./file1", O_RDONLY|O_DIRECT [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(AT_FDCWD, "./24/file1", [pid 5842] close(3) = 0 [pid 5842] rmdir("./23") = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5971] <... open resumed>) = 4 [pid 5842] mkdir("./24", 0777 [pid 5971] preadv2(4, [pid 5839] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5971] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5971] memfd_create("syzkaller", 0 [pid 5839] <... openat resumed>) = 4 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] newfstatat(4, "", [pid 5971] <... memfd_create resumed>) = 5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(4, [pid 5971] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5839] getdents64(4, [pid 5842] <... ioctl resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5839] close(4) = 0 [pid 5839] rmdir("./24/file1" [pid 5970] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5970] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./24/binderfs") = 0 [pid 5970] <... open resumed>) = 5 [pid 5970] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5839] getdents64(3, [pid 5970] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5970] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5970] exit_group(0 [pid 5839] rmdir("./24" [pid 5970] <... exit_group resumed>) = ? [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./25", 0777 [pid 5842] <... close resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5970] +++ exited with 0 +++ [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5972] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5973 attached [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5973 [pid 5973] set_robust_list(0x55558b799660, 24) = 0 [pid 5973] chdir("./24") = 0 [pid 5839] <... close resumed>) = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5840] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5974 attached [pid 5973] write(1, "executing program\n", 18) = 18 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5840] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5974 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5973] <... mmap resumed>) = 0x7f9875600000 [pid 5840] newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] set_robust_list(0x55558b799660, 24 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5974] <... set_robust_list resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5974] chdir("./25" [pid 5840] newfstatat(4, "", [pid 5974] <... chdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] getdents64(4, [pid 5974] <... prctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5974] setpgid(0, 0) = 0 [pid 5840] getdents64(4, [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5972] <... write resumed>) = 2097152 [pid 5840] close(4) = 0 [pid 5974] <... openat resumed>) = 3 [pid 5840] rmdir("./25/file1"executing program ) = 0 [pid 5974] write(3, "1000", 4 [pid 5840] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] <... write resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] close(3 [pid 5840] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5974] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs" [pid 5840] unlink("./25/binderfs" [pid 5974] <... symlink resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5974] write(1, "executing program\n", 18 [pid 5840] getdents64(3, [pid 5974] <... write resumed>) = 18 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5974] memfd_create("syzkaller", 0 [pid 5972] munmap(0x7f9875600000, 138412032) = 0 [pid 5840] <... close resumed>) = 0 [pid 5974] <... memfd_create resumed>) = 3 [pid 5972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] rmdir("./25") = 0 [pid 5974] <... mmap resumed>) = 0x7f9875600000 [pid 5840] mkdir("./26", 0777 [pid 5972] <... openat resumed>) = 4 [pid 5840] <... mkdir resumed>) = 0 [pid 5972] ioctl(4, LOOP_SET_FD, 3 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5972] <... ioctl resumed>) = 0 [pid 5972] close(3) = 0 [pid 5972] close(4 [pid 5971] <... write resumed>) = 2097152 [pid 5972] <... close resumed>) = 0 [pid 5971] munmap(0x7f9875600000, 138412032 [pid 5972] mkdir("./file1", 0777 [pid 5973] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5972] <... mkdir resumed>) = 0 [ 118.900065][ T5972] loop4: detected capacity change from 0 to 4096 [pid 5972] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... close resumed>) = 0 [pid 5971] <... munmap resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached [pid 5975] set_robust_list(0x55558b799660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5975 [pid 5975] chdir("./26") = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0) = 0 [pid 5974] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5971] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5971] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5971] close(5 [pid 5975] <... openat resumed>) = 3 [pid 5975] write(3, "1000", 4) = 4 [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5975] write(1, "executing program\n", 18executing program ) = 18 [ 118.940570][ T5972] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5973] <... write resumed>) = 2097152 [pid 5974] <... write resumed>) = 2097152 [pid 5973] munmap(0x7f9875600000, 138412032 [pid 5972] <... mount resumed>) = 0 [pid 5972] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] <... close resumed>) = 0 [pid 5972] chdir("./file1" [pid 5971] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5972] <... chdir resumed>) = 0 [pid 5973] <... munmap resumed>) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5971] <... open resumed>) = 5 [pid 5972] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5971] truncate("./file1", 16784380 [pid 5972] open("./file1", O_RDONLY|O_DIRECT [pid 5974] munmap(0x7f9875600000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5972] <... open resumed>) = 4 [pid 5971] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5973] <... openat resumed>) = 4 [pid 5972] preadv2(4, [pid 5971] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5974] <... openat resumed>) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3 [pid 5971] <... openat resumed>) = 6 [pid 5974] ioctl(4, LOOP_SET_FD, 3 [pid 5973] <... ioctl resumed>) = 0 [pid 5972] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5971] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5972] memfd_create("syzkaller", 0 [pid 5971] <... mmap resumed>) = 0x200000001000 [pid 5975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5972] <... memfd_create resumed>) = 5 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5973] close(3) = 0 [pid 5973] close(4 [pid 5974] <... ioctl resumed>) = 0 [pid 5971] exit_group(0) = ? [pid 5974] close(3 [pid 5973] <... close resumed>) = 0 [pid 5971] +++ exited with 0 +++ [pid 5973] mkdir("./file1", 0777) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5973] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5974] <... close resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5974] close(4 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5974] <... close resumed>) = 0 [pid 5974] mkdir("./file1", 0777 [pid 5841] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5974] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 119.061256][ T5973] loop3: detected capacity change from 0 to 4096 [ 119.068829][ T5974] loop0: detected capacity change from 0 to 4096 [pid 5841] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... umount2 resumed>) = 0 [pid 5975] <... write resumed>) = 2097152 [pid 5841] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5975] munmap(0x7f9875600000, 138412032 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5972] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./24/file1") = 0 [pid 5841] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.122519][ T5973] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 119.141664][ T5974] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5975] <... munmap resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./24/binderfs") = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] getdents64(3, [pid 5975] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5975] ioctl(4, LOOP_SET_FD, 3 [pid 5841] close(3) = 0 [pid 5841] rmdir("./24") = 0 [pid 5841] mkdir("./25", 0777) = 0 [pid 5975] <... ioctl resumed>) = 0 [pid 5975] close(3 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5975] <... close resumed>) = 0 [pid 5975] close(4) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5975] mkdir("./file1", 0777 [pid 5841] close(3 [pid 5975] <... mkdir resumed>) = 0 [pid 5975] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5972] <... write resumed>) = 2097152 [ 119.210010][ T5975] loop1: detected capacity change from 0 to 4096 [pid 5973] <... mount resumed>) = 0 [pid 5972] munmap(0x7f9875600000, 138412032 [pid 5974] <... mount resumed>) = 0 [pid 5974] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5973] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./file1" [pid 5972] <... munmap resumed>) = 0 [pid 5974] <... openat resumed>) = 3 [pid 5974] chdir("./file1" [pid 5973] <... chdir resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] open("./file1", O_RDONLY|O_DIRECT [pid 5974] <... chdir resumed>) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5973] <... open resumed>) = 4 [ 119.259443][ T5975] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5974] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] preadv2(4, [pid 5972] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... close resumed>) = 0 [pid 5974] open("./file1", O_RDONLY|O_DIRECT [pid 5973] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5972] close(5 [pid 5973] memfd_create("syzkaller", 0) = 5 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x55558b799660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5976 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] chdir("./25" [pid 5974] <... open resumed>) = 4 [pid 5976] <... chdir resumed>) = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5974] preadv2(4, [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] write(1, "executing program\n", 18) = 18 [pid 5976] memfd_create("syzkaller", 0 [pid 5974] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5972] <... close resumed>) = 0 [pid 5976] <... memfd_create resumed>) = 3 [pid 5974] memfd_create("syzkaller", 0 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5974] <... memfd_create resumed>) = 5 [pid 5976] <... mmap resumed>) = 0x7f9875600000 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5972] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5973] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5974] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5972] <... open resumed>) = 5 [pid 5972] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5975] <... mount resumed>) = 0 [pid 5972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5975] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5972] <... openat resumed>) = 6 [pid 5975] <... openat resumed>) = 3 [pid 5972] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5972] exit_group(0) = ? [pid 5975] chdir("./file1" [pid 5972] +++ exited with 0 +++ [pid 5975] <... chdir resumed>) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=9 /* 0.09 s */} --- [pid 5975] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5975] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5975] preadv2(4, [pid 5976] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5975] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5975] memfd_create("syzkaller", 0) = 5 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5974] <... write resumed>) = 2097152 [pid 5974] munmap(0x7f9875600000, 138412032 [pid 5843] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] <... munmap resumed>) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5974] close(5 [pid 5973] <... write resumed>) = 2097152 [pid 5973] munmap(0x7f9875600000, 138412032) = 0 [pid 5976] <... write resumed>) = 2097152 [pid 5973] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] close(5 [pid 5974] <... close resumed>) = 0 [pid 5976] munmap(0x7f9875600000, 138412032 [pid 5974] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5976] <... munmap resumed>) = 0 [pid 5975] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5974] <... open resumed>) = 5 [pid 5976] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5974] truncate("./file1", 16784380 [pid 5976] <... openat resumed>) = 4 [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5974] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... umount2 resumed>) = 0 [pid 5974] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5974] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5973] <... close resumed>) = 0 [pid 5843] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] exit_group(0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] <... exit_group resumed>) = ? [pid 5976] <... ioctl resumed>) = 0 [pid 5976] close(3) = 0 [pid 5976] close(4 [pid 5974] +++ exited with 0 +++ [pid 5973] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] newfstatat(AT_FDCWD, "./23/file1", [pid 5976] <... close resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5976] mkdir("./file1", 0777 [pid 5843] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5976] <... mkdir resumed>) = 0 [pid 5973] <... open resumed>) = 5 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... restart_syscall resumed>) = 0 [pid 5973] truncate("./file1", 16784380 [pid 5843] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5976] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5973] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... openat resumed>) = 4 [pid 5839] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5973] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] newfstatat(4, "", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5973] <... openat resumed>) = 6 [pid 5843] getdents64(4, [pid 5839] <... openat resumed>) = 3 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] newfstatat(3, "", [pid 5843] getdents64(4, [pid 5973] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] close(4) = 0 [pid 5839] getdents64(3, [pid 5843] rmdir("./23/file1" [pid 5973] <... mmap resumed>) = 0x200000001000 [pid 5843] <... rmdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5973] exit_group(0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5973] <... exit_group resumed>) = ? [pid 5843] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5973] +++ exited with 0 +++ [pid 5843] unlink("./23/binderfs") = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5843] getdents64(3, [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./23" [pid 5842] <... restart_syscall resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] mkdir("./24", 0777 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5975] <... write resumed>) = 2097152 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5975] munmap(0x7f9875600000, 138412032 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... openat resumed>) = 3 [ 119.582229][ T5976] loop2: detected capacity change from 0 to 4096 [ 119.614596][ T5976] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./25/file1", [pid 5975] <... munmap resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... ioctl resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5843] close(3 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./25/file1") = 0 [pid 5839] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5975] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... umount2 resumed>) = 0 [pid 5975] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5975] close(5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] unlink("./25/binderfs") = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(3, [pid 5842] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] close(3 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... close resumed>) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./24/file1") = 0 [pid 5976] <... mount resumed>) = 0 [pid 5975] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5839] rmdir("./25" [pid 5842] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5976] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./26", 0777 [pid 5976] <... openat resumed>) = 3 [pid 5842] unlink("./24/binderfs" [pid 5976] chdir("./file1" [pid 5842] <... unlink resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5976] <... chdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5976] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... openat resumed>) = 3 [pid 5976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] getdents64(3, [pid 5839] <... ioctl resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] close(3 [pid 5976] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5975] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] close(3) = 0 [pid 5842] rmdir("./24") = 0 [pid 5976] <... open resumed>) = 4 [pid 5975] <... open resumed>) = 5 ./strace-static-x86_64: Process 5977 attached [pid 5975] truncate("./file1", 16784380 [pid 5977] set_robust_list(0x55558b799660, 24 [pid 5976] preadv2(4, [pid 5975] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] mkdir("./25", 0777 [pid 5975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... mkdir resumed>) = 0 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5975] <... openat resumed>) = 6 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5977 [pid 5977] chdir("./24") = 0 [pid 5976] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5975] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5977] <... prctl resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0 [pid 5975] <... mmap resumed>) = 0x200000001000 [pid 5976] <... memfd_create resumed>) = 5 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5975] exit_group(0) = ? [pid 5977] setpgid(0, 0 [pid 5975] +++ exited with 0 +++ [pid 5977] <... setpgid resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5978 [pid 5977] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5978 attached [pid 5977] write(3, "1000", 4 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5977] <... write resumed>) = 4 [pid 5977] close(3 [pid 5978] set_robust_list(0x55558b799660, 24 [pid 5840] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5977] <... close resumed>) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5978] <... set_robust_list resumed>) = 0 [pid 5978] chdir("./26" [pid 5840] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5978] <... chdir resumed>) = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5977] <... symlink resumed>) = 0 [pid 5840] <... openat resumed>) = 3 executing program [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] write(1, "executing program\n", 18 [pid 5840] newfstatat(3, "", [pid 5977] <... write resumed>) = 18 [pid 5978] <... openat resumed>) = 3 [pid 5977] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5977] <... memfd_create resumed>) = 3 [pid 5840] getdents64(3, [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] write(3, "1000", 4) = 4 executing program [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] write(1, "executing program\n", 18) = 18 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 5979 ./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x55558b799660, 24) = 0 [pid 5979] chdir("./25" [pid 5840] <... umount2 resumed>) = 0 [pid 5979] <... chdir resumed>) = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./26/file1", executing program {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5979] write(1, "executing program\n", 18) = 18 [pid 5979] memfd_create("syzkaller", 0 [pid 5976] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] <... memfd_create resumed>) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... openat resumed>) = 4 [pid 5979] <... mmap resumed>) = 0x7f9875600000 [pid 5840] newfstatat(4, "", [pid 5977] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./26/file1") = 0 [pid 5840] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5978] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./26/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./26") = 0 [pid 5840] mkdir("./27", 0777 [pid 5977] <... write resumed>) = 2097152 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5977] munmap(0x7f9875600000, 138412032 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5976] <... write resumed>) = 2097152 [pid 5840] close(3 [pid 5979] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5977] <... munmap resumed>) = 0 [pid 5976] munmap(0x7f9875600000, 138412032 [pid 5978] <... write resumed>) = 2097152 [pid 5978] munmap(0x7f9875600000, 138412032 [pid 5977] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5976] <... munmap resumed>) = 0 [pid 5977] <... openat resumed>) = 4 [pid 5976] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5978] <... munmap resumed>) = 0 [pid 5977] ioctl(4, LOOP_SET_FD, 3 [pid 5976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... close resumed>) = 0 [pid 5976] close(5 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5980 attached [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5980 [pid 5979] <... write resumed>) = 2097152 [pid 5977] <... ioctl resumed>) = 0 [pid 5980] set_robust_list(0x55558b799660, 24 [pid 5977] close(3 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5977] <... close resumed>) = 0 [pid 5980] chdir("./27" [pid 5977] close(4 [pid 5976] <... close resumed>) = 0 [pid 5980] <... chdir resumed>) = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0 [pid 5977] <... close resumed>) = 0 [pid 5980] <... setpgid resumed>) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] mkdir("./file1", 0777 [pid 5976] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5980] <... openat resumed>) = 3 [pid 5977] <... mkdir resumed>) = 0 [pid 5980] write(3, "1000", 4 [pid 5977] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5980] <... write resumed>) = 4 [pid 5978] <... ioctl resumed>) = 0 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] close(3executing program ) = 0 [pid 5976] <... open resumed>) = 5 [pid 5980] write(1, "executing program\n", 18 [pid 5979] munmap(0x7f9875600000, 138412032 [pid 5980] <... write resumed>) = 18 [pid 5979] <... munmap resumed>) = 0 [pid 5980] memfd_create("syzkaller", 0 [pid 5978] close(4 [pid 5976] truncate("./file1", 16784380 [pid 5980] <... memfd_create resumed>) = 3 [pid 5976] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5978] <... close resumed>) = 0 [pid 5976] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5978] mkdir("./file1", 0777 [pid 5976] <... openat resumed>) = 6 [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5976] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5979] <... openat resumed>) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3 [pid 5978] <... mkdir resumed>) = 0 [ 120.021920][ T5977] loop4: detected capacity change from 0 to 4096 [ 120.022208][ T5978] loop0: detected capacity change from 0 to 4096 [ 120.056997][ T5977] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5978] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5976] <... mmap resumed>) = 0x200000001000 [pid 5976] exit_group(0) = ? [pid 5979] <... ioctl resumed>) = 0 [pid 5979] close(3) = 0 [pid 5979] close(4) = 0 [pid 5976] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5979] mkdir("./file1", 0777) = 0 [pid 5841] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [ 120.081447][ T5979] loop3: detected capacity change from 0 to 4096 [ 120.091367][ T5978] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5979] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5977] <... mount resumed>) = 0 [pid 5977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file1") = 0 [ 120.122805][ T5979] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5980] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5977] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... umount2 resumed>) = 0 [pid 5977] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5977] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5841] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./25/file1") = 0 [pid 5979] <... mount resumed>) = 0 [pid 5977] preadv2(4, [pid 5841] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5978] <... mount resumed>) = 0 [pid 5841] unlink("./25/binderfs" [pid 5977] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5977] memfd_create("syzkaller", 0 [pid 5841] <... unlink resumed>) = 0 [pid 5979] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5978] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5977] <... memfd_create resumed>) = 5 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5979] <... openat resumed>) = 3 [pid 5979] chdir("./file1" [pid 5841] getdents64(3, [pid 5979] <... chdir resumed>) = 0 [pid 5978] <... openat resumed>) = 3 [pid 5977] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5978] chdir("./file1" [pid 5979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] close(3) = 0 [pid 5841] rmdir("./25") = 0 [pid 5841] mkdir("./26", 0777 [pid 5978] <... chdir resumed>) = 0 [pid 5979] open("./file1", O_RDONLY|O_DIRECT [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5978] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5978] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5979] <... open resumed>) = 4 [pid 5978] <... open resumed>) = 4 [pid 5979] preadv2(4, [pid 5978] preadv2(4, [pid 5979] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5979] memfd_create("syzkaller", 0 [pid 5978] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5979] <... memfd_create resumed>) = 5 [pid 5978] memfd_create("syzkaller", 0 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5978] <... memfd_create resumed>) = 5 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 executing program [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5980] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5982 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5982 [pid 5980] munmap(0x7f9875600000, 138412032 [pid 5982] set_robust_list(0x55558b799660, 24) = 0 [pid 5982] chdir("./26") = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5982] write(3, "1000", 4) = 4 [pid 5982] close(3) = 0 [pid 5982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] <... munmap resumed>) = 0 [pid 5982] write(1, "executing program\n", 18) = 18 [pid 5982] memfd_create("syzkaller", 0 [pid 5980] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5977] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5980] ioctl(4, LOOP_SET_FD, 3 [pid 5982] <... memfd_create resumed>) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5980] <... ioctl resumed>) = 0 [pid 5980] close(3) = 0 [pid 5980] close(4) = 0 [pid 5980] mkdir("./file1", 0777) = 0 [ 120.366594][ T5980] loop1: detected capacity change from 0 to 4096 [pid 5980] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5977] <... write resumed>) = 2097152 [pid 5979] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 120.428620][ T5980] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5978] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5977] munmap(0x7f9875600000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5982] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5977] close(5 [pid 5978] <... write resumed>) = 2097152 [pid 5980] <... mount resumed>) = 0 [pid 5979] <... write resumed>) = 2097152 [pid 5978] munmap(0x7f9875600000, 138412032 [pid 5980] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5980] chdir("./file1") = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5980] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5979] munmap(0x7f9875600000, 138412032 [pid 5978] <... munmap resumed>) = 0 [pid 5977] <... close resumed>) = 0 [pid 5980] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5980] memfd_create("syzkaller", 0) = 5 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5979] <... munmap resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5977] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5978] close(5 [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5977] <... open resumed>) = 5 [pid 5982] <... write resumed>) = 2097152 [pid 5979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5977] truncate("./file1", 16784380 [pid 5979] close(5 [pid 5977] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5979] <... close resumed>) = 0 [pid 5978] <... close resumed>) = 0 [pid 5977] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5979] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5978] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5982] munmap(0x7f9875600000, 138412032 [pid 5977] <... openat resumed>) = 6 [pid 5977] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5982] <... munmap resumed>) = 0 [pid 5977] exit_group(0) = ? [pid 5979] <... open resumed>) = 5 [pid 5979] truncate("./file1", 16784380 [pid 5977] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5979] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5979] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5979] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5978] <... open resumed>) = 5 [pid 5982] <... openat resumed>) = 4 [pid 5978] truncate("./file1", 16784380 [pid 5979] exit_group(0) = ? [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5978] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5978] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5980] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5978] exit_group(0 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5978] <... exit_group resumed>) = ? [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5979] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ [pid 5843] getdents64(3, [pid 5982] <... ioctl resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} --- [pid 5842] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5982] close(3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5982] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5982] close(4 [pid 5842] <... openat resumed>) = 3 [pid 5982] <... close resumed>) = 0 [pid 5842] newfstatat(3, "", [pid 5839] <... restart_syscall resumed>) = 0 [pid 5982] mkdir("./file1", 0777 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5982] <... mkdir resumed>) = 0 [pid 5842] getdents64(3, [pid 5982] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 120.676681][ T5982] loop2: detected capacity change from 0 to 4096 [pid 5839] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5843] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./26/file1", [pid 5843] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5980] <... write resumed>) = 2097152 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./25/file1", [pid 5980] munmap(0x7f9875600000, 138412032 [pid 5843] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... openat resumed>) = 4 [pid 5842] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] newfstatat(4, "", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 4 [pid 5843] getdents64(4, [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(4, "", [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] close(4 [pid 5980] <... munmap resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 5843] rmdir("./24/file1" [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5843] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] rmdir("./25/file1" [pid 5839] getdents64(4, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.746082][ T5982] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5843] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5842] <... rmdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] close(4 [pid 5843] unlink("./24/binderfs" [pid 5842] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... unlink resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5839] rmdir("./26/file1" [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] getdents64(3, [pid 5842] unlink("./25/binderfs" [pid 5839] <... rmdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5843] close(3 [pid 5839] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5980] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5980] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] rmdir("./24" [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5980] close(5 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] close(3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... close resumed>) = 0 [pid 5839] unlink("./26/binderfs" [pid 5842] rmdir("./25" [pid 5839] <... unlink resumed>) = 0 [pid 5843] mkdir("./25", 0777 [pid 5842] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, [pid 5843] <... mkdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] mkdir("./26", 0777 [pid 5839] close(3 [pid 5842] <... mkdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./26") = 0 [pid 5839] mkdir("./27", 0777 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... mkdir resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... openat resumed>) = 3 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5983 attached [pid 5983] set_robust_list(0x55558b799660, 24 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5839] <... openat resumed>) = 3 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5983 [pid 5983] chdir("./26") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5983] write(1, "executing program\n", 18) = 18 [pid 5843] <... ioctl resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] close(3 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5983] memfd_create("syzkaller", 0) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5980] <... close resumed>) = 0 [pid 5980] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5980] <... open resumed>) = 5 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached [pid 5980] truncate("./file1", 16784380 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5985 ./strace-static-x86_64: Process 5985 attached [pid 5982] <... mount resumed>) = 0 [pid 5985] set_robust_list(0x55558b799660, 24 [pid 5984] set_robust_list(0x55558b799660, 24 [pid 5982] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5980] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5985] <... set_robust_list resumed>) = 0 [pid 5984] <... set_robust_list resumed>) = 0 [pid 5982] <... openat resumed>) = 3 [pid 5980] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 5984 [pid 5985] chdir("./27") = 0 [pid 5984] chdir("./25" [pid 5982] chdir("./file1" [pid 5980] <... openat resumed>) = 6 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5984] <... chdir resumed>) = 0 [pid 5982] <... chdir resumed>) = 0 [pid 5980] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5985] <... prctl resumed>) = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5985] setpgid(0, 0 [pid 5984] <... prctl resumed>) = 0 [pid 5980] <... mmap resumed>) = 0x200000001000 [pid 5982] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5985] <... setpgid resumed>) = 0 [pid 5984] setpgid(0, 0 [pid 5980] exit_group(0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5980] <... exit_group resumed>) = ? [pid 5985] <... openat resumed>) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs" [pid 5980] +++ exited with 0 +++ [pid 5985] <... symlink resumed>) = 0 [pid 5984] <... setpgid resumed>) = 0 [pid 5982] open("./file1", O_RDONLY|O_DIRECTexecuting program [pid 5985] write(1, "executing program\n", 18 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5985] <... write resumed>) = 18 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5985] memfd_create("syzkaller", 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5982] <... open resumed>) = 4 [pid 5985] <... memfd_create resumed>) = 3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5984] <... openat resumed>) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] preadv2(4, [pid 5985] <... mmap resumed>) = 0x7f9875600000 [pid 5984] write(3, "1000", 4 [pid 5982] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5984] <... write resumed>) = 4 [pid 5982] memfd_create("syzkaller", 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5984] close(3 [pid 5982] <... memfd_create resumed>) = 5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5984] <... close resumed>) = 0 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] getdents64(3, [pid 5982] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5983] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5984] write(1, "executing program\n", 18) = 18 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5985] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5983] <... write resumed>) = 2097152 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5983] munmap(0x7f9875600000, 138412032 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./27/file1") = 0 [pid 5983] <... munmap resumed>) = 0 [pid 5840] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5983] <... openat resumed>) = 4 [pid 5840] unlink("./27/binderfs") = 0 [pid 5840] getdents64(3, [pid 5982] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5983] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5984] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5983] close(3 [pid 5982] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./27") = 0 [pid 5983] <... close resumed>) = 0 [pid 5840] mkdir("./28", 0777 [pid 5983] close(4 [pid 5840] <... mkdir resumed>) = 0 [pid 5983] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5983] mkdir("./file1", 0777) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5983] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5982] munmap(0x7f9875600000, 138412032 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5985] <... write resumed>) = 2097152 [pid 5982] <... munmap resumed>) = 0 [pid 5840] close(3 [pid 5985] munmap(0x7f9875600000, 138412032) = 0 [ 121.131791][ T5983] loop3: detected capacity change from 0 to 4096 [ 121.164731][ T5983] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5982] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5985] <... openat resumed>) = 4 [pid 5982] close(5 [pid 5985] ioctl(4, LOOP_SET_FD, 3 [pid 5984] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5985] <... ioctl resumed>) = 0 [pid 5985] close(3) = 0 [ 121.210518][ T5985] loop0: detected capacity change from 0 to 4096 [pid 5984] munmap(0x7f9875600000, 138412032 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5985] close(4) = 0 [pid 5985] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 5986 attached [pid 5985] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5984] <... munmap resumed>) = 0 [pid 5982] <... close resumed>) = 0 [pid 5986] set_robust_list(0x55558b799660, 24 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5986 [pid 5986] <... set_robust_list resumed>) = 0 [pid 5984] <... openat resumed>) = 4 [pid 5986] chdir("./28" [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5986] <... chdir resumed>) = 0 [pid 5982] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0 [pid 5982] <... open resumed>) = 5 [pid 5982] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5982] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5986] <... setpgid resumed>) = 0 [pid 5982] <... openat resumed>) = 6 [pid 5982] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5982] <... mmap resumed>) = 0x200000001000 [pid 5986] <... openat resumed>) = 3 [pid 5982] exit_group(0) = ? [pid 5986] write(3, "1000", 4 [pid 5984] <... ioctl resumed>) = 0 [pid 5983] <... mount resumed>) = 0 [pid 5986] <... write resumed>) = 4 [pid 5984] close(3 [pid 5983] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5986] close(3 [pid 5984] <... close resumed>) = 0 [pid 5986] <... close resumed>) = 0 [pid 5984] close(4 [pid 5983] <... openat resumed>) = 3 [pid 5984] <... close resumed>) = 0 [pid 5982] +++ exited with 0 +++ [pid 5986] symlink("/dev/binderfs", "./binderfs" [ 121.257229][ T5985] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 121.272627][ T5984] loop4: detected capacity change from 0 to 4096 executing program [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=9 /* 0.09 s */} --- [pid 5986] <... symlink resumed>) = 0 [pid 5984] mkdir("./file1", 0777 [pid 5983] chdir("./file1" [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5986] write(1, "executing program\n", 18) = 18 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5986] memfd_create("syzkaller", 0 [pid 5984] <... mkdir resumed>) = 0 [pid 5983] <... chdir resumed>) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5984] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5983] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] <... memfd_create resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5983] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5983] <... open resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] getdents64(3, [pid 5983] preadv2(4, [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5985] <... mount resumed>) = 0 [pid 5983] memfd_create("syzkaller", 0) = 5 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5985] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file1") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] open("./file1", O_RDONLY|O_DIRECT) = 4 [ 121.324075][ T5984] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5985] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... umount2 resumed>) = 0 [pid 5985] memfd_create("syzkaller", 0) = 5 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5986] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./26/file1") = 0 [pid 5841] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./26/binderfs" [pid 5983] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./26") = 0 [pid 5841] mkdir("./27", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached [pid 5985] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5988 [pid 5988] set_robust_list(0x55558b799660, 24) = 0 [pid 5988] chdir("./27") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] <... mount resumed>) = 0 [pid 5984] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5988] write(3, "1000", 4 [pid 5986] <... write resumed>) = 2097152 [pid 5984] <... openat resumed>) = 3 [pid 5988] <... write resumed>) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5984] chdir("./file1") = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5984] open("./file1", O_RDONLY|O_DIRECT [pid 5988] write(1, "executing program\n", 18 [pid 5984] <... open resumed>) = 4 [pid 5988] <... write resumed>) = 18 [pid 5988] memfd_create("syzkaller", 0 [pid 5986] munmap(0x7f9875600000, 138412032 [pid 5984] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5988] <... memfd_create resumed>) = 3 [pid 5986] <... munmap resumed>) = 0 [pid 5984] memfd_create("syzkaller", 0 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5984] <... memfd_create resumed>) = 5 [pid 5983] <... write resumed>) = 2097152 [pid 5988] <... mmap resumed>) = 0x7f9875600000 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] munmap(0x7f9875600000, 138412032 [pid 5984] <... mmap resumed>) = 0x7f9875600000 [pid 5983] <... munmap resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5983] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5983] close(5 [pid 5986] <... ioctl resumed>) = 0 [pid 5986] close(3) = 0 [pid 5986] close(4) = 0 [pid 5986] mkdir("./file1", 0777) = 0 [ 121.576006][ T5986] loop1: detected capacity change from 0 to 4096 [ 121.624028][ T5986] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 121.661406][ T30] kauditd_printk_skb: 36 callbacks suppressed [pid 5986] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5983] <... close resumed>) = 0 [pid 5985] <... write resumed>) = 2097152 [pid 5983] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5983] truncate("./file1", 16784380 [pid 5985] munmap(0x7f9875600000, 138412032 [pid 5983] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5983] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5988] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5983] <... openat resumed>) = 6 [pid 5983] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5983] exit_group(0 [pid 5985] <... munmap resumed>) = 0 [pid 5984] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5983] <... exit_group resumed>) = ? [pid 5985] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5983] +++ exited with 0 +++ [pid 5985] close(5 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 121.661424][ T30] audit: type=1804 audit(1750615402.935:271): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/26/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5988] <... write resumed>) = 2097152 [pid 5985] <... close resumed>) = 0 [pid 5985] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5988] munmap(0x7f9875600000, 138412032) = 0 [pid 5985] <... open resumed>) = 5 [pid 5984] <... write resumed>) = 2097152 [pid 5988] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5985] truncate("./file1", 16784380 [pid 5984] munmap(0x7f9875600000, 138412032) = 0 [ 121.768172][ T30] audit: type=1804 audit(1750615403.035:272): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/27/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5988] ioctl(4, LOOP_SET_FD, 3 [pid 5985] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... umount2 resumed>) = 0 [pid 5985] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5988] <... ioctl resumed>) = 0 [pid 5985] <... openat resumed>) = 6 [pid 5984] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5988] close(3 [pid 5985] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] newfstatat(AT_FDCWD, "./26/file1", [pid 5988] <... close resumed>) = 0 [pid 5985] <... mmap resumed>) = 0x200000001000 [pid 5984] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5988] close(4 [pid 5985] exit_group(0 [pid 5984] close(5 [pid 5842] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5985] <... exit_group resumed>) = ? [pid 5986] <... mount resumed>) = 0 [pid 5986] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./file1") = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5986] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... open resumed>) = 4 [pid 5986] preadv2(4, [pid 5985] +++ exited with 0 +++ [pid 5842] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [pid 5986] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5986] memfd_create("syzkaller", 0) = 5 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 121.818046][ T5988] loop2: detected capacity change from 0 to 4096 [pid 5839] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5988] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5988] mkdir("./file1", 0777 [pid 5984] <... close resumed>) = 0 [pid 5842] newfstatat(4, "", [pid 5988] <... mkdir resumed>) = 0 [pid 5988] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5984] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] rmdir("./26/file1") = 0 [pid 5842] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 121.853711][ T30] audit: type=1800 audit(1750615403.125:273): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 121.903148][ T5988] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5986] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] unlink("./26/binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... unlink resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 5842] getdents64(3, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] getdents64(4, [pid 5984] <... open resumed>) = 5 [pid 5842] close(3 [pid 5984] truncate("./file1", 16784380 [pid 5842] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] rmdir("./26" [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./27/file1" [pid 5842] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5842] mkdir("./27", 0777 [pid 5839] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5842] <... openat resumed>) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... ioctl resumed>) = 0 [ 121.925559][ T30] audit: type=1804 audit(1750615403.195:274): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/25/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5986] <... write resumed>) = 2097152 [pid 5984] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] close(3 [pid 5839] unlink("./27/binderfs" [pid 5984] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] <... unlink resumed>) = 0 [pid 5984] <... openat resumed>) = 6 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./27" [pid 5984] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./28", 0777 [pid 5984] <... mmap resumed>) = 0x200000001000 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5984] exit_group(0 [pid 5842] <... close resumed>) = 0 [pid 5984] <... exit_group resumed>) = ? [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5986] munmap(0x7f9875600000, 138412032 [pid 5984] +++ exited with 0 +++ ./strace-static-x86_64: Process 5990 attached [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5990] set_robust_list(0x55558b799660, 24 [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5990] <... set_robust_list resumed>) = 0 [pid 5843] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] <... munmap resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5988] <... mount resumed>) = 0 [pid 5986] close(5 [pid 5990] chdir("./27" [pid 5988] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5988] <... openat resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5990] <... chdir resumed>) = 0 [pid 5988] chdir("./file1" [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] getdents64(3, [pid 5990] <... prctl resumed>) = 0 [pid 5988] <... chdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5990 [pid 5990] setpgid(0, 0 [pid 5988] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5990] <... setpgid resumed>) = 0 [pid 5988] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5988] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... close resumed>) = 0 [pid 5990] <... openat resumed>) = 3 [pid 5990] write(3, "1000", 4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5990] <... write resumed>) = 4 [pid 5990] close(3) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] <... open resumed>) = 4 ./strace-static-x86_64: Process 5991 attached [pid 5988] preadv2(4, [pid 5991] set_robust_list(0x55558b799660, 24 [pid 5990] write(1, "executing program\n", 18 [pid 5988] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... umount2 resumed>) = 0 executing program [pid 5991] <... set_robust_list resumed>) = 0 [pid 5990] <... write resumed>) = 18 [pid 5986] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5991 [pid 5991] chdir("./28" [pid 5990] memfd_create("syzkaller", 0 [pid 5988] memfd_create("syzkaller", 0 [pid 5986] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] <... chdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5990] <... memfd_create resumed>) = 3 [pid 5988] <... memfd_create resumed>) = 5 [pid 5843] newfstatat(AT_FDCWD, "./25/file1", [pid 5991] setpgid(0, 0 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5991] <... setpgid resumed>) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5990] <... mmap resumed>) = 0x7f9875600000 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5991] <... openat resumed>) = 3 [pid 5988] <... mmap resumed>) = 0x7f9875600000 [pid 5986] <... open resumed>) = 5 [pid 5843] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] truncate("./file1", 16784380 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5991] write(3, "1000", 4 [pid 5843] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5991] <... write resumed>) = 4 [pid 5986] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... openat resumed>) = 4 [pid 5991] close(3 [pid 5986] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] newfstatat(4, "", [pid 5991] <... close resumed>) = 0 [pid 5986] <... openat resumed>) = 6 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 122.098519][ T30] audit: type=1800 audit(1750615403.355:275): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5991] symlink("/dev/binderfs", "./binderfs" [pid 5986] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] getdents64(4, [pid 5986] <... mmap resumed>) = 0x200000001000 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5986] exit_group(0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 5991] <... symlink resumed>) = 0 [pid 5986] <... exit_group resumed>) = ? [pid 5843] <... close resumed>) = 0 [pid 5991] write(1, "executing program\n", 18 [pid 5986] +++ exited with 0 +++ [pid 5843] rmdir("./25/file1"executing program [pid 5991] <... write resumed>) = 18 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5991] memfd_create("syzkaller", 0 [pid 5843] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5840] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] <... memfd_create resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 122.159580][ T30] audit: type=1804 audit(1750615403.415:276): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/28/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5843] unlink("./25/binderfs" [pid 5840] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] <... unlink resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5843] getdents64(3, [pid 5840] newfstatat(3, "", [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] close(3 [pid 5840] getdents64(3, [pid 5843] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] rmdir("./25" [pid 5840] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 5843] mkdir("./26", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5990] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./28/file1") = 0 [pid 5840] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... close resumed>) = 0 [pid 5840] unlink("./28/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./28") = 0 [pid 5840] mkdir("./29", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5988] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... ioctl resumed>) = 0 [pid 5990] <... write resumed>) = 2097152 [pid 5840] close(3 [pid 5990] munmap(0x7f9875600000, 138412032) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x55558b799650) = 5993 [pid 5993] set_robust_list(0x55558b799660, 24) = 0 [pid 5993] chdir("./26") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3executing program ) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] memfd_create("syzkaller", 0 [pid 5990] <... openat resumed>) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3 [pid 5993] <... memfd_create resumed>) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5991] <... write resumed>) = 2097152 [pid 5991] munmap(0x7f9875600000, 138412032 [pid 5990] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5990] close(3) = 0 ./strace-static-x86_64: Process 5994 attached [pid 5991] <... munmap resumed>) = 0 [pid 5990] close(4 [pid 5994] set_robust_list(0x55558b799660, 24 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5990] <... close resumed>) = 0 [pid 5988] <... write resumed>) = 2097152 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 5994 [ 122.378925][ T5990] loop3: detected capacity change from 0 to 4096 [pid 5988] munmap(0x7f9875600000, 138412032 [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5991] <... openat resumed>) = 4 [pid 5990] mkdir("./file1", 0777 [pid 5994] chdir("./29") = 0 [pid 5991] ioctl(4, LOOP_SET_FD, 3 [pid 5990] <... mkdir resumed>) = 0 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5990] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5988] <... munmap resumed>) = 0 [pid 5994] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5988] close(5 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5994] write(3, "1000", 4) = 4 [pid 5991] <... ioctl resumed>) = 0 [pid 5994] close(3) = 0 [pid 5991] close(3 executing program [pid 5994] symlink("/dev/binderfs", "./binderfs" [pid 5991] <... close resumed>) = 0 [pid 5991] close(4) = 0 [pid 5994] <... symlink resumed>) = 0 [pid 5991] mkdir("./file1", 0777 [ 122.431791][ T5991] loop0: detected capacity change from 0 to 4096 [ 122.444232][ T5990] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5994] write(1, "executing program\n", 18) = 18 [pid 5993] <... write resumed>) = 2097152 [pid 5991] <... mkdir resumed>) = 0 [pid 5991] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5994] memfd_create("syzkaller", 0 [pid 5993] munmap(0x7f9875600000, 138412032) = 0 [pid 5994] <... memfd_create resumed>) = 3 [pid 5988] <... close resumed>) = 0 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5988] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5994] <... mmap resumed>) = 0x7f9875600000 [pid 5993] <... openat resumed>) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [ 122.488072][ T5991] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 122.509636][ T30] audit: type=1804 audit(1750615403.775:277): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/27/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5988] <... open resumed>) = 5 [pid 5988] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5988] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5993] close(3 [pid 5988] <... openat resumed>) = 6 [pid 5993] <... close resumed>) = 0 [pid 5988] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5993] close(4 [pid 5988] exit_group(0 [pid 5993] <... close resumed>) = 0 [pid 5988] <... exit_group resumed>) = ? [pid 5988] +++ exited with 0 +++ [pid 5993] mkdir("./file1", 0777 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5993] <... mkdir resumed>) = 0 [pid 5993] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5994] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5990] <... mount resumed>) = 0 [pid 5990] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 122.540289][ T5993] loop4: detected capacity change from 0 to 4096 [ 122.579429][ T5993] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5990] chdir("./file1") = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5990] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5991] <... mount resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5990] <... open resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5991] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./27/file1") = 0 [pid 5841] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5991] chdir("./file1" [pid 5990] preadv2(4, [pid 5841] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./27/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./27") = 0 [pid 5841] mkdir("./28", 0777) = 0 [pid 5994] <... write resumed>) = 2097152 [pid 5991] <... chdir resumed>) = 0 [pid 5990] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5990] memfd_create("syzkaller", 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5994] munmap(0x7f9875600000, 138412032 [pid 5991] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5990] <... memfd_create resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5991] open("./file1", O_RDONLY|O_DIRECT [pid 5990] <... mmap resumed>) = 0x7f9875600000 [pid 5841] close(3 [pid 5994] <... munmap resumed>) = 0 [ 122.652394][ T30] audit: type=1800 audit(1750615403.925:278): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3 [pid 5991] <... open resumed>) = 4 [pid 5991] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5991] memfd_create("syzkaller", 0 [pid 5993] <... mount resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5994] <... ioctl resumed>) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./file1", 0777) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 5996 [ 122.719917][ T5994] loop1: detected capacity change from 0 to 4096 [ 122.745643][ T30] audit: type=1800 audit(1750615403.985:279): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5994] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"./strace-static-x86_64: Process 5996 attached [pid 5993] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5991] <... memfd_create resumed>) = 5 [pid 5990] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5993] <... openat resumed>) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5993] chdir("./file1") = 0 [pid 5991] <... mmap resumed>) = 0x7f9875600000 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5996] set_robust_list(0x55558b799660, 24 [pid 5993] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5996] <... set_robust_list resumed>) = 0 [pid 5993] open("./file1", O_RDONLY|O_DIRECT [pid 5996] chdir("./28") = 0 [pid 5993] <... open resumed>) = 4 [pid 5993] preadv2(4, [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5996] setpgid(0, 0) = 0 [pid 5993] memfd_create("syzkaller", 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5993] <... memfd_create resumed>) = 5 [pid 5996] <... openat resumed>) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 122.764973][ T5994] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs" [pid 5990] <... write resumed>) = 2097152 [pid 5996] <... symlink resumed>) = 0 [pid 5996] write(1, "executing program\n", 18 [pid 5990] munmap(0x7f9875600000, 138412032executing program [ 122.819519][ T30] audit: type=1800 audit(1750615404.075:280): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5996] <... write resumed>) = 18 [pid 5991] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5990] <... munmap resumed>) = 0 [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5990] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5990] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5990] close(5 [pid 5994] <... mount resumed>) = 0 [pid 5994] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./file1") = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5993] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5994] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5994] memfd_create("syzkaller", 0) = 5 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5991] <... write resumed>) = 2097152 [pid 5990] <... close resumed>) = 0 [pid 5990] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5996] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5991] munmap(0x7f9875600000, 138412032 [pid 5990] <... open resumed>) = 5 [pid 5990] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5990] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5990] exit_group(0) = ? [pid 5990] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} --- [pid 5842] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", [pid 5991] <... munmap resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5994] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5993] <... write resumed>) = 2097152 [pid 5991] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5991] close(5 [pid 5993] munmap(0x7f9875600000, 138412032 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./27/file1", [pid 5996] <... write resumed>) = 2097152 [pid 5993] <... munmap resumed>) = 0 [pid 5996] munmap(0x7f9875600000, 138412032 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5991] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5993] close(5 [pid 5842] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5991] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 5996] <... munmap resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5991] <... open resumed>) = 5 [pid 5842] rmdir("./27/file1" [pid 5996] <... openat resumed>) = 4 [pid 5842] <... rmdir resumed>) = 0 [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5991] truncate("./file1", 16784380 [pid 5842] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5991] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] unlink("./27/binderfs" [pid 5991] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... unlink resumed>) = 0 [pid 5991] <... openat resumed>) = 6 [pid 5842] getdents64(3, [pid 5991] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5991] <... mmap resumed>) = 0x200000001000 [pid 5842] close(3 [pid 5991] exit_group(0 [pid 5842] <... close resumed>) = 0 [pid 5991] <... exit_group resumed>) = ? [pid 5842] rmdir("./27") = 0 [pid 5842] mkdir("./28", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5991] +++ exited with 0 +++ [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5839] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5993] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5993] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... openat resumed>) = 3 [pid 5996] <... ioctl resumed>) = 0 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5996] close(3 [pid 5839] getdents64(3, [pid 5996] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5996] close(4 [pid 5839] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] <... close resumed>) = 0 [pid 5994] <... write resumed>) = 2097152 [pid 5993] <... open resumed>) = 5 [pid 5996] mkdir("./file1", 0777 [pid 5993] truncate("./file1", 16784380 [pid 5996] <... mkdir resumed>) = 0 [pid 5996] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5993] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5994] munmap(0x7f9875600000, 138412032 [pid 5842] <... close resumed>) = 0 [ 123.094427][ T5996] loop2: detected capacity change from 0 to 4096 [pid 5994] <... munmap resumed>) = 0 [pid 5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] close(5 [pid 5993] <... openat resumed>) = 6 ./strace-static-x86_64: Process 5998 attached [pid 5993] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 5998 [pid 5839] <... umount2 resumed>) = 0 [pid 5993] <... mmap resumed>) = 0x200000001000 [pid 5839] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] set_robust_list(0x55558b799660, 24) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5998] chdir("./28" [pid 5839] newfstatat(AT_FDCWD, "./28/file1", [pid 5998] <... chdir resumed>) = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5998] setpgid(0, 0 [pid 5993] exit_group(0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5993] <... exit_group resumed>) = ? [pid 5839] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... setpgid resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5998] write(3, "1000", 4 [pid 5839] <... openat resumed>) = 4 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] newfstatat(4, "", [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5998] <... write resumed>) = 4 [pid 5996] <... mount resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5998] close(3 [pid 5843] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(4, [pid 5998] <... close resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs" [pid 5843] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5839] close(4 [pid 5998] <... symlink resumed>) = 0 [pid 5996] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 5839] <... close resumed>) = 0 [pid 5996] <... openat resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] rmdir("./28/file1" [pid 5996] chdir("./file1" [pid 5843] getdents64(3, [pid 5998] write(1, "executing program\n", 18 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5998] <... write resumed>) = 18 [pid 5843] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] <... chdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 123.150976][ T5996] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5998] memfd_create("syzkaller", 0 [pid 5996] <... open resumed>) = 4 [pid 5843] <... umount2 resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5998] <... memfd_create resumed>) = 3 [pid 5996] preadv2(4, [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5998] <... mmap resumed>) = 0x7f9875600000 [pid 5996] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5994] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] unlink("./28/binderfs" [pid 5996] memfd_create("syzkaller", 0 [pid 5843] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, [pid 5996] <... memfd_create resumed>) = 5 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./26/file1", [pid 5996] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] close(3 [pid 5843] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... close resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", [pid 5994] <... open resumed>) = 5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5994] truncate("./file1", 16784380 [pid 5843] getdents64(4, [pid 5839] rmdir("./28" [pid 5994] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5994] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] getdents64(4, [pid 5994] <... openat resumed>) = 6 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5843] close(4 [pid 5994] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... close resumed>) = 0 [pid 5994] <... mmap resumed>) = 0x200000001000 [pid 5843] rmdir("./26/file1" [pid 5839] mkdir("./29", 0777 [pid 5843] <... rmdir resumed>) = 0 [pid 5998] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5994] exit_group(0 [pid 5843] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... mkdir resumed>) = 0 [pid 5994] <... exit_group resumed>) = ? [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5994] +++ exited with 0 +++ [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] <... openat resumed>) = 3 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5843] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] unlink("./26/binderfs" [pid 5839] <... ioctl resumed>) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 5839] close(3 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./26") = 0 [pid 5843] mkdir("./27", 0777) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 5840] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... write resumed>) = 2097152 [pid 5998] munmap(0x7f9875600000, 138412032 [pid 5843] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5998] <... munmap resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 5999 [pid 5999] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6000 attached [pid 5999] chdir("./29") = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6000 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6000] set_robust_list(0x55558b799660, 24 [pid 5999] <... prctl resumed>) = 0 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5999] setpgid(0, 0 [pid 5998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5999] <... setpgid resumed>) = 0 [pid 6000] chdir("./27" [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6000] <... chdir resumed>) = 0 [pid 5999] <... openat resumed>) = 3 [pid 5999] write(3, "1000", 4 [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5999] <... write resumed>) = 4 [pid 5998] <... openat resumed>) = 4 [pid 5999] close(3 [pid 6000] <... prctl resumed>) = 0 [pid 5999] <... close resumed>) = 0 [pid 5998] ioctl(4, LOOP_SET_FD, 3 [pid 6000] setpgid(0, 0) = 0 [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6000] write(3, "1000", 4) = 4 [pid 6000] close(3) = 0 [pid 6000] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6000] write(1, "executing program\n", 18) = 18 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6000] memfd_create("syzkaller", 0 [pid 5999] write(1, "executing program\n", 18 [pid 5998] <... ioctl resumed>) = 0 [pid 5996] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 6000] <... memfd_create resumed>) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5998] close(3 [pid 5996] munmap(0x7f9875600000, 138412032 [pid 5840] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5999] <... write resumed>) = 18 [pid 5998] <... close resumed>) = 0 [pid 5996] <... munmap resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5998] close(4) = 0 [pid 5840] newfstatat(AT_FDCWD, "./29/file1", [pid 5998] mkdir("./file1", 0777) = 0 [pid 5998] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5999] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 123.380973][ T5998] loop3: detected capacity change from 0 to 4096 [pid 5840] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5999] <... memfd_create resumed>) = 3 [pid 5840] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5996] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5996] close(5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./29/file1") = 0 [pid 5840] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 123.423005][ T5998] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5840] unlink("./29/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./29") = 0 [pid 5840] mkdir("./30", 0777) = 0 [pid 5996] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5998] <... mount resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5996] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 6000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5998] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5996] <... open resumed>) = 5 [pid 5998] <... openat resumed>) = 3 [pid 5996] truncate("./file1", 16784380 [pid 5998] chdir("./file1") = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5998] open("./file1", O_RDONLY|O_DIRECT [pid 5996] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5996] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5996] exit_group(0) = ? [pid 5996] +++ exited with 0 +++ [pid 5998] <... open resumed>) = 4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5998] preadv2(4, [pid 5841] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5998] memfd_create("syzkaller", 0 [pid 5841] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5998] <... memfd_create resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] newfstatat(3, "", [pid 5999] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... close resumed>) = 0 [pid 6000] <... write resumed>) = 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6000] munmap(0x7f9875600000, 138412032 [pid 5841] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6000] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./28/file1", [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6001 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4./strace-static-x86_64: Process 6001 attached ) = 0 [pid 5841] rmdir("./28/file1") = 0 [pid 5841] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./28/binderfs" [pid 6001] set_robust_list(0x55558b799660, 24 [pid 5999] <... write resumed>) = 2097152 [pid 5841] <... unlink resumed>) = 0 [pid 6001] <... set_robust_list resumed>) = 0 [pid 5999] munmap(0x7f9875600000, 138412032 [pid 6001] chdir("./30") = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5999] <... munmap resumed>) = 0 [pid 5998] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] getdents64(3, [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6000] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6000] ioctl(4, LOOP_SET_FD, 3 [pid 5841] close(3 [pid 6001] <... prctl resumed>) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... close resumed>) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6000] <... ioctl resumed>) = 0 [pid 5999] <... openat resumed>) = 4 [pid 5841] rmdir("./28" [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6000] close(3 [pid 5999] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... rmdir resumed>) = 0 [pid 6001] <... openat resumed>) = 3 [pid 6000] <... close resumed>) = 0 [pid 5841] mkdir("./29", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3 [pid 6000] close(4) = 0 [pid 6001] <... close resumed>) = 0 [pid 6000] mkdir("./file1", 0777 [pid 6001] symlink("/dev/binderfs", "./binderfs" [pid 6000] <... mkdir resumed>) = 0 [pid 6001] <... symlink resumed>) = 0 [pid 6000] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"executing program [pid 6001] write(1, "executing program\n", 18 [pid 5999] <... ioctl resumed>) = 0 [pid 6001] <... write resumed>) = 18 [pid 6001] memfd_create("syzkaller", 0 [pid 5999] close(3 [pid 5998] <... write resumed>) = 2097152 [pid 5999] <... close resumed>) = 0 [ 123.678149][ T6000] loop4: detected capacity change from 0 to 4096 [ 123.702567][ T5999] loop0: detected capacity change from 0 to 4096 [ 123.719090][ T6000] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6001] <... memfd_create resumed>) = 3 [pid 5999] close(4 [pid 5998] munmap(0x7f9875600000, 138412032 [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] <... close resumed>) = 0 [pid 5999] mkdir("./file1", 0777 [pid 6001] <... mmap resumed>) = 0x7f9875600000 [pid 5999] <... mkdir resumed>) = 0 [pid 5998] <... munmap resumed>) = 0 [pid 5999] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... close resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5998] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5998] close(5./strace-static-x86_64: Process 6002 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6002 [pid 6002] set_robust_list(0x55558b799660, 24) = 0 [pid 6002] chdir("./29") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5998] <... close resumed>) = 0 [pid 6002] write(1, "executing program\n", 18) = 18 [ 123.784997][ T5999] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6002] memfd_create("syzkaller", 0 [pid 6000] <... mount resumed>) = 0 [pid 5998] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6002] <... memfd_create resumed>) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6001] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5998] <... open resumed>) = 5 [pid 5998] truncate("./file1", 16784380 [pid 6000] <... openat resumed>) = 3 [pid 5998] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6000] chdir("./file1" [pid 5998] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6002] <... mmap resumed>) = 0x7f9875600000 [pid 6000] <... chdir resumed>) = 0 [pid 5998] <... openat resumed>) = 6 [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5999] <... mount resumed>) = 0 [pid 5998] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6000] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5999] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5998] <... mmap resumed>) = 0x200000001000 [pid 6000] open("./file1", O_RDONLY|O_DIRECT [pid 5999] <... openat resumed>) = 3 [pid 6001] <... write resumed>) = 2097152 [pid 6000] <... open resumed>) = 4 [pid 5999] chdir("./file1" [pid 5998] exit_group(0 [pid 6001] munmap(0x7f9875600000, 138412032 [pid 6000] preadv2(4, [pid 5999] <... chdir resumed>) = 0 [pid 5998] <... exit_group resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5842] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6000] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... openat resumed>) = 3 [pid 6000] memfd_create("syzkaller", 0 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6000] <... memfd_create resumed>) = 5 [pid 5999] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5999] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5999] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6000] <... mmap resumed>) = 0x7f9875600000 [pid 5999] memfd_create("syzkaller", 0) = 5 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6001] <... munmap resumed>) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... umount2 resumed>) = 0 [pid 6001] <... openat resumed>) = 4 [pid 6002] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6001] ioctl(4, LOOP_SET_FD, 3 [pid 5842] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6001] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] close(3 [pid 5842] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6001] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", [pid 6001] close(4) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6001] mkdir("./file1", 0777 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 6001] <... mkdir resumed>) = 0 [pid 5842] rmdir("./28/file1") = 0 [pid 6001] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5999] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6002] <... write resumed>) = 2097152 [pid 5842] unlink("./28/binderfs") = 0 [pid 6002] munmap(0x7f9875600000, 138412032 [pid 6000] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6002] <... munmap resumed>) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./28") = 0 [ 123.954456][ T6001] loop1: detected capacity change from 0 to 4096 [ 123.985787][ T6001] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5842] mkdir("./29", 0777) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6002] <... ioctl resumed>) = 0 [pid 5999] <... write resumed>) = 2097152 [pid 6002] close(3) = 0 [pid 6002] close(4) = 0 [pid 6002] mkdir("./file1", 0777) = 0 [pid 5999] munmap(0x7f9875600000, 138412032 [ 124.036223][ T6002] loop2: detected capacity change from 0 to 4096 [pid 6002] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5999] <... munmap resumed>) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5999] close(5 [pid 5842] <... close resumed>) = 0 [pid 6001] <... mount resumed>) = 0 [pid 6001] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6001] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6003 attached [ 124.085379][ T6002] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6003] set_robust_list(0x55558b799660, 24 [pid 6001] chdir("./file1" [pid 6000] <... write resumed>) = 2097152 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6003 [pid 6003] <... set_robust_list resumed>) = 0 [pid 6001] <... chdir resumed>) = 0 [pid 6000] munmap(0x7f9875600000, 138412032 [pid 6001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6003] chdir("./29" [pid 6001] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] <... chdir resumed>) = 0 [pid 6001] open("./file1", O_RDONLY|O_DIRECT [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0 [pid 6000] <... munmap resumed>) = 0 [pid 6003] <... setpgid resumed>) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6000] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6000] close(5 [pid 6003] symlink("/dev/binderfs", "./binderfs"executing program [pid 5999] <... close resumed>) = 0 [pid 6003] <... symlink resumed>) = 0 [pid 6001] <... open resumed>) = 4 [pid 6003] write(1, "executing program\n", 18 [pid 6001] preadv2(4, [pid 6003] <... write resumed>) = 18 [pid 6003] memfd_create("syzkaller", 0 [pid 5999] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6001] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6003] <... memfd_create resumed>) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6001] memfd_create("syzkaller", 0 [pid 5999] <... open resumed>) = 5 [pid 5999] truncate("./file1", 16784380 [pid 6003] <... mmap resumed>) = 0x7f9875600000 [pid 6001] <... memfd_create resumed>) = 5 [pid 5999] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5999] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5999] exit_group(0) = ? [pid 5999] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6000] <... close resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6000] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6000] <... open resumed>) = 5 [pid 6000] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6002] <... mount resumed>) = 0 [pid 6002] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6002] chdir("./file1") = 0 [pid 6000] <... openat resumed>) = 6 [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6000] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6002] open("./file1", O_RDONLY|O_DIRECT [pid 6001] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] <... mmap resumed>) = 0x200000001000 [pid 5839] <... umount2 resumed>) = 0 [pid 6000] exit_group(0 [pid 6003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] <... exit_group resumed>) = ? [pid 5839] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6000] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] newfstatat(AT_FDCWD, "./29/file1", [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6002] <... open resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 5843] <... restart_syscall resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, [pid 5843] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6002] preadv2(4, [pid 5843] <... openat resumed>) = 3 [pid 6002] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] getdents64(4, [pid 6002] memfd_create("syzkaller", 0 [pid 5843] newfstatat(3, "", [pid 6002] <... memfd_create resumed>) = 5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] getdents64(3, [pid 6002] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./29/file1") = 0 [pid 5839] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./29/binderfs" [pid 5843] <... umount2 resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5843] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./27/file1", [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] close(3 [pid 5843] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] <... write resumed>) = 2097152 [pid 5843] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] rmdir("./29" [pid 6003] <... write resumed>) = 2097152 [pid 6001] munmap(0x7f9875600000, 138412032 [pid 5843] <... openat resumed>) = 4 [pid 5839] <... rmdir resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5839] mkdir("./30", 0777 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] getdents64(4, [pid 5839] <... openat resumed>) = 3 [pid 6003] munmap(0x7f9875600000, 138412032 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] getdents64(4, [pid 5839] <... ioctl resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5843] close(4) = 0 [pid 5843] rmdir("./27/file1") = 0 [pid 5843] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6003] <... munmap resumed>) = 0 [pid 6002] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6001] <... munmap resumed>) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6001] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6003] <... openat resumed>) = 4 [pid 5843] unlink("./27/binderfs" [pid 5839] <... close resumed>) = 0 [pid 6003] ioctl(4, LOOP_SET_FD, 3 [pid 6001] close(5 [pid 5843] <... unlink resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./27") = 0 [pid 5843] mkdir("./28", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6003] <... ioctl resumed>) = 0 [pid 6003] close(3) = 0 [pid 6001] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6003] close(4 [pid 6001] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006./strace-static-x86_64: Process 6004 attached [pid 6003] <... close resumed>) = 0 [pid 6003] mkdir("./file1", 0777 [pid 6004] set_robust_list(0x55558b799660, 24) = 0 [pid 6003] <... mkdir resumed>) = 0 [pid 6001] <... open resumed>) = 5 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6004 [pid 6003] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6004] chdir("./30" [pid 6001] truncate("./file1", 16784380 [pid 6004] <... chdir resumed>) = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6001] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6004] <... prctl resumed>) = 0 [pid 6001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6004] setpgid(0, 0) = 0 [pid 6001] <... openat resumed>) = 6 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6002] <... write resumed>) = 2097152 [pid 6001] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6004] <... openat resumed>) = 3 [pid 6002] munmap(0x7f9875600000, 138412032 [pid 6001] <... mmap resumed>) = 0x200000001000 [pid 6004] write(3, "1000", 4 [pid 6001] exit_group(0 [pid 6004] <... write resumed>) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs" [pid 6002] <... munmap resumed>) = 0 [pid 6001] <... exit_group resumed>) = ? [pid 6004] <... symlink resumed>) = 0 [pid 5843] <... close resumed>) = 0 [ 124.428283][ T6003] loop3: detected capacity change from 0 to 4096 [ 124.452696][ T6003] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). executing program [pid 6004] write(1, "executing program\n", 18 [pid 6002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6004] <... write resumed>) = 18 [pid 6002] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6004] memfd_create("syzkaller", 0 [pid 6003] <... mount resumed>) = 0 [pid 6002] close(5 [pid 6001] +++ exited with 0 +++ [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6005 [pid 5840] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6005 attached [pid 6003] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6004] <... memfd_create resumed>) = 3 [pid 6005] set_robust_list(0x55558b799660, 24) = 0 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6003] <... openat resumed>) = 3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6003] chdir("./file1" [pid 6004] <... mmap resumed>) = 0x7f9875600000 [pid 6003] <... chdir resumed>) = 0 [pid 6005] chdir("./28") = 0 [pid 5840] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6005] setpgid(0, 0) = 0 [pid 6003] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6003] open("./file1", O_RDONLY|O_DIRECT [pid 6005] <... openat resumed>) = 3 [pid 6005] write(3, "1000", 4 [pid 6003] <... open resumed>) = 4 [pid 6005] <... write resumed>) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs" [pid 6003] preadv2(4, [pid 6005] <... symlink resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6003] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6005] write(1, "executing program\n", 18executing program [pid 5840] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6005] <... write resumed>) = 18 [pid 6003] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6003] <... memfd_create resumed>) = 5 [pid 5840] newfstatat(AT_FDCWD, "./30/file1", [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6005] memfd_create("syzkaller", 0 [pid 5840] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6005] <... memfd_create resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 6002] <... close resumed>) = 0 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(4, "", [pid 6005] <... mmap resumed>) = 0x7f9875600000 [pid 6002] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 6002] <... open resumed>) = 5 [pid 6002] truncate("./file1", 16784380 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./30/file1") = 0 [pid 5840] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6002] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] newfstatat(AT_FDCWD, "./30/binderfs", [pid 6002] <... openat resumed>) = 6 [pid 6002] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6002] <... mmap resumed>) = 0x200000001000 [pid 5840] unlink("./30/binderfs") = 0 [pid 5840] getdents64(3, [pid 6002] exit_group(0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6002] <... exit_group resumed>) = ? [pid 5840] close(3) = 0 [pid 6004] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6002] +++ exited with 0 +++ [pid 5840] rmdir("./30" [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5840] <... rmdir resumed>) = 0 [pid 5841] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./31", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6005] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6003] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... ioctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(3 [pid 5841] newfstatat(AT_FDCWD, "./29/file1", [pid 6004] <... write resumed>) = 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6004] munmap(0x7f9875600000, 138412032 [pid 5841] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", [pid 6004] <... munmap resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] close(4 [pid 5840] <... close resumed>) = 0 [pid 6004] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6004] ioctl(4, LOOP_SET_FD, 3 [pid 5841] rmdir("./29/file1") = 0 ./strace-static-x86_64: Process 6006 attached [pid 5841] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6006] set_robust_list(0x55558b799660, 24 [pid 5841] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6006 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6006] <... set_robust_list resumed>) = 0 [pid 5841] unlink("./29/binderfs" [pid 6006] chdir("./31") = 0 [pid 5841] <... unlink resumed>) = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6004] <... ioctl resumed>) = 0 [pid 6003] <... write resumed>) = 2097152 [pid 5841] getdents64(3, [pid 6006] <... prctl resumed>) = 0 [pid 6006] setpgid(0, 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6006] <... setpgid resumed>) = 0 [pid 6004] close(3 [ 124.737523][ T6004] loop0: detected capacity change from 0 to 4096 [pid 5841] close(3 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6005] <... write resumed>) = 2097152 [pid 6004] <... close resumed>) = 0 [pid 6003] munmap(0x7f9875600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 6006] <... openat resumed>) = 3 [pid 5841] rmdir("./29" [pid 6004] close(4 [pid 5841] <... rmdir resumed>) = 0 [pid 6005] munmap(0x7f9875600000, 138412032 [pid 6006] write(3, "1000", 4 [pid 6004] <... close resumed>) = 0 [pid 5841] mkdir("./30", 0777 [pid 6006] <... write resumed>) = 4 [pid 6004] mkdir("./file1", 0777 [pid 5841] <... mkdir resumed>) = 0 [pid 6004] <... mkdir resumed>) = 0 [pid 6006] close(3 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6004] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... openat resumed>) = 3 [pid 6005] <... munmap resumed>) = 0 [pid 6006] <... close resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6003] <... munmap resumed>) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... ioctl resumed>) = 0 executing program [pid 6006] <... symlink resumed>) = 0 [pid 5841] close(3 [pid 6005] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3 [pid 6006] write(1, "executing program\n", 18 [pid 6003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6006] <... write resumed>) = 18 [pid 6003] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6006] memfd_create("syzkaller", 0 [pid 6003] close(5 [pid 6006] <... memfd_create resumed>) = 3 [ 124.784415][ T6004] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 124.798085][ T6005] loop4: detected capacity change from 0 to 4096 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6005] <... ioctl resumed>) = 0 [pid 6003] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4 [pid 6006] <... mmap resumed>) = 0x7f9875600000 [pid 6005] <... close resumed>) = 0 [pid 6005] mkdir("./file1", 0777) = 0 [pid 6005] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6003] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 ./strace-static-x86_64: Process 6007 attached [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6007 [pid 6007] set_robust_list(0x55558b799660, 24 [pid 6004] <... mount resumed>) = 0 [pid 6003] truncate("./file1", 16784380 [pid 6007] <... set_robust_list resumed>) = 0 [pid 6007] chdir("./30" [pid 6003] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6007] <... chdir resumed>) = 0 [pid 6004] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6003] <... openat resumed>) = 6 [pid 6004] <... openat resumed>) = 3 [pid 6003] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6004] chdir("./file1" [pid 6003] <... mmap resumed>) = 0x200000001000 [pid 6004] <... chdir resumed>) = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6007] <... prctl resumed>) = 0 [pid 6007] setpgid(0, 0 [pid 6004] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6004] open("./file1", O_RDONLY|O_DIRECT [pid 6007] <... setpgid resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6004] <... open resumed>) = 4 [ 124.856226][ T6005] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6003] exit_group(0executing program [pid 6007] <... openat resumed>) = 3 [pid 6003] <... exit_group resumed>) = ? [pid 6004] preadv2(4, [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6003] +++ exited with 0 +++ [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6007] write(1, "executing program\n", 18 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6007] <... write resumed>) = 18 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6007] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6004] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6004] memfd_create("syzkaller", 0) = 5 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6004] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./29/file1") = 0 [pid 5842] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./29/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./29") = 0 [pid 5842] mkdir("./30", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6008 attached [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6008 [pid 6008] set_robust_list(0x55558b799660, 24 [pid 6005] <... mount resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6008] <... set_robust_list resumed>) = 0 [pid 6005] <... openat resumed>) = 3 [pid 6008] chdir("./30" [pid 6005] chdir("./file1" [pid 6008] <... chdir resumed>) = 0 [pid 6005] <... chdir resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6008] <... prctl resumed>) = 0 [pid 6005] open("./file1", O_RDONLY|O_DIRECT [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6008] memfd_create("syzkaller", 0) = 3 [pid 6006] <... write resumed>) = 2097152 [pid 6005] <... open resumed>) = 4 [pid 6004] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6006] munmap(0x7f9875600000, 138412032 [pid 6008] <... mmap resumed>) = 0x7f9875600000 [pid 6007] <... write resumed>) = 2097152 [pid 6005] preadv2(4, [pid 6006] <... munmap resumed>) = 0 [pid 6005] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6005] memfd_create("syzkaller", 0) = 5 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6006] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3 [pid 6007] munmap(0x7f9875600000, 138412032) = 0 [pid 6006] <... ioctl resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6006] close(3) = 0 [pid 6006] close(4 [pid 6007] ioctl(4, LOOP_SET_FD, 3 [pid 6006] <... close resumed>) = 0 [ 125.123686][ T6006] loop1: detected capacity change from 0 to 4096 [pid 6004] <... write resumed>) = 2097152 [pid 6007] <... ioctl resumed>) = 0 [pid 6006] mkdir("./file1", 0777 [pid 6008] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6006] <... mkdir resumed>) = 0 [pid 6004] munmap(0x7f9875600000, 138412032 [pid 6007] close(3 [pid 6006] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6005] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6004] <... munmap resumed>) = 0 [pid 6007] <... close resumed>) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./file1", 0777) = 0 [ 125.171961][ T6007] loop2: detected capacity change from 0 to 4096 [ 125.205707][ T6006] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6007] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.219998][ T6007] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6004] close(5 [pid 6005] <... write resumed>) = 2097152 [pid 6008] <... write resumed>) = 2097152 [pid 6004] <... close resumed>) = 0 [pid 6004] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6008] munmap(0x7f9875600000, 138412032 [pid 6006] <... mount resumed>) = 0 [pid 6004] <... open resumed>) = 5 [pid 6005] munmap(0x7f9875600000, 138412032 [pid 6004] truncate("./file1", 16784380 [pid 6008] <... munmap resumed>) = 0 [pid 6006] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6004] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6006] <... openat resumed>) = 3 [pid 6006] chdir("./file1") = 0 [pid 6004] <... openat resumed>) = 6 [pid 6006] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6004] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6004] exit_group(0) = ? [pid 6006] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6005] <... munmap resumed>) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6006] open("./file1", O_RDONLY|O_DIRECT [pid 6004] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5839] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 6008] <... openat resumed>) = 4 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6008] ioctl(4, LOOP_SET_FD, 3 [pid 6005] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6007] <... mount resumed>) = 0 [pid 6006] <... open resumed>) = 4 [pid 6005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6006] preadv2(4, [pid 6007] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6006] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6005] close(5 [pid 6007] <... openat resumed>) = 3 [pid 6006] memfd_create("syzkaller", 0 [pid 6007] chdir("./file1" [pid 6006] <... memfd_create resumed>) = 5 [pid 6007] <... chdir resumed>) = 0 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6007] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6006] <... mmap resumed>) = 0x7f9875600000 [pid 6007] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6008] <... ioctl resumed>) = 0 [ 125.346281][ T6008] loop3: detected capacity change from 0 to 4096 [pid 6007] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... umount2 resumed>) = 0 [pid 6008] close(3 [pid 6007] <... open resumed>) = 4 [pid 6005] <... close resumed>) = 0 [pid 6008] <... close resumed>) = 0 [pid 6008] close(4) = 0 [pid 6008] mkdir("./file1", 0777) = 0 [pid 5839] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6008] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./30/file1") = 0 [pid 5839] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./30/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6005] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] close(3 [pid 6007] preadv2(4, [pid 5839] <... close resumed>) = 0 [pid 6007] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6007] memfd_create("syzkaller", 0 [pid 6005] <... open resumed>) = 5 [pid 6005] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6005] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6005] exit_group(0) = ? [pid 6007] <... memfd_create resumed>) = 5 [pid 5839] rmdir("./30" [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... rmdir resumed>) = 0 [pid 6005] +++ exited with 0 +++ [pid 5839] mkdir("./31", 0777) = 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] <... restart_syscall resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 6006] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 125.422388][ T6008] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x55558b799660, 24) = 0 [pid 6009] chdir("./31") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6009 [pid 6009] <... prctl resumed>) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4 [pid 6006] <... write resumed>) = 2097152 [pid 6009] <... write resumed>) = 4 [pid 6006] munmap(0x7f9875600000, 138412032 [pid 6009] close(3) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6007] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] <... munmap resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6009] write(1, "executing program\n", 18 [pid 6006] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... openat resumed>) = 4 [pid 6009] <... write resumed>) = 18 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6008] <... mount resumed>) = 0 [pid 6006] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6008] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6006] close(5 [pid 6009] <... mmap resumed>) = 0x7f9875600000 [pid 6008] <... openat resumed>) = 3 [pid 6006] <... close resumed>) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./28/file1") = 0 [pid 5843] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./28/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 6008] chdir("./file1" [pid 6006] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./28") = 0 [pid 6008] <... chdir resumed>) = 0 [pid 6007] <... write resumed>) = 2097152 [pid 6006] <... open resumed>) = 5 [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6006] truncate("./file1", 16784380 [pid 6008] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6006] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] mkdir("./29", 0777 [pid 6008] open("./file1", O_RDONLY|O_DIRECT [pid 6007] munmap(0x7f9875600000, 138412032 [pid 6006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] <... mkdir resumed>) = 0 [pid 6006] <... openat resumed>) = 6 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6006] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... openat resumed>) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6006] <... mmap resumed>) = 0x200000001000 [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 6008] <... open resumed>) = 4 [pid 6006] exit_group(0) = ? [pid 6007] <... munmap resumed>) = 0 [pid 6006] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6007] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6007] close(5 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6008] preadv2(4, [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6008] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6008] memfd_create("syzkaller", 0 [pid 5843] <... close resumed>) = 0 [pid 6008] <... memfd_create resumed>) = 5 [pid 6009] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6010 attached , child_tidptr=0x55558b799650) = 6010 [pid 5840] <... umount2 resumed>) = 0 [pid 6010] set_robust_list(0x55558b799660, 24) = 0 [pid 6010] chdir("./29" [pid 5840] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6010] <... chdir resumed>) = 0 [pid 6007] <... close resumed>) = 0 [pid 6007] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./31/file1", [pid 6007] <... open resumed>) = 5 [pid 6007] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6007] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6007] exit_group(0) = ? [pid 6010] <... prctl resumed>) = 0 [pid 6007] +++ exited with 0 +++ [pid 5840] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 6010] setpgid(0, 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6010] <... setpgid resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 4 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(4, "", [pid 5841] <... openat resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(3, "", [pid 5840] getdents64(4, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(3, [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 6010] <... openat resumed>) = 3 [pid 5840] rmdir("./31/file1" [pid 6010] write(3, "1000", 4) = 4 [pid 6010] close(3) = 0 [pid 6009] <... write resumed>) = 2097152 [pid 6010] symlink("/dev/binderfs", "./binderfs" [pid 6008] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152executing program [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... rmdir resumed>) = 0 [pid 6010] <... symlink resumed>) = 0 [pid 6009] munmap(0x7f9875600000, 138412032 [pid 6010] write(1, "executing program\n", 18 [pid 5841] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6010] <... write resumed>) = 18 [pid 6010] memfd_create("syzkaller", 0 [pid 6009] <... munmap resumed>) = 0 [pid 6010] <... memfd_create resumed>) = 3 [pid 6008] <... write resumed>) = 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(AT_FDCWD, "./31/binderfs", [pid 6010] <... mmap resumed>) = 0x7f9875600000 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6008] munmap(0x7f9875600000, 138412032 [pid 5841] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6009] <... openat resumed>) = 4 [pid 5840] unlink("./31/binderfs" [pid 6009] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./31") = 0 [pid 6009] <... ioctl resumed>) = 0 [pid 5840] mkdir("./32", 0777 [pid 5841] newfstatat(AT_FDCWD, "./30/file1", [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6008] <... munmap resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] close(3 [pid 6009] close(3 [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6008] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6009] <... close resumed>) = 0 [pid 6008] close(5 [pid 5841] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6009] close(4 [pid 5841] getdents64(4, [pid 6009] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6009] mkdir("./file1", 0777 [pid 5841] close(4 [pid 6009] <... mkdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./30/file1") = 0 [pid 5841] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6009] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./30/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [ 125.791357][ T6009] loop0: detected capacity change from 0 to 4096 [pid 5841] close(3) = 0 [pid 5841] rmdir("./30") = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] mkdir("./31", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached [pid 6008] <... close resumed>) = 0 [pid 6011] set_robust_list(0x55558b799660, 24 [pid 6008] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6011 [pid 6008] <... open resumed>) = 5 [ 125.838992][ T6009] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6008] truncate("./file1", 16784380 [pid 6011] chdir("./32" [pid 6008] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6011] <... chdir resumed>) = 0 [pid 6008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] <... openat resumed>) = 6 [pid 6011] setpgid(0, 0) = 0 [pid 6008] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6008] exit_group(0 [pid 5841] <... close resumed>) = 0 [pid 6008] <... exit_group resumed>) = ? [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] +++ exited with 0 +++ [pid 6011] write(3, "1000", 4) = 4 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 6011] close(3 [pid 5842] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6011] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] symlink("/dev/binderfs", "./binderfs" [pid 5842] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] <... symlink resumed>) = 0 [pid 6009] <... mount resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6012 attached [pid 6009] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6012] set_robust_list(0x55558b799660, 24 [pid 6009] <... openat resumed>) = 3 [pid 6009] chdir("./file1") = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6012 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5842] newfstatat(3, "", [pid 6011] write(1, "executing program\n", 18 [pid 6012] chdir("./31" [pid 6009] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6011] <... write resumed>) = 18 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] open("./file1", O_RDONLY|O_DIRECT [pid 6012] <... chdir resumed>) = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6011] memfd_create("syzkaller", 0 [pid 5842] getdents64(3, [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6009] <... open resumed>) = 4 [pid 6012] <... openat resumed>) = 3 [pid 6009] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6012] write(3, "1000", 4 [pid 6009] memfd_create("syzkaller", 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6012] <... write resumed>) = 4 [pid 6009] <... memfd_create resumed>) = 5 [pid 5842] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] close(3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6012] <... close resumed>) = 0 [pid 6009] <... mmap resumed>) = 0x7f9875600000 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6012] write(1, "executing program\n", 18 [pid 6011] <... memfd_create resumed>) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6012] <... write resumed>) = 18 [pid 6011] <... mmap resumed>) = 0x7f9875600000 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6010] <... write resumed>) = 2097152 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6010] munmap(0x7f9875600000, 138412032) = 0 [pid 6009] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5842] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6010] <... ioctl resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./30/file1") = 0 [pid 5842] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./30/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./30" [pid 6010] close(3 [pid 5842] <... rmdir resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 5842] mkdir("./31", 0777 [pid 6010] close(4 [pid 5842] <... mkdir resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6010] mkdir("./file1", 0777 [pid 5842] <... openat resumed>) = 3 [pid 6010] <... mkdir resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [ 126.031572][ T6010] loop4: detected capacity change from 0 to 4096 [pid 5842] close(3 [pid 6010] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6009] <... write resumed>) = 2097152 [pid 6011] <... write resumed>) = 2097152 [ 126.075638][ T6010] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6009] munmap(0x7f9875600000, 138412032) = 0 [pid 6011] munmap(0x7f9875600000, 138412032 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6013 attached ) = -1 EBUSY (Device or resource busy) [pid 6009] close(5 [pid 6011] <... munmap resumed>) = 0 [pid 6013] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6013 [pid 6013] <... set_robust_list resumed>) = 0 [pid 6013] chdir("./31") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] <... openat resumed>) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3executing program [pid 6013] write(1, "executing program\n", 18) = 18 [pid 6013] memfd_create("syzkaller", 0 [pid 6012] <... write resumed>) = 2097152 [pid 6013] <... memfd_create resumed>) = 3 [pid 6012] munmap(0x7f9875600000, 138412032 [pid 6010] <... mount resumed>) = 0 [pid 6009] <... close resumed>) = 0 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6012] <... munmap resumed>) = 0 [pid 6011] <... ioctl resumed>) = 0 [pid 6013] <... mmap resumed>) = 0x7f9875600000 [pid 6011] close(3 [pid 6010] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6009] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6011] <... close resumed>) = 0 [pid 6010] <... openat resumed>) = 3 [pid 6011] close(4 [pid 6010] chdir("./file1") = 0 [pid 6011] <... close resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] open("./file1", O_RDONLY|O_DIRECT [ 126.162440][ T6011] loop1: detected capacity change from 0 to 4096 [pid 6012] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3 [pid 6011] mkdir("./file1", 0777) = 0 [pid 6010] <... open resumed>) = 4 [pid 6011] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6009] <... open resumed>) = 5 [pid 6009] truncate("./file1", 16784380 [pid 6010] preadv2(4, [pid 6009] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6009] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6010] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... openat resumed>) = 3 [pid 6010] memfd_create("syzkaller", 0 [pid 5839] newfstatat(3, "", [pid 6010] <... memfd_create resumed>) = 5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(3, [pid 6010] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6012] <... ioctl resumed>) = 0 [pid 6012] close(3 [pid 5839] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] <... close resumed>) = 0 [pid 6012] close(4) = 0 [ 126.207535][ T6012] loop2: detected capacity change from 0 to 4096 [ 126.218201][ T6011] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6012] mkdir("./file1", 0777) = 0 [pid 6012] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6013] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6010] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 126.272155][ T6012] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6012] <... mount resumed>) = 0 [pid 5839] close(4 [pid 6011] <... mount resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 6012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6011] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6012] <... openat resumed>) = 3 [pid 6011] <... openat resumed>) = 3 [pid 6012] chdir("./file1") = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] open("./file1", O_RDONLY|O_DIRECT [pid 5839] rmdir("./31/file1" [pid 6011] chdir("./file1") = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6012] <... open resumed>) = 4 [pid 6012] preadv2(4, [pid 6011] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6012] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] newfstatat(AT_FDCWD, "./31/binderfs", [pid 6012] memfd_create("syzkaller", 0 [pid 6011] open("./file1", O_RDONLY|O_DIRECT [pid 6013] <... write resumed>) = 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6013] munmap(0x7f9875600000, 138412032 [pid 5839] unlink("./31/binderfs" [pid 6012] <... memfd_create resumed>) = 5 [pid 5839] <... unlink resumed>) = 0 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6013] <... munmap resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./31") = 0 [pid 5839] mkdir("./32", 0777 [pid 6011] <... open resumed>) = 4 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6011] preadv2(4, [pid 6010] <... write resumed>) = 2097152 [pid 6010] munmap(0x7f9875600000, 138412032 [pid 6013] <... openat resumed>) = 4 [pid 6010] <... munmap resumed>) = 0 [pid 6013] ioctl(4, LOOP_SET_FD, 3 [pid 6011] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6011] memfd_create("syzkaller", 0 [pid 6010] close(5 [pid 6011] <... memfd_create resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6013] <... ioctl resumed>) = 0 [pid 6011] <... mmap resumed>) = 0x7f9875600000 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6013] close(3) = 0 ./strace-static-x86_64: Process 6014 attached [pid 6013] close(4) = 0 [pid 6014] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6014 [pid 6014] <... set_robust_list resumed>) = 0 [pid 6014] chdir("./32" [pid 6013] mkdir("./file1", 0777 [pid 6014] <... chdir resumed>) = 0 [pid 6013] <... mkdir resumed>) = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0 [pid 6013] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6014] <... setpgid resumed>) = 0 [pid 6012] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [ 126.443467][ T6013] loop3: detected capacity change from 0 to 4096 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6014] write(1, "executing program\n", 18) = 18 [pid 6014] memfd_create("syzkaller", 0 [pid 6010] <... close resumed>) = 0 [pid 6014] <... memfd_create resumed>) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6010] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6010] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6010] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6010] exit_group(0) = ? [pid 6012] <... write resumed>) = 2097152 [pid 6010] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [ 126.518875][ T6013] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5843] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", [pid 6012] munmap(0x7f9875600000, 138412032 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] <... munmap resumed>) = 0 [pid 6014] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6011] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6012] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] close(5 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6012] <... close resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 6012] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5843] newfstatat(4, "", [pid 6012] truncate("./file1", 16784380 [pid 6013] <... mount resumed>) = 0 [pid 6012] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6012] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6012] exit_group(0 [pid 6013] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6012] <... exit_group resumed>) = ? [pid 5843] getdents64(4, [pid 6013] <... openat resumed>) = 3 [pid 6012] +++ exited with 0 +++ [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] chdir("./file1" [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6014] <... write resumed>) = 2097152 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] <... chdir resumed>) = 0 [pid 5843] close(4) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] rmdir("./29/file1") = 0 [pid 6013] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./29/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./29" [pid 6013] <... open resumed>) = 4 [pid 6011] <... write resumed>) = 2097152 [pid 5843] <... rmdir resumed>) = 0 [pid 6011] munmap(0x7f9875600000, 138412032 [pid 6014] munmap(0x7f9875600000, 138412032 [pid 5843] mkdir("./30", 0777) = 0 [pid 6014] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6014] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... openat resumed>) = 3 [pid 6013] preadv2(4, [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 6014] <... ioctl resumed>) = 0 [pid 6014] close(3) = 0 [pid 6014] close(4) = 0 [ 126.677296][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 126.677315][ T30] audit: type=1800 audit(1750615407.945:317): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 126.715559][ T6014] loop0: detected capacity change from 0 to 4096 [pid 6014] mkdir("./file1", 0777) = 0 [pid 6011] <... munmap resumed>) = 0 [pid 5843] close(3 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./31/file1", [pid 6014] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6011] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6013] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6013] memfd_create("syzkaller", 0 [pid 6011] close(5 [pid 5841] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", [pid 6013] <... memfd_create resumed>) = 5 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [ 126.737948][ T6014] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] close(4) = 0 [pid 5841] rmdir("./31/file1") = 0 [pid 5841] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5843] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./31/binderfs" [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 ./strace-static-x86_64: Process 6015 attached [pid 5841] rmdir("./31") = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6015 [pid 5841] mkdir("./32", 0777 [pid 6015] set_robust_list(0x55558b799660, 24) = 0 [pid 6011] <... close resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6015] chdir("./30" [pid 5841] <... openat resumed>) = 3 [pid 6011] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6015] <... chdir resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6014] <... mount resumed>) = 0 [pid 5841] close(3 [pid 6015] <... prctl resumed>) = 0 [pid 6014] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] setpgid(0, 0 [pid 6014] chdir("./file1" [pid 6013] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6015] <... setpgid resumed>) = 0 [pid 6014] <... chdir resumed>) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6011] <... open resumed>) = 5 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6014] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6011] truncate("./file1", 16784380 [pid 6014] open("./file1", O_RDONLY|O_DIRECT [pid 6011] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6014] <... open resumed>) = 4 [pid 6011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6011] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6014] preadv2(4, [pid 6011] <... mmap resumed>) = 0x200000001000 [pid 6011] exit_group(0) = ? [pid 6015] <... openat resumed>) = 3 [pid 6011] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5840] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6014] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] write(3, "1000", 4 [pid 6014] memfd_create("syzkaller", 0 [pid 5840] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6014] <... memfd_create resumed>) = 5 [pid 5840] <... openat resumed>) = 3 [pid 6015] <... write resumed>) = 4 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(3, "", [pid 6014] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 126.857168][ T30] audit: type=1804 audit(1750615408.125:318): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/32/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5840] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] close(3) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs" [pid 5840] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] <... symlink resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6015] write(1, "executing program\n", 18 [pid 5840] newfstatat(AT_FDCWD, "./32/file1", [pid 6015] <... write resumed>) = 18 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6015] memfd_create("syzkaller", 0 [pid 5840] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6016 attached [pid 6015] <... memfd_create resumed>) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 6016] set_robust_list(0x55558b799660, 24 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6016] <... set_robust_list resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6016 [pid 6016] chdir("./32" [pid 5840] getdents64(4, [pid 6016] <... chdir resumed>) = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6016] <... prctl resumed>) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6016] setpgid(0, 0 [pid 5840] close(4 [pid 6016] <... setpgid resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6013] <... write resumed>) = 2097152 [pid 5840] rmdir("./32/file1" [pid 6016] <... openat resumed>) = 3 [pid 6013] munmap(0x7f9875600000, 138412032 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./32/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./32") = 0 [pid 6016] write(3, "1000", 4 [pid 6013] <... munmap resumed>) = 0 [pid 5840] mkdir("./33", 0777 [pid 6016] <... write resumed>) = 4 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6016] close(3 [pid 5840] <... openat resumed>) = 3 [ 126.978859][ T30] audit: type=1800 audit(1750615408.155:319): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 6016] <... close resumed>) = 0 [pid 5840] close(3 [pid 6016] symlink("/dev/binderfs", "./binderfs"executing program [pid 6014] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6016] <... symlink resumed>) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6016] write(1, "executing program\n", 18) = 18 [pid 6013] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] memfd_create("syzkaller", 0 [pid 6013] close(5 [pid 6016] <... memfd_create resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6017 [pid 6017] <... set_robust_list resumed>) = 0 [pid 6015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6017] chdir("./33") = 0 [pid 6014] <... write resumed>) = 2097152 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3 [pid 6014] munmap(0x7f9875600000, 138412032executing program [pid 6017] <... close resumed>) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] write(1, "executing program\n", 18) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6013] <... close resumed>) = 0 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6014] <... munmap resumed>) = 0 [pid 6013] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6016] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6015] <... write resumed>) = 2097152 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6013] <... open resumed>) = 5 [pid 6014] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6014] close(5 [pid 6013] truncate("./file1", 16784380 [pid 6015] munmap(0x7f9875600000, 138412032 [pid 6013] <... truncate resumed>) = -1 EFBIG (File too large) [ 127.175665][ T30] audit: type=1804 audit(1750615408.435:320): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/31/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 6014] <... close resumed>) = 0 [pid 6013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6015] <... munmap resumed>) = 0 [pid 6014] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6017] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6016] <... write resumed>) = 2097152 [pid 6015] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6013] <... openat resumed>) = 6 [pid 6016] munmap(0x7f9875600000, 138412032 [pid 6015] <... openat resumed>) = 4 [pid 6014] <... open resumed>) = 5 [pid 6013] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6016] <... munmap resumed>) = 0 [pid 6015] ioctl(4, LOOP_SET_FD, 3 [pid 6014] truncate("./file1", 16784380 [pid 6013] <... mmap resumed>) = 0x200000001000 [pid 6014] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6013] exit_group(0 [pid 6014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6013] <... exit_group resumed>) = ? [pid 6017] <... write resumed>) = 2097152 [pid 6014] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6013] +++ exited with 0 +++ [pid 6017] munmap(0x7f9875600000, 138412032 [pid 6016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6015] <... ioctl resumed>) = 0 [pid 6014] <... mmap resumed>) = 0x200000001000 [pid 6014] exit_group(0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 6014] <... exit_group resumed>) = ? [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6016] <... openat resumed>) = 4 [ 127.245177][ T30] audit: type=1804 audit(1750615408.515:321): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/32/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 127.280822][ T6015] loop4: detected capacity change from 0 to 4096 [pid 6015] close(3) = 0 [pid 6016] ioctl(4, LOOP_SET_FD, 3 [pid 6015] close(4 [pid 6017] <... munmap resumed>) = 0 [pid 6014] +++ exited with 0 +++ [pid 5842] <... restart_syscall resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6017] <... openat resumed>) = 4 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6017] ioctl(4, LOOP_SET_FD, 3 [pid 5842] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] <... close resumed>) = 0 [pid 6015] mkdir("./file1", 0777) = 0 [pid 6015] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... restart_syscall resumed>) = 0 [pid 6016] <... ioctl resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 5842] <... openat resumed>) = 3 [pid 6016] mkdir("./file1", 0777 [pid 5842] newfstatat(3, "", [pid 6017] <... ioctl resumed>) = 0 [pid 6016] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6017] close(3 [pid 5842] getdents64(3, [pid 5839] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6017] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6017] close(4 [ 127.308981][ T6016] loop2: detected capacity change from 0 to 4096 [ 127.317958][ T6017] loop1: detected capacity change from 0 to 4096 [ 127.321715][ T6015] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5842] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6017] <... close resumed>) = 0 [pid 6016] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... openat resumed>) = 3 [pid 6017] mkdir("./file1", 0777 [pid 5839] newfstatat(3, "", [pid 6017] <... mkdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 6017] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... umount2 resumed>) = 0 [pid 5839] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./31/file1") = 0 [pid 5842] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 127.355689][ T6016] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 127.371159][ T6017] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5842] unlink("./31/binderfs") = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./31") = 0 [pid 5839] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] mkdir("./32", 0777 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5842] close(3 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./32/file1") = 0 [pid 5839] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6017] <... mount resumed>) = 0 [pid 6016] <... mount resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./32/binderfs" [pid 6016] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, [pid 6016] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 6017] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] rmdir("./32" [pid 6017] <... openat resumed>) = 3 [pid 6016] chdir("./file1" [pid 6017] chdir("./file1" [pid 6016] <... chdir resumed>) = 0 [pid 6017] <... chdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6017] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] mkdir("./33", 0777 [pid 6016] open("./file1", O_RDONLY|O_DIRECT [pid 6017] open("./file1", O_RDONLY|O_DIRECT [pid 6016] <... open resumed>) = 4 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6016] preadv2(4, [pid 6017] <... open resumed>) = 4 [pid 6016] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6017] preadv2(4, [pid 6016] memfd_create("syzkaller", 0 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6017] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6016] <... memfd_create resumed>) = 5 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6017] memfd_create("syzkaller", 0 [pid 6016] <... mmap resumed>) = 0x7f9875600000 [pid 6015] <... mount resumed>) = 0 [pid 6017] <... memfd_create resumed>) = 5 [ 127.480423][ T30] audit: type=1800 audit(1750615408.755:322): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6015] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6018 [pid 5839] <... close resumed>) = 0 [pid 6017] <... mmap resumed>) = 0x7f9875600000 ./strace-static-x86_64: Process 6018 attached [pid 6015] <... openat resumed>) = 3 [pid 6015] chdir("./file1") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6015] open("./file1", O_RDONLY|O_DIRECT [pid 6018] set_robust_list(0x55558b799660, 24 [pid 6015] <... open resumed>) = 4 [pid 6015] preadv2(4, [pid 6018] <... set_robust_list resumed>) = 0 [pid 6015] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6015] memfd_create("syzkaller", 0) = 5 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6018] chdir("./32" [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6018] <... chdir resumed>) = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [ 127.572570][ T30] audit: type=1800 audit(1750615408.795:323): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6019 [pid 6018] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6019 attached [pid 6019] set_robust_list(0x55558b799660, 24) = 0 [pid 6019] chdir("./33") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6018] write(3, "1000", 4 [pid 6019] write(1, "executing program\n", 18) = 18 [pid 6016] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] <... write resumed>) = 4 [pid 6019] memfd_create("syzkaller", 0 [pid 6018] close(3 [pid 6019] <... memfd_create resumed>) = 3 [pid 6018] <... close resumed>) = 0 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] write(1, "executing program\n", 18executing program [pid 6015] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] <... write resumed>) = 18 [pid 6018] memfd_create("syzkaller", 0) = 3 [ 127.678013][ T30] audit: type=1800 audit(1750615408.825:324): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6019] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6017] <... write resumed>) = 2097152 [pid 6018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6017] munmap(0x7f9875600000, 138412032 [pid 6016] <... write resumed>) = 2097152 [pid 6017] <... munmap resumed>) = 0 [pid 6016] munmap(0x7f9875600000, 138412032 [pid 6015] <... write resumed>) = 2097152 [pid 6017] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6016] <... munmap resumed>) = 0 [pid 6017] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] close(5 [pid 6016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] close(5 [pid 6015] munmap(0x7f9875600000, 138412032) = 0 [pid 6019] <... write resumed>) = 2097152 [pid 6017] <... close resumed>) = 0 [pid 6016] <... close resumed>) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6018] <... write resumed>) = 2097152 [pid 6018] munmap(0x7f9875600000, 138412032 [pid 6019] munmap(0x7f9875600000, 138412032 [pid 6018] <... munmap resumed>) = 0 [pid 6017] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6016] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6015] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] <... open resumed>) = 5 [pid 6017] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6017] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6017] exit_group(0 [pid 6015] close(5 [pid 6017] <... exit_group resumed>) = ? [pid 6019] <... munmap resumed>) = 0 [pid 6018] <... openat resumed>) = 4 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6016] <... open resumed>) = 5 [pid 6016] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6016] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6016] exit_group(0) = ? [ 127.847561][ T30] audit: type=1804 audit(1750615409.115:325): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/33/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 6019] <... openat resumed>) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3 [pid 6017] +++ exited with 0 +++ [pid 6016] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... ioctl resumed>) = 0 [pid 6015] <... close resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6015] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6015] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6015] exit_group(0) = ? [pid 6019] <... ioctl resumed>) = 0 [pid 5840] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] close(4) = 0 [pid 5840] <... openat resumed>) = 3 [pid 6015] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6019] mkdir("./file1", 0777 [pid 5840] newfstatat(3, "", [pid 5843] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6019] <... mkdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 6019] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 127.891375][ T6018] loop3: detected capacity change from 0 to 4096 [ 127.898495][ T30] audit: type=1804 audit(1750615409.145:326): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/32/file1/file1" dev="loop2" ino=30 res=1 errno=0 [ 127.921916][ T6019] loop0: detected capacity change from 0 to 4096 [pid 5843] newfstatat(3, "", [pid 5840] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6018] close(3 [pid 5843] getdents64(3, [pid 6018] <... close resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6018] close(4 [pid 5843] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6018] <... close resumed>) = 0 [pid 6018] mkdir("./file1", 0777) = 0 [pid 6018] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 4 [pid 5840] <... umount2 resumed>) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5840] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] newfstatat(AT_FDCWD, "./30/file1", [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(4, [pid 5840] newfstatat(AT_FDCWD, "./33/file1", [pid 5843] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] close(4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 127.952886][ T6019] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 127.962121][ T6018] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5843] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] rmdir("./32/file1" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... openat resumed>) = 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] newfstatat(4, "", [pid 5840] <... openat resumed>) = 4 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] newfstatat(4, "", [pid 5843] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] close(4 [pid 5840] getdents64(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] <... mount resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6019] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] rmdir("./30/file1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] close(4 [pid 6019] <... openat resumed>) = 3 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] unlink("./32/binderfs" [pid 5840] <... close resumed>) = 0 [pid 6019] chdir("./file1" [pid 5843] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... unlink resumed>) = 0 [pid 5840] rmdir("./33/file1" [pid 6019] <... chdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] newfstatat(AT_FDCWD, "./30/binderfs", [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6019] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(3 [pid 5840] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] open("./file1", O_RDONLY|O_DIRECT [pid 5843] unlink("./30/binderfs" [pid 5841] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5843] <... unlink resumed>) = 0 [pid 5841] rmdir("./32" [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] getdents64(3, [pid 5840] unlink("./33/binderfs" [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6019] <... open resumed>) = 4 [pid 5843] close(3 [pid 5841] mkdir("./33", 0777 [pid 5840] <... unlink resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6019] preadv2(4, [pid 5843] rmdir("./30" [pid 5841] <... mkdir resumed>) = 0 [pid 5840] getdents64(3, [pid 6019] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6019] memfd_create("syzkaller", 0) = 5 [pid 5843] <... rmdir resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] close(3 [pid 6019] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... close resumed>) = 0 [pid 5843] mkdir("./31", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] rmdir("./33" [pid 5841] <... openat resumed>) = 3 [pid 5840] <... rmdir resumed>) = 0 [pid 6018] <... mount resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] mkdir("./34", 0777 [pid 5843] <... mkdir resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 6018] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] close(3 [pid 5840] <... mkdir resumed>) = 0 [pid 6018] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 3 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6018] chdir("./file1") = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5840] <... openat resumed>) = 3 [pid 6018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] <... ioctl resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6018] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... ioctl resumed>) = 0 [pid 6018] open("./file1", O_RDONLY|O_DIRECT [pid 5843] close(3 [pid 5840] close(3 [pid 6018] <... open resumed>) = 4 [pid 6018] preadv2(4, [pid 5841] <... close resumed>) = 0 [pid 6018] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... close resumed>) = 0 [pid 6018] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6020 attached ) = 5 [pid 5843] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6021 attached [pid 6020] set_robust_list(0x55558b799660, 24 [pid 6019] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] <... mmap resumed>) = 0x7f9875600000 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6020 [pid 6021] set_robust_list(0x55558b799660, 24 [pid 6020] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6022 attached [pid 6021] <... set_robust_list resumed>) = 0 [pid 6020] chdir("./33" [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6021 [pid 6020] <... chdir resumed>) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6022 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] set_robust_list(0x55558b799660, 24 [pid 6021] chdir("./34" [pid 6020] setpgid(0, 0 [pid 6022] <... set_robust_list resumed>) = 0 [pid 6021] <... chdir resumed>) = 0 [pid 6020] <... setpgid resumed>) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6022] chdir("./31" [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] <... chdir resumed>) = 0 [pid 6021] setpgid(0, 0 [pid 6020] <... openat resumed>) = 3 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6021] <... setpgid resumed>) = 0 [pid 6020] write(3, "1000", 4 [pid 6022] <... prctl resumed>) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6020] <... write resumed>) = 4 [pid 6022] setpgid(0, 0) = 0 [pid 6021] <... openat resumed>) = 3 [pid 6020] close(3 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6021] write(3, "1000", 4 [pid 6020] <... close resumed>) = 0 [pid 6022] <... openat resumed>) = 3 [pid 6021] <... write resumed>) = 4 [pid 6020] symlink("/dev/binderfs", "./binderfs" [pid 6022] write(3, "1000", 4 [pid 6021] close(3 [pid 6022] <... write resumed>) = 4 [pid 6021] <... close resumed>) = 0 [pid 6020] <... symlink resumed>) = 0 [pid 6022] close(3 [pid 6021] symlink("/dev/binderfs", "./binderfs" [pid 6020] write(1, "executing program\n", 18 [pid 6022] <... close resumed>) = 0 executing program [pid 6021] <... symlink resumed>) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs" [pid 6020] <... write resumed>) = 18 [pid 6021] write(1, "executing program\n", 18 [pid 6018] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6022] <... symlink resumed>) = 0 executing program executing program [pid 6022] write(1, "executing program\n", 18 [pid 6021] <... write resumed>) = 18 [pid 6020] memfd_create("syzkaller", 0 [pid 6022] <... write resumed>) = 18 [pid 6021] memfd_create("syzkaller", 0 [pid 6020] <... memfd_create resumed>) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] memfd_create("syzkaller", 0 [pid 6021] <... memfd_create resumed>) = 3 [pid 6020] <... mmap resumed>) = 0x7f9875600000 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] <... memfd_create resumed>) = 3 [pid 6021] <... mmap resumed>) = 0x7f9875600000 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6019] <... write resumed>) = 2097152 [pid 6019] munmap(0x7f9875600000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6018] <... write resumed>) = 2097152 [pid 6019] close(5 [pid 6018] munmap(0x7f9875600000, 138412032) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6020] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6018] close(5 [pid 6021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6019] <... close resumed>) = 0 [pid 6019] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6019] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6019] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6019] exit_group(0) = ? [pid 6018] <... close resumed>) = 0 [pid 6019] +++ exited with 0 +++ [pid 6018] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 6018] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6018] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] <... write resumed>) = 2097152 [pid 6018] exit_group(0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] <... exit_group resumed>) = ? [pid 5839] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", [pid 6018] +++ exited with 0 +++ [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6022] munmap(0x7f9875600000, 138412032 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=8 /* 0.08 s */} --- [pid 6021] <... write resumed>) = 2097152 [pid 6020] <... write resumed>) = 2097152 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] getdents64(3, [pid 6021] munmap(0x7f9875600000, 138412032 [pid 6020] munmap(0x7f9875600000, 138412032 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6022] <... munmap resumed>) = 0 [pid 5839] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5842] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] ioctl(4, LOOP_SET_FD, 3 [pid 6021] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] <... munmap resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... openat resumed>) = 3 [pid 6020] <... openat resumed>) = 4 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 5842] getdents64(3, [pid 6022] <... ioctl resumed>) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6022] close(3 [pid 6021] <... openat resumed>) = 4 [pid 6022] <... close resumed>) = 0 [pid 6021] ioctl(4, LOOP_SET_FD, 3 [pid 6022] close(4 [pid 6020] <... ioctl resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6020] close(3 [pid 5842] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6020] <... close resumed>) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./file1", 0777 [pid 6022] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 6020] <... mkdir resumed>) = 0 [pid 6022] mkdir("./file1", 0777 [pid 6021] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5839] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 128.436713][ T6022] loop4: detected capacity change from 0 to 4096 [ 128.441654][ T6020] loop2: detected capacity change from 0 to 4096 [ 128.447984][ T6021] loop1: detected capacity change from 0 to 4096 [pid 6020] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6022] <... mkdir resumed>) = 0 [pid 6021] close(3 [pid 5842] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./33/file1", [pid 6021] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6022] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6021] close(4 [pid 5842] newfstatat(AT_FDCWD, "./32/file1", [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6021] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./33/file1") = 0 [pid 5839] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./33/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./33") = 0 [pid 5839] mkdir("./34", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 6021] mkdir("./file1", 0777 [pid 5842] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 6021] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6021] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 128.481293][ T6020] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 128.495252][ T6022] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./32/file1") = 0 [pid 5842] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./32/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./32") = 0 [pid 5842] mkdir("./33", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... close resumed>) = 0 [ 128.521968][ T6021] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5842] close(3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6023 [pid 6023] <... set_robust_list resumed>) = 0 [pid 6023] chdir("./34") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6020] <... mount resumed>) = 0 [pid 6023] <... openat resumed>) = 3 [pid 6023] write(3, "1000", 4 [pid 6020] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./file1" [pid 6023] <... write resumed>) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6020] <... chdir resumed>) = 0 executing program [pid 6023] write(1, "executing program\n", 18 [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6023] <... write resumed>) = 18 [pid 6020] open("./file1", O_RDONLY|O_DIRECT [pid 6023] memfd_create("syzkaller", 0 [pid 6020] <... open resumed>) = 4 [pid 6020] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6020] memfd_create("syzkaller", 0) = 5 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6022] <... mount resumed>) = 0 [pid 6023] <... memfd_create resumed>) = 3 [pid 6022] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... close resumed>) = 0 [pid 6023] <... mmap resumed>) = 0x7f9875600000 [pid 6022] chdir("./file1") = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6021] <... mount resumed>) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6021] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6022] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6021] <... openat resumed>) = 3 [pid 6021] chdir("./file1" [pid 6022] open("./file1", O_RDONLY|O_DIRECT [pid 6021] <... chdir resumed>) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] open("./file1", O_RDONLY|O_DIRECT./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6024 [pid 6024] <... set_robust_list resumed>) = 0 [pid 6024] chdir("./33" [pid 6022] <... open resumed>) = 4 [pid 6024] <... chdir resumed>) = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6021] <... open resumed>) = 4 executing program [pid 6021] preadv2(4, [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6022] preadv2(4, [pid 6021] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6022] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6021] memfd_create("syzkaller", 0 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] memfd_create("syzkaller", 0 [pid 6021] <... memfd_create resumed>) = 5 [pid 6024] <... mmap resumed>) = 0x7f9875600000 [pid 6022] <... memfd_create resumed>) = 5 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6020] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6023] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6024] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6022] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6023] <... write resumed>) = 2097152 [pid 6020] <... write resumed>) = 2097152 [pid 6023] munmap(0x7f9875600000, 138412032 [pid 6020] munmap(0x7f9875600000, 138412032 [pid 6022] <... write resumed>) = 2097152 [pid 6024] <... write resumed>) = 2097152 [pid 6023] <... munmap resumed>) = 0 [pid 6020] <... munmap resumed>) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6020] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6024] munmap(0x7f9875600000, 138412032 [pid 6023] <... openat resumed>) = 4 [pid 6022] munmap(0x7f9875600000, 138412032 [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 6021] <... write resumed>) = 2097152 [pid 6020] close(5 [pid 6024] <... munmap resumed>) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6022] <... munmap resumed>) = 0 [pid 6024] ioctl(4, LOOP_SET_FD, 3 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] close(5 [pid 6021] munmap(0x7f9875600000, 138412032 [pid 6023] <... ioctl resumed>) = 0 [pid 6021] <... munmap resumed>) = 0 [pid 6023] close(3) = 0 [pid 6023] close(4) = 0 [pid 6023] mkdir("./file1", 0777 [pid 6024] <... ioctl resumed>) = 0 [pid 6024] close(3 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6023] <... mkdir resumed>) = 0 [pid 6024] <... close resumed>) = 0 [pid 6023] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6021] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6024] close(4 [ 128.930018][ T6023] loop0: detected capacity change from 0 to 4096 [ 128.942038][ T6024] loop3: detected capacity change from 0 to 4096 [pid 6021] close(5 [pid 6024] <... close resumed>) = 0 [pid 6024] mkdir("./file1", 0777) = 0 [pid 6024] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6020] <... close resumed>) = 0 [pid 6020] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6022] <... close resumed>) = 0 [pid 6021] <... close resumed>) = 0 [pid 6020] truncate("./file1", 16784380 [pid 6022] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6020] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6020] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6020] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6022] <... open resumed>) = 5 [pid 6020] <... mmap resumed>) = 0x200000001000 [pid 6022] truncate("./file1", 16784380 [pid 6020] exit_group(0) = ? [pid 6021] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6023] <... mount resumed>) = 0 [pid 6022] <... truncate resumed>) = -1 EFBIG (File too large) [ 128.979597][ T6023] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 129.001003][ T6024] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6020] +++ exited with 0 +++ [pid 6022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=13 /* 0.13 s */} --- [pid 6023] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6022] <... openat resumed>) = 6 [pid 6023] <... openat resumed>) = 3 [pid 6022] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6023] chdir("./file1" [pid 6022] <... mmap resumed>) = 0x200000001000 [pid 5841] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] <... chdir resumed>) = 0 [pid 6022] exit_group(0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6022] <... exit_group resumed>) = ? [pid 5841] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6024] <... mount resumed>) = 0 [pid 6023] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... openat resumed>) = 3 [pid 6024] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6023] open("./file1", O_RDONLY|O_DIRECT [pid 5841] newfstatat(3, "", [pid 6024] <... openat resumed>) = 3 [pid 6021] <... open resumed>) = 5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6024] chdir("./file1" [pid 6021] truncate("./file1", 16784380 [pid 5841] getdents64(3, [pid 6024] <... chdir resumed>) = 0 [pid 6023] <... open resumed>) = 4 [pid 6021] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6024] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6023] preadv2(4, [pid 6022] +++ exited with 0 +++ [pid 6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6021] <... openat resumed>) = 6 [pid 6024] open("./file1", O_RDONLY|O_DIRECT [pid 6021] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- [pid 6021] <... mmap resumed>) = 0x200000001000 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6024] <... open resumed>) = 4 [pid 6023] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... restart_syscall resumed>) = 0 [pid 6023] memfd_create("syzkaller", 0 [pid 6024] preadv2(4, [pid 6021] exit_group(0 [pid 6023] <... memfd_create resumed>) = 5 [pid 5841] <... umount2 resumed>) = 0 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] <... mmap resumed>) = 0x7f9875600000 [pid 6021] <... exit_group resumed>) = ? [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] +++ exited with 0 +++ [pid 5841] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./33/file1", [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./33/file1" [pid 5843] <... openat resumed>) = 3 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5843] newfstatat(3, "", [pid 5841] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6024] memfd_create("syzkaller", 0 [pid 5843] getdents64(3, [pid 5841] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... memfd_create resumed>) = 5 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 3 [pid 6024] <... mmap resumed>) = 0x7f9875600000 [pid 5841] unlink("./33/binderfs" [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5841] <... unlink resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./33") = 0 [pid 5841] mkdir("./34", 0777) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... openat resumed>) = 3 [pid 5843] newfstatat(AT_FDCWD, "./31/file1", [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5843] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] close(3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./31/file1") = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5843] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./31/binderfs") = 0 [pid 5843] getdents64(3, [pid 5840] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] close(3 [pid 5840] newfstatat(AT_FDCWD, "./34/file1", [pid 5843] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] rmdir("./31" [pid 5840] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 6023] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] mkdir("./32", 0777 [pid 5840] <... close resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5840] rmdir("./34/file1") = 0 [pid 6024] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... openat resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5840] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./34/binderfs" [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6025 [pid 5840] close(3) = 0 [pid 5840] rmdir("./34" [pid 6025] set_robust_list(0x55558b799660, 24 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./35", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6025] chdir("./34") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4 [pid 5843] <... close resumed>) = 0 [pid 6025] <... write resumed>) = 4 [pid 6024] <... write resumed>) = 2097152 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6026 attached [pid 6025] close(3 [pid 6024] munmap(0x7f9875600000, 138412032 [pid 6026] set_robust_list(0x55558b799660, 24 [pid 6025] <... close resumed>) = 0 [pid 6024] <... munmap resumed>) = 0 [pid 6023] <... write resumed>) = 2097152 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6026 [pid 6026] <... set_robust_list resumed>) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs" [pid 6023] munmap(0x7f9875600000, 138412032 [pid 6026] chdir("./32" [pid 6025] <... symlink resumed>) = 0 executing program [pid 6026] <... chdir resumed>) = 0 [pid 6025] write(1, "executing program\n", 18 [pid 6023] <... munmap resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 6025] <... write resumed>) = 18 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6025] memfd_create("syzkaller", 0 [pid 6026] <... openat resumed>) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6026] write(1, "executing program\n", 18) = 18 [pid 6024] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6025] <... memfd_create resumed>) = 3 [pid 6024] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6026] memfd_create("syzkaller", 0) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6024] close(5 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6023] close(5 [pid 6027] set_robust_list(0x55558b799660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6027 [pid 6027] chdir("./35") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18) = 18 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6024] <... close resumed>) = 0 [pid 6024] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6024] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6024] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6024] exit_group(0) = ? [pid 6024] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5842] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6026] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6023] <... close resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6023] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5842] <... umount2 resumed>) = 0 [pid 6027] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6023] truncate("./file1", 16784380 [pid 5842] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6023] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6023] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] newfstatat(4, "", [pid 6023] <... openat resumed>) = 6 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6023] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] getdents64(4, [pid 6023] <... mmap resumed>) = 0x200000001000 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 6023] exit_group(0) = ? [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 6023] +++ exited with 0 +++ [pid 5842] rmdir("./33/file1") = 0 [pid 5842] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5839] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5842] unlink("./33/binderfs" [pid 5839] newfstatat(3, "", [pid 5842] <... unlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 6025] <... write resumed>) = 2097152 [pid 5842] rmdir("./33") = 0 [pid 5842] mkdir("./34", 0777 [pid 6025] munmap(0x7f9875600000, 138412032 [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6028 ./strace-static-x86_64: Process 6028 attached [pid 5839] <... umount2 resumed>) = 0 [pid 6028] set_robust_list(0x55558b799660, 24) = 0 [pid 6026] <... write resumed>) = 2097152 [pid 6025] <... munmap resumed>) = 0 [pid 5839] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] chdir("./34" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] <... chdir resumed>) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] newfstatat(AT_FDCWD, "./34/file1", [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] setpgid(0, 0 [pid 5839] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] <... setpgid resumed>) = 0 [pid 6025] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6026] munmap(0x7f9875600000, 138412032 [pid 5839] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6026] <... munmap resumed>) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6028] <... openat resumed>) = 3 [pid 6027] <... write resumed>) = 2097152 [pid 5839] <... openat resumed>) = 4 [pid 6028] write(3, "1000", 4 [pid 6025] <... ioctl resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 6028] <... write resumed>) = 4 [pid 6025] close(3 [pid 6028] close(3 [pid 6025] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6028] <... close resumed>) = 0 [pid 6025] close(4 [pid 6028] symlink("/dev/binderfs", "./binderfs" [pid 6027] munmap(0x7f9875600000, 138412032 [pid 6026] <... openat resumed>) = 4 [pid 6025] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 6028] <... symlink resumed>) = 0 [pid 6027] <... munmap resumed>) = 0 [pid 6026] ioctl(4, LOOP_SET_FD, 3 [pid 6025] mkdir("./file1", 0777 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6028] write(1, "executing program\n", 18executing program ) = 18 [pid 6025] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, [pid 6028] memfd_create("syzkaller", 0 [pid 6025] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6028] <... memfd_create resumed>) = 3 [pid 6027] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 129.583304][ T6025] loop2: detected capacity change from 0 to 4096 [ 129.607310][ T6026] loop4: detected capacity change from 0 to 4096 [ 129.620596][ T6025] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6027] ioctl(4, LOOP_SET_FD, 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6026] <... ioctl resumed>) = 0 [pid 5839] close(4 [pid 6028] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... close resumed>) = 0 [pid 6026] close(3) = 0 [pid 6026] close(4) = 0 [pid 6026] mkdir("./file1", 0777) = 0 [pid 6026] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] rmdir("./34/file1") = 0 [ 129.621431][ T6027] loop1: detected capacity change from 0 to 4096 [pid 5839] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./34/binderfs", [pid 6027] <... ioctl resumed>) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6027] mkdir("./file1", 0777 [pid 5839] unlink("./34/binderfs") = 0 [pid 6027] <... mkdir resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6027] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] close(3) = 0 [pid 5839] rmdir("./34") = 0 [pid 5839] mkdir("./35", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [ 129.659606][ T6026] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 129.683672][ T6027] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5839] close(3 [pid 6025] <... mount resumed>) = 0 [pid 6028] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6025] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./file1") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 6025] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6025] preadv2(4, [pid 6026] <... mount resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6025] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 ./strace-static-x86_64: Process 6029 attached [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6029 [pid 6027] <... mount resumed>) = 0 [pid 6025] memfd_create("syzkaller", 0 [pid 6026] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./file1" [pid 6025] <... memfd_create resumed>) = 5 [pid 6027] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6026] <... chdir resumed>) = 0 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6027] <... openat resumed>) = 3 [pid 6026] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6027] chdir("./file1") = 0 [pid 6026] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6025] <... mmap resumed>) = 0x7f9875600000 [pid 6029] set_robust_list(0x55558b799660, 24 [pid 6027] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6026] open("./file1", O_RDONLY|O_DIRECT [pid 6029] <... set_robust_list resumed>) = 0 [pid 6027] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6029] chdir("./35" [pid 6027] open("./file1", O_RDONLY|O_DIRECT [pid 6029] <... chdir resumed>) = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6026] <... open resumed>) = 4 [pid 6029] <... prctl resumed>) = 0 [pid 6029] setpgid(0, 0 [pid 6026] preadv2(4, [pid 6029] <... setpgid resumed>) = 0 [pid 6026] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6026] memfd_create("syzkaller", 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6026] <... memfd_create resumed>) = 5 [pid 6027] <... open resumed>) = 4 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6027] preadv2(4, [pid 6026] <... mmap resumed>) = 0x7f9875600000 [pid 6029] <... openat resumed>) = 3 [pid 6027] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6027] memfd_create("syzkaller", 0) = 5 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] write(1, "executing program\n", 18executing program ) = 18 [pid 6029] memfd_create("syzkaller", 0 [pid 6028] <... write resumed>) = 2097152 [pid 6029] <... memfd_create resumed>) = 3 [pid 6028] munmap(0x7f9875600000, 138412032 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6028] <... munmap resumed>) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3 [pid 6026] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 129.912201][ T6028] loop3: detected capacity change from 0 to 4096 [pid 6027] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6028] <... ioctl resumed>) = 0 [pid 6025] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6028] close(3) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./file1", 0777) = 0 [pid 6028] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6029] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6025] <... write resumed>) = 2097152 [ 129.977333][ T6028] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6025] munmap(0x7f9875600000, 138412032 [pid 6026] <... write resumed>) = 2097152 [pid 6027] <... write resumed>) = 2097152 [pid 6025] <... munmap resumed>) = 0 [pid 6026] munmap(0x7f9875600000, 138412032 [pid 6027] munmap(0x7f9875600000, 138412032) = 0 [pid 6026] <... munmap resumed>) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] close(5 [pid 6027] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6026] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6027] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6026] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6027] close(5 [pid 6026] close(5 [pid 6029] <... write resumed>) = 2097152 [pid 6029] munmap(0x7f9875600000, 138412032 [pid 6025] <... close resumed>) = 0 [pid 6029] <... munmap resumed>) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6027] <... close resumed>) = 0 [pid 6025] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6029] <... openat resumed>) = 4 [pid 6026] <... close resumed>) = 0 [pid 6026] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6027] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6025] <... open resumed>) = 5 [pid 6025] truncate("./file1", 16784380 [pid 6027] <... open resumed>) = 5 [pid 6026] <... open resumed>) = 5 [pid 6025] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6027] truncate("./file1", 16784380 [pid 6026] truncate("./file1", 16784380 [pid 6029] <... ioctl resumed>) = 0 [pid 6028] <... mount resumed>) = 0 [pid 6027] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6026] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6026] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6028] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6027] <... openat resumed>) = 6 [pid 6026] <... openat resumed>) = 6 [pid 6025] <... openat resumed>) = 6 [pid 6028] <... openat resumed>) = 3 [pid 6027] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6026] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6029] close(3 [pid 6027] <... mmap resumed>) = 0x200000001000 [pid 6026] <... mmap resumed>) = 0x200000001000 [pid 6025] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6029] <... close resumed>) = 0 [pid 6029] close(4) = 0 [pid 6028] chdir("./file1" [pid 6027] exit_group(0 [pid 6026] exit_group(0 [pid 6025] <... mmap resumed>) = 0x200000001000 [pid 6026] <... exit_group resumed>) = ? [pid 6028] <... chdir resumed>) = 0 [pid 6027] <... exit_group resumed>) = ? [pid 6026] +++ exited with 0 +++ [pid 6029] mkdir("./file1", 0777 [ 130.127759][ T6029] loop0: detected capacity change from 0 to 4096 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6027] +++ exited with 0 +++ [pid 6025] exit_group(0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 6029] <... mkdir resumed>) = 0 [pid 6028] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6025] <... exit_group resumed>) = ? [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 6028] open("./file1", O_RDONLY|O_DIRECT [pid 5840] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6028] <... open resumed>) = 4 [pid 6025] +++ exited with 0 +++ [pid 5843] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5840] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6028] preadv2(4, [pid 5840] <... openat resumed>) = 3 [pid 6028] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] memfd_create("syzkaller", 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] <... memfd_create resumed>) = 5 [pid 5843] newfstatat(AT_FDCWD, "./32/file1", [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] <... mmap resumed>) = 0x7f9875600000 [pid 5843] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(3, "", [pid 5843] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... openat resumed>) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(3, [pid 5843] close(4 [pid 5841] <... openat resumed>) = 3 [pid 5843] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] newfstatat(3, "", [pid 5840] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] rmdir("./32/file1") = 0 [pid 5841] getdents64(3, [pid 5843] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./32/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./32") = 0 [pid 5843] mkdir("./33", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached [ 130.212646][ T6029] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6030] set_robust_list(0x55558b799660, 24 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6030 [pid 6030] <... set_robust_list resumed>) = 0 [pid 6030] chdir("./33") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] <... umount2 resumed>) = 0 executing program [pid 6030] write(1, "executing program\n", 18) = 18 [pid 5840] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./35/file1", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./34/file1", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6029] <... mount resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] newfstatat(4, "", [pid 5841] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6028] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5841] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5840] getdents64(4, [pid 6029] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] close(4 [pid 5841] getdents64(4, [pid 6029] chdir("./file1" [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 6029] <... chdir resumed>) = 0 [pid 5840] rmdir("./35/file1" [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] close(4 [pid 5840] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] rmdir("./34/file1" [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... rmdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./35/binderfs", [pid 6029] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5840] unlink("./35/binderfs" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6029] open("./file1", O_RDONLY|O_DIRECT [pid 5841] unlink("./34/binderfs" [pid 5840] <... unlink resumed>) = 0 [pid 6029] <... open resumed>) = 4 [pid 6029] preadv2(4, [pid 5841] <... unlink resumed>) = 0 [pid 5840] getdents64(3, [pid 5841] getdents64(3, [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6029] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] close(3 [pid 5840] rmdir("./35" [pid 6029] memfd_create("syzkaller", 0 [pid 6030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] <... memfd_create resumed>) = 5 [pid 5841] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] rmdir("./34" [pid 5840] mkdir("./36", 0777 [pid 6029] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 6028] <... write resumed>) = 2097152 [pid 5841] mkdir("./35", 0777 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6028] munmap(0x7f9875600000, 138412032 [pid 5840] <... openat resumed>) = 3 [pid 6029] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6028] <... munmap resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] close(3 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6028] close(5 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 6030] <... write resumed>) = 2097152 [pid 6030] munmap(0x7f9875600000, 138412032) = 0 [pid 5840] <... close resumed>) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3 [pid 6028] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6028] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006./strace-static-x86_64: Process 6031 attached [pid 6030] <... ioctl resumed>) = 0 [pid 6028] <... open resumed>) = 5 [pid 5841] <... close resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6031 [pid 6030] close(3 [pid 6028] truncate("./file1", 16784380 [pid 6030] <... close resumed>) = 0 [pid 6028] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6030] close(4 [pid 6028] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6030] <... close resumed>) = 0 [pid 6028] <... openat resumed>) = 6 [pid 6031] set_robust_list(0x55558b799660, 24 [pid 6030] mkdir("./file1", 0777./strace-static-x86_64: Process 6032 attached ) = 0 [pid 6028] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6030] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6028] <... mmap resumed>) = 0x200000001000 [pid 6032] set_robust_list(0x55558b799660, 24 [pid 6029] <... write resumed>) = 2097152 [pid 6028] exit_group(0) = ? [pid 6032] <... set_robust_list resumed>) = 0 [pid 6031] <... set_robust_list resumed>) = 0 [pid 6031] chdir("./36") = 0 [ 130.526016][ T6030] loop4: detected capacity change from 0 to 4096 [pid 6032] chdir("./35" [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] munmap(0x7f9875600000, 138412032 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6032 [pid 6032] <... chdir resumed>) = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] <... prctl resumed>) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6028] +++ exited with 0 +++ [pid 6032] setpgid(0, 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [pid 6032] <... setpgid resumed>) = 0 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6031] <... openat resumed>) = 3 [pid 6032] <... openat resumed>) = 3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6032] write(3, "1000", 4 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3 [pid 6032] <... write resumed>) = 4 [pid 6031] <... close resumed>) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs" [pid 6032] close(3 [pid 5842] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] <... close resumed>) = 0 [pid 6031] <... symlink resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6032] symlink("/dev/binderfs", "./binderfs" [pid 5842] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6031] write(1, "executing program\n", 18) = 18 executing program [pid 6032] <... symlink resumed>) = 0 [pid 6031] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 6032] write(1, "executing program\n", 18 [pid 5842] newfstatat(3, "", [pid 6031] <... memfd_create resumed>) = 3 [pid 6032] <... write resumed>) = 18 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6029] <... munmap resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6031] <... mmap resumed>) = 0x7f9875600000 [pid 6032] memfd_create("syzkaller", 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6029] close(5 [pid 6032] <... memfd_create resumed>) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [ 130.571032][ T6030] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5842] <... umount2 resumed>) = 0 [pid 6029] <... close resumed>) = 0 [pid 5842] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6029] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6030] <... mount resumed>) = 0 [pid 6031] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] <... open resumed>) = 5 [pid 5842] getdents64(4, [pid 6030] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] truncate("./file1", 16784380 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6030] chdir("./file1") = 0 [pid 5842] close(4 [pid 6030] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./34/file1") = 0 [pid 6030] open("./file1", O_RDONLY|O_DIRECT [pid 6029] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... open resumed>) = 4 [pid 6029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./34/binderfs", [pid 6029] <... openat resumed>) = 6 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./34/binderfs" [pid 6032] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6030] preadv2(4, [pid 6029] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 6029] <... mmap resumed>) = 0x200000001000 [pid 5842] rmdir("./34") = 0 [pid 5842] mkdir("./35", 0777 [pid 6029] exit_group(0 [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6030] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6029] <... exit_group resumed>) = ? [pid 6030] memfd_create("syzkaller", 0 [pid 6029] +++ exited with 0 +++ [pid 6030] <... memfd_create resumed>) = 5 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 6030] <... mmap resumed>) = 0x7f9875600000 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6031] <... write resumed>) = 2097152 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] munmap(0x7f9875600000, 138412032) = 0 [pid 6032] <... write resumed>) = 2097152 [pid 6031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6032] munmap(0x7f9875600000, 138412032 [pid 6031] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = 0 [pid 6031] ioctl(4, LOOP_SET_FD, 3 [pid 5839] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] newfstatat(AT_FDCWD, "./35/file1", ./strace-static-x86_64: Process 6033 attached [pid 6032] <... munmap resumed>) = 0 [pid 6031] <... ioctl resumed>) = 0 [pid 6030] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6033 [pid 6031] close(3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6033] set_robust_list(0x55558b799660, 24 [pid 6031] <... close resumed>) = 0 [pid 6033] <... set_robust_list resumed>) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6031] close(4 [pid 5839] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] chdir("./35") = 0 [pid 6032] <... openat resumed>) = 4 [pid 6031] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] mkdir("./file1", 0777 [pid 5839] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6032] ioctl(4, LOOP_SET_FD, 3 [pid 6031] <... mkdir resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 6033] <... prctl resumed>) = 0 [pid 6033] setpgid(0, 0 [pid 6031] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] newfstatat(4, "", [pid 6033] <... setpgid resumed>) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 130.811882][ T6031] loop1: detected capacity change from 0 to 4096 [ 130.845942][ T6032] loop2: detected capacity change from 0 to 4096 [pid 6033] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 6033] write(3, "1000", 4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6033] <... write resumed>) = 4 [pid 5839] getdents64(4, [pid 6033] close(3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./35/file1") = 0 [pid 5839] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./35/binderfs" [pid 6033] <... close resumed>) = 0 [pid 6032] <... ioctl resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs" [pid 5839] getdents64(3, [pid 6033] <... symlink resumed>) = 0 [pid 6032] close(3 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6033] write(1, "executing program\n", 18executing program ) = 18 [pid 6032] <... close resumed>) = 0 [pid 5839] close(3) = 0 [pid 6033] memfd_create("syzkaller", 0 [pid 5839] rmdir("./35" [pid 6032] close(4 [pid 6033] <... memfd_create resumed>) = 3 [pid 6032] <... close resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6032] mkdir("./file1", 0777 [pid 5839] mkdir("./36", 0777 [pid 6033] <... mmap resumed>) = 0x7f9875600000 [pid 6032] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [ 130.854378][ T6031] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5839] close(3 [pid 6032] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6030] <... write resumed>) = 2097152 [pid 6030] munmap(0x7f9875600000, 138412032) = 0 [pid 5839] <... close resumed>) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 130.904080][ T6032] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6030] close(5 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6034 attached , child_tidptr=0x55558b799650) = 6034 [pid 6031] <... mount resumed>) = 0 [pid 6034] set_robust_list(0x55558b799660, 24 [pid 6031] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6034] <... set_robust_list resumed>) = 0 [pid 6031] <... openat resumed>) = 3 [pid 6031] chdir("./file1" [pid 6034] chdir("./36" [pid 6031] <... chdir resumed>) = 0 [pid 6034] <... chdir resumed>) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6031] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6034] <... prctl resumed>) = 0 [pid 6031] open("./file1", O_RDONLY|O_DIRECT [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6033] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] <... openat resumed>) = 3 [pid 6034] write(3, "1000", 4 [pid 6031] <... open resumed>) = 4 [pid 6034] <... write resumed>) = 4 [pid 6034] close(3) = 0 executing program [pid 6034] symlink("/dev/binderfs", "./binderfs" [pid 6031] preadv2(4, [pid 6034] <... symlink resumed>) = 0 [pid 6034] write(1, "executing program\n", 18) = 18 [pid 6034] memfd_create("syzkaller", 0 [pid 6031] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6031] memfd_create("syzkaller", 0 [pid 6034] <... memfd_create resumed>) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6031] <... memfd_create resumed>) = 5 [pid 6030] <... close resumed>) = 0 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6030] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6031] <... mmap resumed>) = 0x7f9875600000 [pid 6030] <... open resumed>) = 5 [pid 6030] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6032] <... mount resumed>) = 0 [pid 6030] <... openat resumed>) = 6 [pid 6030] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6030] exit_group(0) = ? [pid 6032] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6030] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5843] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6032] <... openat resumed>) = 3 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6032] chdir("./file1" [pid 5843] getdents64(3, [pid 6032] <... chdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6032] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6032] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6032] memfd_create("syzkaller", 0) = 5 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6033] <... write resumed>) = 2097152 [pid 6033] munmap(0x7f9875600000, 138412032 [pid 6031] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6033] <... munmap resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 6032] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6033] ioctl(4, LOOP_SET_FD, 3 [pid 5843] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./33/file1") = 0 [pid 5843] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./33/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./33" [pid 6033] <... ioctl resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] mkdir("./34", 0777) = 0 [pid 6034] <... write resumed>) = 2097152 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6031] <... write resumed>) = 2097152 [pid 6033] mkdir("./file1", 0777) = 0 [ 131.190693][ T6033] loop3: detected capacity change from 0 to 4096 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6033] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x55558b799660, 24) = 0 [pid 6035] chdir("./34" [pid 6031] munmap(0x7f9875600000, 138412032 [pid 6035] <... chdir resumed>) = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6035 [pid 6035] <... prctl resumed>) = 0 [pid 6034] munmap(0x7f9875600000, 138412032 [pid 6035] setpgid(0, 0 [pid 6034] <... munmap resumed>) = 0 [pid 6035] <... setpgid resumed>) = 0 [pid 6031] <... munmap resumed>) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6035] <... openat resumed>) = 3 [pid 6034] <... openat resumed>) = 4 [pid 6031] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 131.233872][ T6033] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6035] write(3, "1000", 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3 [pid 6032] <... write resumed>) = 2097152 [pid 6035] <... write resumed>) = 4 [pid 6031] close(5 [pid 6035] close(3) = 0 executing program [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6035] write(1, "executing program\n", 18) = 18 [pid 6035] memfd_create("syzkaller", 0 [pid 6034] <... ioctl resumed>) = 0 [pid 6032] munmap(0x7f9875600000, 138412032 [pid 6035] <... memfd_create resumed>) = 3 [pid 6034] close(3 [pid 6032] <... munmap resumed>) = 0 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6034] <... close resumed>) = 0 [pid 6035] <... mmap resumed>) = 0x7f9875600000 [pid 6034] close(4) = 0 [pid 6034] mkdir("./file1", 0777) = 0 [ 131.281300][ T6034] loop0: detected capacity change from 0 to 4096 [pid 6034] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6032] close(5 [pid 6031] <... close resumed>) = 0 [ 131.333915][ T6034] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6031] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6032] <... close resumed>) = 0 [pid 6031] <... open resumed>) = 5 [pid 6033] <... mount resumed>) = 0 [pid 6032] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6031] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6033] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6031] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6033] chdir("./file1" [pid 6032] <... open resumed>) = 5 [pid 6035] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6033] <... chdir resumed>) = 0 [pid 6032] truncate("./file1", 16784380 [pid 6031] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6032] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6031] <... mmap resumed>) = 0x200000001000 [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6032] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6031] exit_group(0 [pid 6032] <... mmap resumed>) = 0x200000001000 [pid 6033] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6032] exit_group(0 [pid 6031] <... exit_group resumed>) = ? [pid 6032] <... exit_group resumed>) = ? [pid 6033] open("./file1", O_RDONLY|O_DIRECT [pid 6031] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6033] <... open resumed>) = 4 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6032] +++ exited with 0 +++ [pid 5840] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- [pid 5840] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(3, "", [pid 5841] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] getdents64(3, [pid 5841] newfstatat(3, "", [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] preadv2(4, [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6033] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] memfd_create("syzkaller", 0) = 5 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... umount2 resumed>) = 0 [pid 6035] <... write resumed>) = 2097152 [pid 5840] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6034] <... mount resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6035] munmap(0x7f9875600000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6034] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6034] chdir("./file1") = 0 [pid 5841] newfstatat(AT_FDCWD, "./35/file1", [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6034] open("./file1", O_RDONLY|O_DIRECT [pid 6035] <... openat resumed>) = 4 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] ioctl(4, LOOP_SET_FD, 3 [pid 5841] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6034] <... open resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 6034] preadv2(4, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./35/file1") = 0 [pid 5841] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 4 [pid 5841] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./35/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./35") = 0 [pid 5840] newfstatat(4, "", [pid 5841] mkdir("./36", 0777 [pid 6034] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6034] memfd_create("syzkaller", 0 [pid 5840] getdents64(4, [pid 6034] <... memfd_create resumed>) = 5 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6034] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... openat resumed>) = 3 [pid 6033] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6035] <... ioctl resumed>) = 0 [pid 5840] getdents64(4, [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./file1", 0777) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] close(4 [pid 5841] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] close(3 [pid 5840] rmdir("./36/file1" [pid 6035] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6036 attached [pid 5840] newfstatat(AT_FDCWD, "./36/binderfs", [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6036 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./36/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6036] set_robust_list(0x55558b799660, 24) = 0 [ 131.573907][ T6035] loop4: detected capacity change from 0 to 4096 [ 131.608646][ T6035] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6036] chdir("./36"executing program [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./36" [pid 6036] <... chdir resumed>) = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] write(1, "executing program\n", 18) = 18 [pid 6036] memfd_create("syzkaller", 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6036] <... memfd_create resumed>) = 3 [pid 5840] mkdir("./37", 0777 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6033] <... write resumed>) = 2097152 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 6034] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6033] munmap(0x7f9875600000, 138412032 [pid 6035] <... mount resumed>) = 0 [pid 6035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./file1") = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] open("./file1", O_RDONLY|O_DIRECT [pid 6033] <... munmap resumed>) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6035] <... open resumed>) = 4 [pid 6035] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6035] memfd_create("syzkaller", 0) = 5 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] <... write resumed>) = 2097152 [pid 6033] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... close resumed>) = 0 [pid 6034] munmap(0x7f9875600000, 138412032 [pid 6033] close(5 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached , child_tidptr=0x55558b799650) = 6037 [ 131.742547][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 131.742566][ T30] audit: type=1800 audit(1750615413.015:360): pid=6035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 6037] set_robust_list(0x55558b799660, 24) = 0 [pid 6034] <... munmap resumed>) = 0 [pid 6037] chdir("./37" [pid 6035] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6033] <... close resumed>) = 0 [pid 6034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6034] close(5 [pid 6037] <... chdir resumed>) = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6033] <... open resumed>) = 5 [pid 6033] truncate("./file1", 16784380 [pid 6037] write(1, "executing program\n", 18 executing program [pid 6033] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6037] <... write resumed>) = 18 [pid 6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6033] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6037] memfd_create("syzkaller", 0 [pid 6036] <... write resumed>) = 2097152 [pid 6034] <... close resumed>) = 0 [pid 6033] <... mmap resumed>) = 0x200000001000 [pid 6033] exit_group(0 [pid 6037] <... memfd_create resumed>) = 3 [pid 6033] <... exit_group resumed>) = ? [ 131.847755][ T30] audit: type=1804 audit(1750615413.115:361): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/35/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6033] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 6036] munmap(0x7f9875600000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6035] <... write resumed>) = 2097152 [pid 6034] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6036] <... openat resumed>) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3 [pid 6037] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6035] munmap(0x7f9875600000, 138412032 [pid 6034] <... open resumed>) = 5 [pid 5842] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6035] <... munmap resumed>) = 0 [pid 6034] truncate("./file1", 16784380 [pid 5842] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6036] <... ioctl resumed>) = 0 [pid 6034] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6036] close(3 [pid 5842] newfstatat(AT_FDCWD, "./35/file1", [pid 6036] <... close resumed>) = 0 [pid 6034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6036] close(4 [pid 5842] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6036] <... close resumed>) = 0 [pid 6034] <... openat resumed>) = 6 [pid 5842] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6036] mkdir("./file1", 0777 [pid 6034] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", [pid 6036] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6036] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6034] <... mmap resumed>) = 0x200000001000 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [ 131.933365][ T30] audit: type=1804 audit(1750615413.205:362): pid=6034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/36/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 131.942138][ T6036] loop2: detected capacity change from 0 to 4096 [pid 5842] close(4 [pid 6034] exit_group(0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./35/file1") = 0 [pid 5842] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./35/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./35") = 0 [pid 5842] mkdir("./36", 0777) = 0 [pid 6034] <... exit_group resumed>) = ? [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6037] <... write resumed>) = 2097152 [pid 6035] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6034] +++ exited with 0 +++ [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6037] munmap(0x7f9875600000, 138412032 [pid 6035] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6035] close(5 [pid 5842] <... ioctl resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} --- [pid 6035] <... close resumed>) = 0 [pid 5842] close(3 [pid 6037] <... munmap resumed>) = 0 [ 131.986325][ T6036] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6037] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6037] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 3 [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6037] <... ioctl resumed>) = 0 [pid 6037] close(3) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./file1", 0777) = 0 [pid 6037] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6035] <... open resumed>) = 5 [pid 6035] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6035] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6035] exit_group(0) = ? [pid 6035] +++ exited with 0 +++ [ 132.045485][ T6037] loop1: detected capacity change from 0 to 4096 [ 132.058117][ T30] audit: type=1804 audit(1750615413.325:363): pid=6035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/34/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 6036] <... mount resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 6036] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = 0 [pid 6036] chdir("./file1") = 0 [pid 5839] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6038 attached [pid 6036] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6038] set_robust_list(0x55558b799660, 24) = 0 [pid 6036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./36/file1", [pid 6038] chdir("./36" [pid 6036] open("./file1", O_RDONLY|O_DIRECT [pid 5843] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6038 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... chdir resumed>) = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6036] <... open resumed>) = 4 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... prctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./36/file1") = 0 [pid 5839] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./36/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./36") = 0 [ 132.095017][ T6037] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5839] mkdir("./37", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6038] setpgid(0, 0 [pid 6036] preadv2(4, [pid 5843] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6038] <... setpgid resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6036] memfd_create("syzkaller", 0) = 5 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] <... openat resumed>) = 3 [pid 6038] write(3, "1000", 4 [pid 6036] <... mmap resumed>) = 0x7f9875600000 [pid 5843] getdents64(3, [pid 6038] <... write resumed>) = 4 [ 132.128359][ T30] audit: type=1800 audit(1750615413.395:364): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 6038] close(3 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6038] <... close resumed>) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 5843] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... symlink resumed>) = 0 executing program [pid 6038] write(1, "executing program\n", 18) = 18 [pid 6038] memfd_create("syzkaller", 0) = 3 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6037] <... mount resumed>) = 0 [pid 6037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file1") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... close resumed>) = 0 [pid 6037] <... open resumed>) = 4 [pid 6036] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] preadv2(4, ./strace-static-x86_64: Process 6039 attached [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6039] set_robust_list(0x55558b799660, 24 [pid 6037] memfd_create("syzkaller", 0) = 5 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = 0 [pid 6039] chdir("./37" [pid 6037] <... mmap resumed>) = 0x7f9875600000 [pid 5843] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] <... chdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6039 [pid 6039] <... prctl resumed>) = 0 [pid 5843] newfstatat(AT_FDCWD, "./34/file1", [pid 6039] setpgid(0, 0) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] <... openat resumed>) = 3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] write(3, "1000", 4 [pid 5843] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6039] <... write resumed>) = 4 [pid 6039] close(3 [pid 5843] <... openat resumed>) = 4 [ 132.232809][ T30] audit: type=1800 audit(1750615413.505:365): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 6039] <... close resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 6039] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6039] <... symlink resumed>) = 0 [pid 6036] <... write resumed>) = 2097152 [pid 5843] getdents64(4, [pid 6039] write(1, "executing program\n", 18) = 18 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./34/file1" [pid 6039] memfd_create("syzkaller", 0 [pid 6038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6036] munmap(0x7f9875600000, 138412032 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./34/binderfs") = 0 [pid 6039] <... memfd_create resumed>) = 3 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6036] <... munmap resumed>) = 0 [pid 5843] close(3 [pid 6036] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] rmdir("./34" [pid 6039] <... mmap resumed>) = 0x7f9875600000 [pid 6036] close(5 [pid 5843] <... rmdir resumed>) = 0 [pid 5843] mkdir("./35", 0777 [pid 6038] <... write resumed>) = 2097152 [pid 6036] <... close resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 6036] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6037] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6036] <... open resumed>) = 5 [pid 6038] munmap(0x7f9875600000, 138412032 [pid 6039] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6036] truncate("./file1", 16784380 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6038] <... munmap resumed>) = 0 [pid 6037] <... write resumed>) = 2097152 [pid 6036] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... openat resumed>) = 3 [pid 6036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6037] munmap(0x7f9875600000, 138412032 [pid 6036] <... openat resumed>) = 6 [pid 5843] <... ioctl resumed>) = 0 [ 132.363834][ T30] audit: type=1804 audit(1750615413.635:366): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/36/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 6038] <... openat resumed>) = 4 [pid 6036] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] close(3 [pid 6039] <... write resumed>) = 2097152 [pid 6038] ioctl(4, LOOP_SET_FD, 3 [pid 6037] <... munmap resumed>) = 0 [pid 6036] <... mmap resumed>) = 0x200000001000 [pid 6039] munmap(0x7f9875600000, 138412032 [pid 6037] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] exit_group(0 [pid 6037] close(5 [pid 6036] <... exit_group resumed>) = ? [pid 6036] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 6039] <... munmap resumed>) = 0 [pid 6038] <... ioctl resumed>) = 0 [pid 6038] close(3) = 0 [pid 6038] close(4) = 0 [pid 6038] mkdir("./file1", 0777) = 0 [pid 5843] <... close resumed>) = 0 [pid 6038] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6037] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... restart_syscall resumed>) = 0 [pid 6039] <... openat resumed>) = 4 [ 132.437793][ T6038] loop3: detected capacity change from 0 to 4096 [pid 6037] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 5841] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6040 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x55558b799660, 24) = 0 [pid 6040] chdir("./35") = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] <... open resumed>) = 5 [pid 6040] write(3, "1000", 4 [pid 6037] truncate("./file1", 16784380 [pid 6040] <... write resumed>) = 4 [pid 6037] <... truncate resumed>) = -1 EFBIG (File too large) executing program [pid 6040] close(3 [pid 6037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6040] <... close resumed>) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs" [pid 6037] <... openat resumed>) = 6 [pid 6040] <... symlink resumed>) = 0 [pid 6037] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6040] write(1, "executing program\n", 18) = 18 [pid 6040] memfd_create("syzkaller", 0 [pid 6037] <... mmap resumed>) = 0x200000001000 [pid 6040] <... memfd_create resumed>) = 3 [pid 6037] exit_group(0) = ? [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6037] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.469835][ T30] audit: type=1804 audit(1750615413.735:367): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/37/file1/file1" dev="loop1" ino=30 res=1 errno=0 [ 132.495292][ T6038] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 132.506530][ T6039] loop0: detected capacity change from 0 to 4096 [pid 6039] <... ioctl resumed>) = 0 [pid 5841] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", [pid 6039] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6039] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 6039] close(4) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6039] mkdir("./file1", 0777 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 6038] <... mount resumed>) = 0 [pid 5841] rmdir("./36/file1" [pid 6038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./file1") = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... umount2 resumed>) = 0 [pid 6038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... rmdir resumed>) = 0 [pid 6039] <... mkdir resumed>) = 0 [pid 6038] open("./file1", O_RDONLY|O_DIRECT [pid 6040] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6039] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6038] <... open resumed>) = 4 [pid 5841] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6038] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] <... memfd_create resumed>) = 5 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] newfstatat(AT_FDCWD, "./36/binderfs", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] newfstatat(AT_FDCWD, "./37/file1", [pid 5841] unlink("./36/binderfs" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5840] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] newfstatat(4, "", [pid 5841] close(3) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] rmdir("./36" [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./37", 0777 [pid 5840] rmdir("./37/file1") = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] newfstatat(AT_FDCWD, "./37/binderfs", [pid 5841] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] close(3 [pid 5840] unlink("./37/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./37") = 0 [pid 5840] mkdir("./38", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 132.586777][ T30] audit: type=1800 audit(1750615413.855:368): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 132.599108][ T6039] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(3 [pid 6040] <... write resumed>) = 2097152 [pid 6040] munmap(0x7f9875600000, 138412032) = 0 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6040] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6040] <... openat resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 6041] set_robust_list(0x55558b799660, 24 [pid 6038] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] <... ioctl resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6041] chdir("./37" [pid 6040] close(3 [pid 6041] <... chdir resumed>) = 0 [pid 6040] <... close resumed>) = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6040] close(4 [pid 6041] <... prctl resumed>) = 0 [pid 6041] setpgid(0, 0 [pid 6040] <... close resumed>) = 0 ./strace-static-x86_64: Process 6042 attached [pid 6041] <... setpgid resumed>) = 0 [pid 6040] mkdir("./file1", 0777 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6042 [pid 6042] set_robust_list(0x55558b799660, 24 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6042] <... set_robust_list resumed>) = 0 [pid 6042] chdir("./38" [pid 6040] <... mkdir resumed>) = 0 [pid 6042] <... chdir resumed>) = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6041] <... openat resumed>) = 3 [pid 6042] <... prctl resumed>) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6041] write(3, "1000", 4 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6041] <... write resumed>) = 4 [pid 6042] <... openat resumed>) = 3 [pid 6041] close(3 [ 132.721451][ T6040] loop4: detected capacity change from 0 to 4096 [pid 6040] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"executing program [pid 6042] write(3, "1000", 4 [pid 6041] <... close resumed>) = 0 [pid 6042] <... write resumed>) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6042] write(1, "executing program\n", 18 [pid 6041] symlink("/dev/binderfs", "./binderfs" [pid 6042] <... write resumed>) = 18 [pid 6041] <... symlink resumed>) = 0 executing program [pid 6042] memfd_create("syzkaller", 0 [pid 6041] write(1, "executing program\n", 18 [pid 6042] <... memfd_create resumed>) = 3 [pid 6041] <... write resumed>) = 18 [pid 6038] <... write resumed>) = 2097152 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] memfd_create("syzkaller", 0 [pid 6042] <... mmap resumed>) = 0x7f9875600000 [pid 6041] <... memfd_create resumed>) = 3 [pid 6038] munmap(0x7f9875600000, 138412032 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6039] <... mount resumed>) = 0 [pid 6041] <... mmap resumed>) = 0x7f9875600000 [pid 6039] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./file1") = 0 [ 132.782881][ T6040] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6038] <... munmap resumed>) = 0 [pid 6039] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6039] open("./file1", O_RDONLY|O_DIRECT [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6039] <... open resumed>) = 4 [pid 6038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6039] preadv2(4, [pid 6040] <... mount resumed>) = 0 [pid 6038] close(5 [pid 6040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6039] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6040] <... openat resumed>) = 3 [pid 6040] chdir("./file1" [pid 6039] memfd_create("syzkaller", 0 [pid 6040] <... chdir resumed>) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] open("./file1", O_RDONLY|O_DIRECT) = 4 [ 132.862528][ T30] audit: type=1800 audit(1750615414.115:369): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 6040] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6040] memfd_create("syzkaller", 0) = 5 [pid 6039] <... memfd_create resumed>) = 5 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6039] <... mmap resumed>) = 0x7f9875600000 [pid 6042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6041] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6038] <... close resumed>) = 0 [pid 6038] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6038] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6042] <... write resumed>) = 2097152 [pid 6041] <... write resumed>) = 2097152 [pid 6038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6042] munmap(0x7f9875600000, 138412032 [pid 6041] munmap(0x7f9875600000, 138412032 [pid 6038] <... openat resumed>) = 6 [pid 6038] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6039] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6042] <... munmap resumed>) = 0 [pid 6041] <... munmap resumed>) = 0 [pid 6040] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6038] exit_group(0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6038] <... exit_group resumed>) = ? [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6041] <... openat resumed>) = 4 [pid 6038] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [pid 6042] <... openat resumed>) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6042] ioctl(4, LOOP_SET_FD, 3 [pid 5842] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] <... write resumed>) = 2097152 [pid 6042] <... ioctl resumed>) = 0 [pid 6041] <... ioctl resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] munmap(0x7f9875600000, 138412032 [pid 5842] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6042] close(3 [pid 6041] close(3 [pid 5842] <... openat resumed>) = 3 [ 133.063797][ T6041] loop2: detected capacity change from 0 to 4096 [ 133.080459][ T6042] loop1: detected capacity change from 0 to 4096 [pid 5842] newfstatat(3, "", [pid 6041] <... close resumed>) = 0 [pid 6042] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6042] close(4 [pid 6041] close(4 [pid 6042] <... close resumed>) = 0 [pid 6041] <... close resumed>) = 0 [pid 6042] mkdir("./file1", 0777 [pid 6041] mkdir("./file1", 0777 [pid 5842] getdents64(3, [pid 6042] <... mkdir resumed>) = 0 [pid 6042] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6041] <... mkdir resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6041] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] <... munmap resumed>) = 0 [pid 6040] <... write resumed>) = 2097152 [pid 6040] munmap(0x7f9875600000, 138412032 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] close(5 [pid 6040] <... munmap resumed>) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] close(5 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.105059][ T6042] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 133.115543][ T6041] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5842] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./36/file1") = 0 [pid 5842] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6040] <... close resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./36/binderfs", [pid 6040] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./36/binderfs") = 0 [pid 6039] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 6039] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6040] <... open resumed>) = 5 [pid 5842] close(3 [pid 6040] truncate("./file1", 16784380 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./36" [pid 6040] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... rmdir resumed>) = 0 [pid 6040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6039] <... open resumed>) = 5 [pid 6039] truncate("./file1", 16784380 [pid 5842] mkdir("./37", 0777 [pid 6040] <... openat resumed>) = 6 [pid 6042] <... mount resumed>) = 0 [pid 6040] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... mkdir resumed>) = 0 [pid 6039] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6040] <... mmap resumed>) = 0x200000001000 [pid 6039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6040] exit_group(0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6042] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6040] <... exit_group resumed>) = ? [pid 6039] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... openat resumed>) = 3 [pid 6042] <... openat resumed>) = 3 [pid 6039] <... mmap resumed>) = 0x200000001000 [pid 6042] chdir("./file1" [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6039] exit_group(0 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 6042] <... chdir resumed>) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6040] +++ exited with 0 +++ [pid 6039] <... exit_group resumed>) = ? [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5843] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6039] +++ exited with 0 +++ [pid 5843] <... openat resumed>) = 3 [pid 5843] newfstatat(3, "", [pid 6042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6041] <... mount resumed>) = 0 [pid 6042] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file1") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] open("./file1", O_RDONLY|O_DIRECT [pid 5839] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... close resumed>) = 0 [pid 6042] preadv2(4, [pid 6041] <... open resumed>) = 4 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6043 attached [pid 6041] preadv2(4, [pid 5843] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6041] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6043 [pid 5839] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] set_robust_list(0x55558b799660, 24 [pid 6042] memfd_create("syzkaller", 0 [pid 6041] memfd_create("syzkaller", 0 [pid 5843] newfstatat(AT_FDCWD, "./35/file1", [pid 6043] <... set_robust_list resumed>) = 0 [pid 6042] <... memfd_create resumed>) = 5 [pid 6041] <... memfd_create resumed>) = 5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... openat resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] newfstatat(3, "", [pid 6042] <... mmap resumed>) = 0x7f9875600000 [pid 5843] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(3, [pid 5843] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] newfstatat(4, "", [pid 5839] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./35/file1") = 0 [pid 5843] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] newfstatat(AT_FDCWD, "./35/binderfs", [pid 6041] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./35/binderfs") = 0 [pid 6043] chdir("./37" [pid 5843] getdents64(3, [pid 6043] <... chdir resumed>) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] close(3 [pid 6043] <... prctl resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6043] setpgid(0, 0 [pid 5843] rmdir("./35" [pid 6043] <... setpgid resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] mkdir("./36", 0777) = 0 [pid 6043] <... openat resumed>) = 3 [pid 6043] write(3, "1000", 4 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6043] <... write resumed>) = 4 [pid 5843] <... openat resumed>) = 3 [pid 6043] close(3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6043] <... close resumed>) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6044 attached ) = 0 executing program [pid 6043] write(1, "executing program\n", 18 [pid 6044] set_robust_list(0x55558b799660, 24) = 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6044 [pid 6044] chdir("./36") = 0 [pid 6043] <... write resumed>) = 18 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6043] memfd_create("syzkaller", 0 [pid 6044] <... prctl resumed>) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4 [pid 6043] <... memfd_create resumed>) = 3 [pid 6044] <... write resumed>) = 4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6044] close(3 [pid 6043] <... mmap resumed>) = 0x7f9875600000 [pid 6044] <... close resumed>) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6044] write(1, "executing program\n", 18 [pid 5839] <... umount2 resumed>) = 0 [pid 6044] <... write resumed>) = 18 [pid 6044] memfd_create("syzkaller", 0 [pid 5839] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... memfd_create resumed>) = 3 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./37/file1") = 0 [pid 5839] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./37/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./37") = 0 [pid 5839] mkdir("./38", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6041] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6042] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6043] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached [pid 6044] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6045] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6045 [pid 6045] <... set_robust_list resumed>) = 0 [pid 6045] chdir("./38") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6045] write(1, "executing program\n", 18) = 18 [pid 6041] <... write resumed>) = 2097152 [pid 6043] <... write resumed>) = 2097152 [pid 6045] memfd_create("syzkaller", 0 [pid 6042] <... write resumed>) = 2097152 [pid 6041] munmap(0x7f9875600000, 138412032 [pid 6045] <... memfd_create resumed>) = 3 [pid 6043] munmap(0x7f9875600000, 138412032 [pid 6042] munmap(0x7f9875600000, 138412032 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6043] <... munmap resumed>) = 0 [pid 6041] <... munmap resumed>) = 0 [pid 6045] <... mmap resumed>) = 0x7f9875600000 [pid 6042] <... munmap resumed>) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6041] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6041] close(5 [pid 6043] <... openat resumed>) = 4 [pid 6042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6043] ioctl(4, LOOP_SET_FD, 3 [pid 6044] <... write resumed>) = 2097152 [pid 6042] close(5 [pid 6041] <... close resumed>) = 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6044] munmap(0x7f9875600000, 138412032 [pid 6041] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6043] close(3) = 0 [pid 6043] close(4) = 0 [pid 6043] mkdir("./file1", 0777) = 0 [pid 6044] <... munmap resumed>) = 0 [ 133.574980][ T6043] loop3: detected capacity change from 0 to 4096 [pid 6043] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6044] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6042] <... close resumed>) = 0 [pid 6041] <... open resumed>) = 5 [pid 6041] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6044] <... openat resumed>) = 4 [pid 6041] <... openat resumed>) = 6 [pid 6044] ioctl(4, LOOP_SET_FD, 3 [pid 6042] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6041] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6041] exit_group(0) = ? [pid 6042] <... open resumed>) = 5 [pid 6042] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6041] +++ exited with 0 +++ [pid 6042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6044] <... ioctl resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 6042] <... openat resumed>) = 6 [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6044] close(3 [pid 5841] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... close resumed>) = 0 [pid 6044] close(4) = 0 [pid 6044] mkdir("./file1", 0777) = 0 [pid 6044] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6042] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 133.619058][ T6043] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 133.640676][ T6044] loop4: detected capacity change from 0 to 4096 [pid 6042] <... mmap resumed>) = 0x200000001000 [pid 5841] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6042] exit_group(0 [pid 5841] <... openat resumed>) = 3 [pid 6042] <... exit_group resumed>) = ? [pid 5841] newfstatat(3, "", [pid 6042] +++ exited with 0 +++ [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] <... write resumed>) = 2097152 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6045] munmap(0x7f9875600000, 138412032 [pid 5840] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] <... munmap resumed>) = 0 [ 133.687065][ T6044] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5841] <... umount2 resumed>) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6043] <... mount resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6045] <... openat resumed>) = 4 [pid 5841] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6043] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... openat resumed>) = 3 [pid 5841] newfstatat(AT_FDCWD, "./37/file1", [pid 6043] chdir("./file1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 5841] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6043] <... open resumed>) = 4 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5840] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] rmdir("./37/file1" [pid 5840] newfstatat(AT_FDCWD, "./38/file1", [pid 6043] preadv2(4, [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6043] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] memfd_create("syzkaller", 0 [pid 5841] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... memfd_create resumed>) = 5 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] newfstatat(AT_FDCWD, "./37/binderfs", [pid 5840] <... openat resumed>) = 4 [pid 6043] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] unlink("./37/binderfs" [pid 5840] getdents64(4, [pid 5841] <... unlink resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 6045] <... ioctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] rmdir("./38/file1" [pid 6045] close(3 [pid 5841] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 6045] <... close resumed>) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./file1", 0777 [pid 5841] <... close resumed>) = 0 [pid 5840] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] rmdir("./37" [pid 5840] unlink("./38/binderfs" [pid 6045] <... mkdir resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 6045] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... rmdir resumed>) = 0 [ 133.755692][ T6045] loop0: detected capacity change from 0 to 4096 [pid 5840] getdents64(3, [pid 6044] <... mount resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] mkdir("./38", 0777) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./38") = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] mkdir("./39", 0777 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] <... mkdir resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 6044] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6044] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6044] chdir("./file1") = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 133.797022][ T6045] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6044] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6045] <... mount resumed>) = 0 [pid 6044] preadv2(4, [pid 5841] <... close resumed>) = 0 [pid 6045] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6044] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... close resumed>) = 0 [pid 6043] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6045] <... openat resumed>) = 3 [pid 6044] memfd_create("syzkaller", 0) = 5 [pid 6045] chdir("./file1" [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6045] <... chdir resumed>) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6046 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6045] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6046 attached [pid 6045] open("./file1", O_RDONLY|O_DIRECT [pid 6044] <... mmap resumed>) = 0x7f9875600000 ./strace-static-x86_64: Process 6047 attached [pid 6046] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6047 [pid 6046] <... set_robust_list resumed>) = 0 [pid 6046] chdir("./38" [pid 6047] set_robust_list(0x55558b799660, 24 [pid 6046] <... chdir resumed>) = 0 [pid 6045] <... open resumed>) = 4 [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6047] chdir("./39" [pid 6046] <... prctl resumed>) = 0 [pid 6047] <... chdir resumed>) = 0 [pid 6046] setpgid(0, 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6046] <... setpgid resumed>) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6047] <... prctl resumed>) = 0 [pid 6046] <... openat resumed>) = 3 [pid 6047] setpgid(0, 0 [pid 6046] write(3, "1000", 4 [pid 6047] <... setpgid resumed>) = 0 [pid 6046] <... write resumed>) = 4 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs" [pid 6045] preadv2(4, [pid 6046] <... symlink resumed>) = 0 [pid 6045] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6046] write(1, "executing program\n", 18) = 18 [pid 6046] memfd_create("syzkaller", 0 [pid 6045] memfd_create("syzkaller", 0executing program [pid 6047] <... openat resumed>) = 3 [pid 6045] <... memfd_create resumed>) = 5 [pid 6047] write(3, "1000", 4executing program ) = 4 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6046] <... memfd_create resumed>) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6047] write(1, "executing program\n", 18) = 18 [pid 6047] memfd_create("syzkaller", 0 [pid 6043] <... write resumed>) = 2097152 [pid 6047] <... memfd_create resumed>) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6043] munmap(0x7f9875600000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6043] close(5) = 0 [pid 6047] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6046] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6044] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6043] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6045] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6043] <... open resumed>) = 5 [pid 6043] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6043] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6043] exit_group(0) = ? [pid 6043] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6044] <... write resumed>) = 2097152 [pid 6044] munmap(0x7f9875600000, 138412032 [pid 5842] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6047] <... write resumed>) = 2097152 [pid 6046] <... write resumed>) = 2097152 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6046] munmap(0x7f9875600000, 138412032 [pid 6047] munmap(0x7f9875600000, 138412032 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6047] <... munmap resumed>) = 0 [pid 6046] <... munmap resumed>) = 0 [pid 6045] <... write resumed>) = 2097152 [pid 6044] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6044] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] newfstatat(AT_FDCWD, "./37/file1", [pid 6047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6047] <... openat resumed>) = 4 [pid 6046] <... openat resumed>) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3 [pid 6046] ioctl(4, LOOP_SET_FD, 3 [pid 6045] munmap(0x7f9875600000, 138412032 [pid 6044] close(5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6046] <... ioctl resumed>) = 0 [pid 6047] <... ioctl resumed>) = 0 [pid 6046] close(3 [pid 6045] <... munmap resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] close(3 [pid 6046] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 6047] <... close resumed>) = 0 [pid 6046] close(4 [pid 5842] newfstatat(4, "", [pid 6047] close(4 [pid 6046] <... close resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6047] <... close resumed>) = 0 [pid 6046] mkdir("./file1", 0777 [pid 5842] getdents64(4, [pid 6047] mkdir("./file1", 0777 [pid 6046] <... mkdir resumed>) = 0 [pid 6047] <... mkdir resumed>) = 0 [ 134.173044][ T6046] loop2: detected capacity change from 0 to 4096 [ 134.179995][ T6047] loop1: detected capacity change from 0 to 4096 [ 134.212650][ T6046] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6046] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6047] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6044] <... close resumed>) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 6045] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6044] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./37/file1" [pid 6045] close(5 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./37/binderfs" [pid 6044] <... open resumed>) = 5 [pid 5842] <... unlink resumed>) = 0 [pid 6044] truncate("./file1", 16784380 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6044] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] close(3) = 0 [pid 5842] rmdir("./37" [pid 6044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5842] <... rmdir resumed>) = 0 [ 134.233685][ T6047] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5842] mkdir("./38", 0777 [pid 6044] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... mkdir resumed>) = 0 [pid 6044] <... mmap resumed>) = 0x200000001000 [pid 6044] exit_group(0) = ? [pid 6044] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 3 [pid 5843] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5843] <... openat resumed>) = 3 [pid 5842] <... ioctl resumed>) = 0 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5842] close(3 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6045] <... close resumed>) = 0 [pid 5843] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6046] <... mount resumed>) = 0 [pid 6046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./file1") = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6046] open("./file1", O_RDONLY|O_DIRECT [pid 6047] <... mount resumed>) = 0 [pid 6046] <... open resumed>) = 4 [pid 6045] <... open resumed>) = 5 [pid 6045] truncate("./file1", 16784380 [pid 6047] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6046] preadv2(4, [pid 6047] <... openat resumed>) = 3 [pid 6045] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... close resumed>) = 0 [pid 6047] chdir("./file1" [pid 6046] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6047] <... chdir resumed>) = 0 [pid 6046] memfd_create("syzkaller", 0 [pid 6045] <... openat resumed>) = 6 [pid 6047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6046] <... memfd_create resumed>) = 5 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6045] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6046] <... mmap resumed>) = 0x7f9875600000 ./strace-static-x86_64: Process 6048 attached [pid 6047] open("./file1", O_RDONLY|O_DIRECT [pid 6045] <... mmap resumed>) = 0x200000001000 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6048 [pid 6048] set_robust_list(0x55558b799660, 24) = 0 [pid 6045] exit_group(0 [pid 6048] chdir("./38" [pid 6045] <... exit_group resumed>) = ? [pid 5843] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] <... chdir resumed>) = 0 [pid 6047] <... open resumed>) = 4 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6045] +++ exited with 0 +++ [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=10 /* 0.10 s */} --- [pid 6047] preadv2(4, [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6048] <... prctl resumed>) = 0 [pid 6047] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6047] memfd_create("syzkaller", 0 [pid 6048] setpgid(0, 0 [pid 6047] <... memfd_create resumed>) = 5 [pid 6048] <... setpgid resumed>) = 0 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6047] <... mmap resumed>) = 0x7f9875600000 [pid 5843] close(4 [pid 6048] <... openat resumed>) = 3 [pid 5843] <... close resumed>) = 0 [pid 6048] write(3, "1000", 4 [pid 5843] rmdir("./36/file1" [pid 5839] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] <... write resumed>) = 4 [pid 5839] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] close(3) = 0 [pid 5843] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./36/binderfs", [pid 6048] <... symlink resumed>) = 0 executing program [pid 6048] write(1, "executing program\n", 18 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6048] <... write resumed>) = 18 [pid 5843] unlink("./36/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6048] memfd_create("syzkaller", 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./36") = 0 [pid 6048] <... memfd_create resumed>) = 3 [pid 5843] mkdir("./37", 0777 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6046] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 6047] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] close(3 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./38/file1") = 0 [pid 5839] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./38/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./38") = 0 [pid 5839] mkdir("./39", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6046] <... write resumed>) = 2097152 [pid 6048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6047] <... write resumed>) = 2097152 [pid 5843] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 6046] munmap(0x7f9875600000, 138412032 [pid 6047] munmap(0x7f9875600000, 138412032 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6049 attached [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6050 attached [pid 6049] set_robust_list(0x55558b799660, 24 [pid 6047] <... munmap resumed>) = 0 [pid 6046] <... munmap resumed>) = 0 [pid 6049] <... set_robust_list resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6049 [pid 6049] chdir("./39" [pid 6050] set_robust_list(0x55558b799660, 24 [pid 6049] <... chdir resumed>) = 0 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6050 [pid 6050] chdir("./37" [pid 6049] <... prctl resumed>) = 0 [pid 6050] <... chdir resumed>) = 0 [pid 6049] setpgid(0, 0 [pid 6046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6049] <... setpgid resumed>) = 0 [pid 6046] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6050] <... prctl resumed>) = 0 [pid 6050] setpgid(0, 0 [pid 6049] <... openat resumed>) = 3 [pid 6046] close(5 [pid 6050] <... setpgid resumed>) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6049] write(3, "1000", 4 [pid 6050] <... openat resumed>) = 3 [pid 6049] <... write resumed>) = 4 [pid 6049] close(3 [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6049] <... close resumed>) = 0 [pid 6047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 executing program executing program [pid 6050] write(1, "executing program\n", 18 [pid 6049] write(1, "executing program\n", 18 [pid 6050] <... write resumed>) = 18 [pid 6049] <... write resumed>) = 18 [pid 6050] memfd_create("syzkaller", 0 [pid 6047] close(5 [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6050] <... memfd_create resumed>) = 3 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6046] <... close resumed>) = 0 [pid 6047] <... close resumed>) = 0 [pid 6048] <... write resumed>) = 2097152 [pid 6047] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6046] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6048] munmap(0x7f9875600000, 138412032) = 0 [pid 6046] <... open resumed>) = 5 [pid 6047] <... open resumed>) = 5 [pid 6046] truncate("./file1", 16784380 [pid 6047] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6047] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6046] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6047] <... openat resumed>) = 6 [pid 6046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6047] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6050] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6048] <... openat resumed>) = 4 [pid 6047] <... mmap resumed>) = 0x200000001000 [pid 6046] <... openat resumed>) = 6 [pid 6048] ioctl(4, LOOP_SET_FD, 3 [pid 6046] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6048] <... ioctl resumed>) = 0 [pid 6047] exit_group(0 [pid 6046] <... mmap resumed>) = 0x200000001000 [pid 6049] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6048] close(3 [pid 6047] <... exit_group resumed>) = ? [pid 6046] exit_group(0 [pid 6048] <... close resumed>) = 0 [pid 6047] +++ exited with 0 +++ [pid 6046] <... exit_group resumed>) = ? [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [pid 5840] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6046] +++ exited with 0 +++ [pid 5840] newfstatat(3, "", [pid 6048] close(4 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6048] <... close resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5840] getdents64(3, [pid 6048] mkdir("./file1", 0777 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... restart_syscall resumed>) = 0 [pid 6048] <... mkdir resumed>) = 0 [pid 5841] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6048] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 134.742584][ T6048] loop3: detected capacity change from 0 to 4096 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5841] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6050] <... write resumed>) = 2097152 [pid 6049] <... write resumed>) = 2097152 [pid 5841] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, [pid 6050] munmap(0x7f9875600000, 138412032 [pid 6049] munmap(0x7f9875600000, 138412032 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... munmap resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5841] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... close resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5840] rmdir("./39/file1" [pid 5841] newfstatat(4, "", [pid 5840] <... rmdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5841] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] unlink("./39/binderfs" [pid 5841] close(4) = 0 [ 134.797241][ T6048] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5841] rmdir("./38/file1") = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(3) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] rmdir("./39" [pid 5841] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6049] <... munmap resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6048] <... mount resumed>) = 0 [pid 5841] unlink("./38/binderfs" [pid 5840] mkdir("./40", 0777 [pid 6050] <... openat resumed>) = 4 [pid 5841] <... unlink resumed>) = 0 [pid 6050] ioctl(4, LOOP_SET_FD, 3 [pid 5841] getdents64(3, [pid 5840] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6048] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6048] <... openat resumed>) = 3 [pid 5841] close(3 [pid 5840] <... ioctl resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] close(3 [pid 5841] rmdir("./38" [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6048] chdir("./file1" [pid 5841] <... rmdir resumed>) = 0 [pid 6049] <... openat resumed>) = 4 [pid 6048] <... chdir resumed>) = 0 [pid 5841] mkdir("./39", 0777 [pid 6049] ioctl(4, LOOP_SET_FD, 3 [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... mkdir resumed>) = 0 [pid 6048] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6050] <... ioctl resumed>) = 0 [pid 6049] <... ioctl resumed>) = 0 [pid 6048] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... openat resumed>) = 3 [pid 6050] close(3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6050] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 6050] close(4 [pid 5841] close(3 [pid 6050] <... close resumed>) = 0 [pid 6048] <... open resumed>) = 4 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6050] mkdir("./file1", 0777 [pid 6049] close(3 [pid 6048] preadv2(4, ./strace-static-x86_64: Process 6051 attached [pid 6050] <... mkdir resumed>) = 0 [pid 6049] <... close resumed>) = 0 [pid 6048] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [ 134.865939][ T6050] loop4: detected capacity change from 0 to 4096 [ 134.877976][ T6049] loop0: detected capacity change from 0 to 4096 [pid 6051] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6051 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6048] memfd_create("syzkaller", 0 [pid 6051] chdir("./40" [pid 6049] close(4 [pid 6051] <... chdir resumed>) = 0 [pid 6050] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6049] <... close resumed>) = 0 [pid 6048] <... memfd_create resumed>) = 5 [pid 5841] <... close resumed>) = 0 [pid 6049] mkdir("./file1", 0777 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] <... mkdir resumed>) = 0 [pid 6048] <... mmap resumed>) = 0x7f9875600000 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6051] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 6052 attached [pid 6051] memfd_create("syzkaller", 0 [pid 6049] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6052] set_robust_list(0x55558b799660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6052 [pid 6051] <... memfd_create resumed>) = 3 [pid 6052] <... set_robust_list resumed>) = 0 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6052] chdir("./39") = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6052] setpgid(0, 0) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6052] write(3, "1000", 4) = 4 [ 134.943005][ T6050] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 134.952455][ T6049] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6052] write(1, "executing program\n", 18) = 18 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6048] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6051] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6050] <... mount resumed>) = 0 [pid 6050] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] <... mount resumed>) = 0 [pid 6050] chdir("./file1" [pid 6049] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6050] <... chdir resumed>) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6049] <... openat resumed>) = 3 [pid 6050] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6049] chdir("./file1" [pid 6050] open("./file1", O_RDONLY|O_DIRECT [pid 6049] <... chdir resumed>) = 0 [pid 6050] <... open resumed>) = 4 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6050] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6049] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6050] memfd_create("syzkaller", 0 [pid 6049] open("./file1", O_RDONLY|O_DIRECT [pid 6050] <... memfd_create resumed>) = 5 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6049] <... open resumed>) = 4 [pid 6050] <... mmap resumed>) = 0x7f9875600000 [pid 6049] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6049] memfd_create("syzkaller", 0) = 5 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6052] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6048] <... write resumed>) = 2097152 [pid 6051] <... write resumed>) = 2097152 [pid 6048] munmap(0x7f9875600000, 138412032 [pid 6051] munmap(0x7f9875600000, 138412032) = 0 [pid 6048] <... munmap resumed>) = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6051] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6048] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6048] close(5 [pid 6051] <... openat resumed>) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3 [pid 6050] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6049] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6052] <... write resumed>) = 2097152 [pid 6051] <... ioctl resumed>) = 0 [pid 6052] munmap(0x7f9875600000, 138412032 [pid 6051] close(3) = 0 [pid 6051] close(4) = 0 [pid 6051] mkdir("./file1", 0777) = 0 [pid 6051] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6048] <... close resumed>) = 0 [pid 6052] <... munmap resumed>) = 0 [pid 6048] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [ 135.223019][ T6051] loop1: detected capacity change from 0 to 4096 [ 135.257016][ T6051] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6052] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6048] <... open resumed>) = 5 [pid 6048] truncate("./file1", 16784380 [pid 6052] close(3) = 0 [pid 6048] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6048] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6052] close(4) = 0 [pid 6052] mkdir("./file1", 0777 [pid 6048] <... openat resumed>) = 6 [pid 6052] <... mkdir resumed>) = 0 [pid 6048] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [ 135.275853][ T6052] loop2: detected capacity change from 0 to 4096 [pid 6052] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6050] <... write resumed>) = 2097152 [pid 6049] <... write resumed>) = 2097152 [pid 6048] exit_group(0 [pid 6049] munmap(0x7f9875600000, 138412032 [pid 6050] munmap(0x7f9875600000, 138412032 [pid 6049] <... munmap resumed>) = 0 [pid 6050] <... munmap resumed>) = 0 [pid 6048] <... exit_group resumed>) = ? [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6049] close(5 [pid 6048] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6050] close(5 [ 135.317936][ T6052] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5842] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6051] <... mount resumed>) = 0 [pid 6051] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6049] <... close resumed>) = 0 [pid 6051] <... openat resumed>) = 3 [pid 6051] chdir("./file1") = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6051] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6051] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6049] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6051] memfd_create("syzkaller", 0) = 5 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6050] <... close resumed>) = 0 [pid 6050] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6049] <... open resumed>) = 5 [pid 5842] <... umount2 resumed>) = 0 [pid 6050] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6049] truncate("./file1", 16784380 [pid 6050] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6049] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6049] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6050] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6049] exit_group(0 [pid 6050] exit_group(0 [pid 6049] <... exit_group resumed>) = ? [pid 5842] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... exit_group resumed>) = ? [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] +++ exited with 0 +++ [pid 5842] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6049] +++ exited with 0 +++ [pid 5843] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5843] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./38/file1") = 0 [pid 6051] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6052] <... mount resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6052] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6052] <... openat resumed>) = 3 [pid 5842] unlink("./38/binderfs" [pid 6052] chdir("./file1" [pid 5842] <... unlink resumed>) = 0 [pid 6052] <... chdir resumed>) = 0 [pid 5842] getdents64(3, [pid 6052] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6052] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 6052] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./38") = 0 [pid 6052] <... open resumed>) = 4 [pid 6052] preadv2(4, [pid 5842] mkdir("./39", 0777 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 6052] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... umount2 resumed>) = 0 [pid 6052] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 5839] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 5839] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] <... memfd_create resumed>) = 5 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(4, "", [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./39/file1") = 0 [pid 5843] newfstatat(AT_FDCWD, "./37/file1", [pid 5839] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] unlink("./39/binderfs" [pid 5843] <... openat resumed>) = 4 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 6052] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... close resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5839] rmdir("./39" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5843] getdents64(4, [pid 5839] mkdir("./40", 0777 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... mkdir resumed>) = 0 [pid 5843] getdents64(4, [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5843] close(4 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] <... close resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5843] rmdir("./37/file1" [pid 5839] close(3 [pid 5843] <... rmdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached [pid 5843] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6053 [pid 5843] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6053] set_robust_list(0x55558b799660, 24 [pid 5843] unlink("./37/binderfs") = 0 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6053] chdir("./40" [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6053] <... chdir resumed>) = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 executing program [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] close(3) = 0 [pid 5843] rmdir("./37") = 0 [pid 6053] write(3, "1000", 4) = 4 [pid 5843] mkdir("./38", 0777 [pid 6053] close(3 [pid 5843] <... mkdir resumed>) = 0 [pid 6053] <... close resumed>) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] write(1, "executing program\n", 18) = 18 [pid 6053] memfd_create("syzkaller", 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6053] <... memfd_create resumed>) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6051] <... write resumed>) = 2097152 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6051] munmap(0x7f9875600000, 138412032) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6054 ./strace-static-x86_64: Process 6054 attached [pid 6054] set_robust_list(0x55558b799660, 24 [pid 6051] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6054] <... set_robust_list resumed>) = 0 [pid 6051] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6054] chdir("./39" [pid 6051] close(5 [pid 6052] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6054] <... chdir resumed>) = 0 [pid 6053] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6051] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6054] setpgid(0, 0) = 0 [pid 6051] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached [pid 6051] <... open resumed>) = 5 [pid 6054] symlink("/dev/binderfs", "./binderfs" [pid 6052] <... write resumed>) = 2097152 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6055 [pid 6054] <... symlink resumed>) = 0 [pid 6051] truncate("./file1", 16784380 [pid 6055] set_robust_list(0x55558b799660, 24 [pid 6052] munmap(0x7f9875600000, 138412032 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6055] chdir("./38" [pid 6054] write(1, "executing program\n", 18 [pid 6055] <... chdir resumed>) = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6054] <... write resumed>) = 18 [pid 6051] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6055] write(3, "1000", 4 [pid 6051] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6051] <... openat resumed>) = 6 executing program [pid 6055] <... write resumed>) = 4 [pid 6054] <... mmap resumed>) = 0x7f9875600000 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] write(1, "executing program\n", 18) = 18 [pid 6055] memfd_create("syzkaller", 0 [pid 6052] <... munmap resumed>) = 0 [pid 6055] <... memfd_create resumed>) = 3 [pid 6051] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6051] <... mmap resumed>) = 0x200000001000 [pid 6053] <... write resumed>) = 2097152 [pid 6052] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6052] close(5 [pid 6053] munmap(0x7f9875600000, 138412032 [pid 6051] exit_group(0) = ? [pid 6053] <... munmap resumed>) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6051] +++ exited with 0 +++ [pid 6053] ioctl(4, LOOP_SET_FD, 3 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 6054] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] <... close resumed>) = 0 [pid 6053] <... ioctl resumed>) = 0 [pid 6053] close(3 [pid 5840] <... umount2 resumed>) = 0 [pid 6053] <... close resumed>) = 0 [pid 6053] close(4 [pid 6052] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6053] <... close resumed>) = 0 [pid 6053] mkdir("./file1", 0777) = 0 [ 135.826400][ T6053] loop0: detected capacity change from 0 to 4096 [pid 6052] <... open resumed>) = 5 [pid 6053] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 6052] truncate("./file1", 16784380 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6052] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] getdents64(4, [pid 6052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6052] <... openat resumed>) = 6 [pid 5840] close(4) = 0 [pid 5840] rmdir("./40/file1") = 0 [pid 5840] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./40/binderfs") = 0 [pid 5840] getdents64(3, [pid 6052] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6052] <... mmap resumed>) = 0x200000001000 [pid 5840] close(3) = 0 [pid 6052] exit_group(0 [pid 5840] rmdir("./40" [pid 6052] <... exit_group resumed>) = ? [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./41", 0777 [pid 6052] +++ exited with 0 +++ [pid 5840] <... mkdir resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6055] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6054] <... write resumed>) = 2097152 [pid 5840] <... openat resumed>) = 3 [pid 6054] munmap(0x7f9875600000, 138412032 [pid 5841] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... ioctl resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] close(3 [pid 6054] <... munmap resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 6054] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 135.877374][ T6053] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6054] <... openat resumed>) = 4 [pid 5841] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6054] close(3) = 0 [pid 6054] close(4) = 0 [pid 6054] mkdir("./file1", 0777) = 0 [pid 6054] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6053] <... mount resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./file1"./strace-static-x86_64: Process 6056 attached [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6056 [pid 5841] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] set_robust_list(0x55558b799660, 24 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] <... set_robust_list resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./39/file1", [pid 6056] chdir("./41" [pid 6055] <... write resumed>) = 2097152 [pid 6053] <... chdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6053] open("./file1", O_RDONLY|O_DIRECT [pid 6056] <... chdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6056] <... prctl resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 6056] setpgid(0, 0) = 0 [pid 6055] munmap(0x7f9875600000, 138412032 [pid 6053] <... open resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6053] preadv2(4, [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 6053] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6053] memfd_create("syzkaller", 0 [pid 5841] close(4 [pid 6056] <... openat resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 6056] write(3, "1000", 4 [pid 6053] <... memfd_create resumed>) = 5 [ 135.932255][ T6054] loop3: detected capacity change from 0 to 4096 [ 135.961888][ T6054] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). executing program [pid 5841] rmdir("./39/file1" [pid 6056] <... write resumed>) = 4 [pid 6055] <... munmap resumed>) = 0 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6056] close(3 [pid 5841] <... rmdir resumed>) = 0 [pid 6056] <... close resumed>) = 0 [pid 5841] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] <... symlink resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./39/binderfs", [pid 6056] write(1, "executing program\n", 18 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./39/binderfs") = 0 [pid 6056] <... write resumed>) = 18 [pid 6056] memfd_create("syzkaller", 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./39") = 0 [pid 6056] <... memfd_create resumed>) = 3 [pid 5841] mkdir("./40", 0777 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... mkdir resumed>) = 0 [pid 6056] <... mmap resumed>) = 0x7f9875600000 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6055] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... ioctl resumed>) = 0 [pid 6055] <... openat resumed>) = 4 [pid 5841] close(3 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6055] close(3) = 0 [pid 6055] close(4) = 0 [pid 6055] mkdir("./file1", 0777 [pid 6053] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6055] <... mkdir resumed>) = 0 [pid 6055] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... close resumed>) = 0 [pid 6054] <... mount resumed>) = 0 [pid 6054] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6054] <... openat resumed>) = 3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6057 ./strace-static-x86_64: Process 6057 attached [pid 6054] chdir("./file1" [pid 6057] set_robust_list(0x55558b799660, 24) = 0 [pid 6054] <... chdir resumed>) = 0 [pid 6057] chdir("./40" [pid 6054] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6057] <... chdir resumed>) = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4 [pid 6054] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6057] <... write resumed>) = 4 [pid 6054] open("./file1", O_RDONLY|O_DIRECT [pid 6057] close(3 [pid 6056] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6057] <... close resumed>) = 0 [ 136.061093][ T6055] loop4: detected capacity change from 0 to 4096 [ 136.097200][ T6055] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6057] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6057] write(1, "executing program\n", 18) = 18 [pid 6057] memfd_create("syzkaller", 0 [pid 6054] <... open resumed>) = 4 [pid 6054] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6057] <... memfd_create resumed>) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6054] memfd_create("syzkaller", 0 [pid 6057] <... mmap resumed>) = 0x7f9875600000 [pid 6054] <... memfd_create resumed>) = 5 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6053] <... write resumed>) = 2097152 [pid 6053] munmap(0x7f9875600000, 138412032) = 0 [pid 6056] <... write resumed>) = 2097152 [pid 6056] munmap(0x7f9875600000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6054] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6053] close(5 [pid 6056] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6053] <... close resumed>) = 0 [pid 6056] <... ioctl resumed>) = 0 [pid 6055] <... mount resumed>) = 0 [pid 6055] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] close(3 [pid 6055] chdir("./file1" [pid 6056] <... close resumed>) = 0 [pid 6055] <... chdir resumed>) = 0 [pid 6056] close(4 [pid 6055] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6056] <... close resumed>) = 0 [pid 6055] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6056] mkdir("./file1", 0777 [pid 6055] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6053] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6055] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6055] memfd_create("syzkaller", 0) = 5 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6056] <... mkdir resumed>) = 0 [ 136.274078][ T6056] loop1: detected capacity change from 0 to 4096 [pid 6056] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6053] <... open resumed>) = 5 [pid 6053] truncate("./file1", 16784380 [pid 6057] <... write resumed>) = 2097152 [pid 6057] munmap(0x7f9875600000, 138412032 [pid 6053] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6057] <... munmap resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6053] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6053] exit_group(0) = ? [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3 [pid 6053] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6054] <... write resumed>) = 2097152 [ 136.336033][ T6056] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6054] munmap(0x7f9875600000, 138412032 [pid 5839] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6054] <... munmap resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6057] <... ioctl resumed>) = 0 [pid 6057] close(3) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6057] close(4 [pid 6054] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6057] <... close resumed>) = 0 [pid 6054] close(5 [pid 6057] mkdir("./file1", 0777) = 0 [ 136.390766][ T6057] loop2: detected capacity change from 0 to 4096 [pid 6057] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6055] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [ 136.446831][ T6057] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 6054] <... close resumed>) = 0 [pid 5839] rmdir("./40/file1" [pid 6054] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6054] <... open resumed>) = 5 [pid 6054] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6054] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6054] exit_group(0 [pid 5839] unlink("./40/binderfs" [pid 6054] <... exit_group resumed>) = ? [pid 6056] <... mount resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6056] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] close(3) = 0 [pid 5839] rmdir("./40" [pid 6056] <... openat resumed>) = 3 [pid 6054] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=17 /* 0.17 s */} --- [pid 6056] chdir("./file1" [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... rmdir resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6056] <... chdir resumed>) = 0 [pid 5842] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] mkdir("./41", 0777 [pid 5842] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6056] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 5839] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] open("./file1", O_RDONLY|O_DIRECT [pid 6055] <... write resumed>) = 2097152 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 6055] munmap(0x7f9875600000, 138412032 [pid 5839] close(3) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6058 attached [pid 6056] <... open resumed>) = 4 [pid 6055] <... munmap resumed>) = 0 [pid 6058] set_robust_list(0x55558b799660, 24 [pid 6056] preadv2(4, [pid 6058] <... set_robust_list resumed>) = 0 [pid 6058] chdir("./41") = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6058 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6056] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... umount2 resumed>) = 0 [pid 6056] memfd_create("syzkaller", 0 [pid 5842] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6058] <... prctl resumed>) = 0 [pid 6058] setpgid(0, 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] <... memfd_create resumed>) = 5 [pid 6058] <... setpgid resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6058] <... openat resumed>) = 3 [pid 5842] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6058] write(3, "1000", 4) = 4 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... openat resumed>) = 4 [pid 6058] close(3 [pid 6056] <... mmap resumed>) = 0x7f9875600000 [pid 5842] newfstatat(4, "", [pid 6058] <... close resumed>) = 0 [pid 6058] symlink("/dev/binderfs", "./binderfs" [pid 6055] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6058] <... symlink resumed>) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 6058] write(1, "executing program\n", 18executing program [pid 5842] rmdir("./39/file1" [pid 6058] <... write resumed>) = 18 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6058] memfd_create("syzkaller", 0 [pid 5842] unlink("./39/binderfs") = 0 [pid 5842] getdents64(3, [pid 6058] <... memfd_create resumed>) = 3 [pid 6055] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6055] close(5 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./39") = 0 [pid 6057] <... mount resumed>) = 0 [pid 5842] mkdir("./40", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached [pid 6057] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6059] set_robust_list(0x55558b799660, 24 [pid 6057] <... openat resumed>) = 3 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6059] chdir("./40") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6059 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] chdir("./file1" [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6059] write(1, "executing program\n", 18) = 18 [pid 6059] memfd_create("syzkaller", 0 [pid 6057] <... chdir resumed>) = 0 [pid 6059] <... memfd_create resumed>) = 3 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] open("./file1", O_RDONLY|O_DIRECT [pid 6055] <... close resumed>) = 0 [pid 6055] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6057] <... open resumed>) = 4 [pid 6057] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6057] memfd_create("syzkaller", 0) = 5 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6056] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6055] <... open resumed>) = 5 [pid 6055] truncate("./file1", 16784380 [pid 6058] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6055] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6055] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6055] exit_group(0) = ? [pid 6059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6055] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5843] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5843] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6058] <... write resumed>) = 2097152 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./38/file1") = 0 [pid 5843] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6058] munmap(0x7f9875600000, 138412032 [pid 6056] <... write resumed>) = 2097152 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./38/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6056] munmap(0x7f9875600000, 138412032 [pid 5843] close(3) = 0 [pid 5843] rmdir("./38") = 0 [pid 6058] <... munmap resumed>) = 0 [pid 6057] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6056] <... munmap resumed>) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] mkdir("./39", 0777 [pid 6058] <... openat resumed>) = 4 [pid 5843] <... mkdir resumed>) = 0 [pid 6059] <... write resumed>) = 2097152 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 6056] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6058] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6056] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... openat resumed>) = 3 [pid 6059] munmap(0x7f9875600000, 138412032 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6059] <... munmap resumed>) = 0 [pid 6056] close(5 [pid 5843] <... ioctl resumed>) = 0 [pid 6058] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(3) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached , child_tidptr=0x55558b799650) = 6060 [pid 6060] set_robust_list(0x55558b799660, 24) = 0 [pid 6060] chdir("./39") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6059] <... openat resumed>) = 4 [pid 6060] <... openat resumed>) = 3 [pid 6059] ioctl(4, LOOP_SET_FD, 3 [pid 6060] write(3, "1000", 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6057] <... write resumed>) = 2097152 [pid 6056] <... close resumed>) = 0 [pid 6058] close(4 [pid 6057] munmap(0x7f9875600000, 138412032 [pid 6056] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6060] <... write resumed>) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6060] write(1, "executing program\n", 18) = 18 [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6059] <... ioctl resumed>) = 0 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6059] close(3 [pid 6060] <... mmap resumed>) = 0x7f9875600000 [pid 6059] <... close resumed>) = 0 [pid 6059] close(4) = 0 [pid 6059] mkdir("./file1", 0777) = 0 [ 136.964535][ T6059] loop3: detected capacity change from 0 to 4096 [ 136.985989][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 136.986006][ T30] audit: type=1804 audit(1750615418.255:406): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/41/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 6059] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6058] <... close resumed>) = 0 [pid 6057] <... munmap resumed>) = 0 [ 137.002628][ T6059] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6058] close(3) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6058] open("./file1", O_RDONLY|O_DIRECT) = -1 ENOENT (No such file or directory) [pid 6057] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6058] preadv2(-1, [{iov_base=0x200000001200, iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = -1 EBADF (Bad file descriptor) [pid 6057] close(5 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6056] <... open resumed>) = 5 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6056] truncate("./file1", 16784380 [pid 6058] <... mmap resumed>) = 0x7f9875600000 [pid 6056] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6056] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6056] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6056] exit_group(0) = ? [pid 6056] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5840] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", [pid 6058] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6057] <... close resumed>) = 0 [pid 6060] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6057] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6057] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6059] <... mount resumed>) = 0 [pid 6057] <... openat resumed>) = 6 [pid 6057] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6057] exit_group(0) = ? [pid 6059] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./file1") = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6059] open("./file1", O_RDONLY|O_DIRECT [pid 6058] <... write resumed>) = 2097152 [pid 6057] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=13 /* 0.13 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 6058] munmap(0x7f9875600000, 138412032 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 137.161232][ T30] audit: type=1804 audit(1750615418.415:407): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/40/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5840] <... umount2 resumed>) = 0 [pid 6059] <... open resumed>) = 4 [pid 5841] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6059] preadv2(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] <... write resumed>) = 2097152 [pid 6059] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6058] <... munmap resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./41/file1", [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 5840] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6060] munmap(0x7f9875600000, 138412032 [pid 6059] memfd_create("syzkaller", 0 [pid 6058] <... ioctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 6058] close(3) = 0 [pid 6058] close(4) = 0 [pid 6058] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6058] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", 0, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x10\x37\x35\x2c\x73\x70\x61\x72\x73\x65\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x65\x75\x63\x2d\x6a\x70\x2c\x61\x63\x6c\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70"... [pid 6059] <... memfd_create resumed>) = 5 [pid 5841] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6059] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5841] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6060] <... munmap resumed>) = 0 [pid 5840] getdents64(4, [pid 5841] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6060] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [ 137.222579][ T30] audit: type=1800 audit(1750615418.485:408): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 137.247016][ T6058] loop0: detected capacity change from 0 to 4096 [pid 6060] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5840] getdents64(4, [pid 6060] ioctl(4, LOOP_SET_FD, 3 [pid 5841] newfstatat(4, "", [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] close(4) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] rmdir("./41/file1" [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] close(4) = 0 [pid 5840] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./40/file1" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... rmdir resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./41/binderfs", [pid 5841] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./41/binderfs" [pid 5841] unlink("./40/binderfs") = 0 [pid 5841] getdents64(3, [pid 5840] <... unlink resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(3, [pid 5841] close(3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] close(3 [pid 5841] rmdir("./40" [pid 5840] <... close resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] rmdir("./41" [pid 6060] <... ioctl resumed>) = 0 [pid 5841] mkdir("./41", 0777 [pid 5840] <... rmdir resumed>) = 0 [pid 6060] close(3 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] mkdir("./42", 0777 [pid 6060] <... close resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 6060] close(4 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6060] <... close resumed>) = 0 [pid 6060] mkdir("./file1", 0777 [pid 5840] <... openat resumed>) = 3 [pid 6060] <... mkdir resumed>) = 0 [pid 6060] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6058] <... mount resumed>) = 0 [pid 6058] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6058] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] close(3 [pid 5841] <... ioctl resumed>) = 0 [ 137.307972][ T6060] loop4: detected capacity change from 0 to 4096 [pid 5841] close(3 [pid 6058] <... open resumed>) = 4 [pid 6059] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6058] truncate("./file1", 16784380) = 0 [pid 6058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... close resumed>) = 0 [pid 6058] <... openat resumed>) = 5 [pid 5841] <... close resumed>) = 0 [ 137.369811][ T6060] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6061 attached [pid 6058] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6061] set_robust_list(0x55558b799660, 24 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6061 [ 137.455488][ T6058] [ 137.457869][ T6058] ====================================================== [ 137.464977][ T6058] WARNING: possible circular locking dependency detected [ 137.471996][ T6058] 6.16.0-rc2-next-20250620-syzkaller #0 Not tainted [ 137.478667][ T6058] ------------------------------------------------------ [ 137.486029][ T6058] syz-executor884/6058 is trying to acquire lock: [ 137.492465][ T6058] ffff888073a35bb8 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: ntfs_file_mmap_prepare+0x599/0x770 [ 137.503373][ T6058] [ 137.503373][ T6058] but task is already holding lock: [ 137.510828][ T6058] ffff888078ffc260 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1bd/0x4c0 [ 137.519814][ T6058] [ 137.519814][ T6058] which lock already depends on the new lock. [ 137.519814][ T6058] [ 137.530416][ T6058] [ 137.530416][ T6058] the existing dependency chain (in reverse order) is: [ 137.539442][ T6058] [ 137.539442][ T6058] -> #1 (&mm->mmap_lock){++++}-{4:4}: [ 137.547013][ T6058] lock_acquire+0x120/0x360 [ 137.552116][ T6058] gup_fast_fallback+0x22e/0x2270 [ 137.557665][ T6058] iov_iter_extract_pages+0x35a/0x5e0 [ 137.563559][ T6058] __blockdev_direct_IO+0x1166/0x3490 [ 137.569457][ T6058] ntfs_direct_IO+0x20b/0x410 [ 137.574650][ T6058] generic_file_read_iter+0x319/0x510 [ 137.580540][ T6058] do_iter_readv_writev+0x56b/0x7f0 [ 137.586263][ T6058] vfs_readv+0x253/0x850 [ 137.591195][ T6058] __se_sys_preadv2+0x179/0x290 [ 137.596573][ T6058] do_syscall_64+0xfa/0x3b0 [ 137.601605][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.608020][ T6058] [ 137.608020][ T6058] -> #0 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}: [ 137.616709][ T6058] validate_chain+0xb9b/0x2140 [ 137.622004][ T6058] __lock_acquire+0xab9/0xd20 [ 137.627205][ T6058] lock_acquire+0x120/0x360 [ 137.632399][ T6058] down_write+0x96/0x1f0 [ 137.637159][ T6058] ntfs_file_mmap_prepare+0x599/0x770 [ 137.643047][ T6058] mmap_region+0xb4a/0x2080 [ 137.648082][ T6058] do_mmap+0xc45/0x10d0 [ 137.652759][ T6058] vm_mmap_pgoff+0x31b/0x4c0 [ 137.657864][ T6058] ksys_mmap_pgoff+0x51f/0x760 [ 137.663146][ T6058] do_syscall_64+0xfa/0x3b0 [ 137.668194][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.674611][ T6058] [ 137.674611][ T6058] other info that might help us debug this: [ 137.674611][ T6058] [ 137.684919][ T6058] Possible unsafe locking scenario: [ 137.684919][ T6058] [ 137.692365][ T6058] CPU0 CPU1 [ 137.697808][ T6058] ---- ---- [ 137.703166][ T6058] lock(&mm->mmap_lock); [ 137.707492][ T6058] lock(&sb->s_type->i_mutex_key#15); [ 137.715573][ T6058] lock(&mm->mmap_lock); [ 137.722443][ T6058] lock(&sb->s_type->i_mutex_key#15); [ 137.728143][ T6058] [ 137.728143][ T6058] *** DEADLOCK *** [ 137.728143][ T6058] [ 137.736293][ T6058] 1 lock held by syz-executor884/6058: [ 137.741856][ T6058] #0: ffff888078ffc260 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1bd/0x4c0 [ 137.751288][ T6058] [ 137.751288][ T6058] stack backtrace: [ 137.757189][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz-executor884 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 137.757207][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.757216][ T6058] Call Trace: [ 137.757224][ T6058] [ 137.757230][ T6058] dump_stack_lvl+0x189/0x250 [ 137.757256][ T6058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.757275][ T6058] ? __pfx__printk+0x10/0x10 [ 137.757291][ T6058] ? print_lock_name+0xde/0x100 [ 137.757306][ T6058] print_circular_bug+0x2ee/0x310 [ 137.757321][ T6058] check_noncircular+0x134/0x160 [ 137.757344][ T6058] validate_chain+0xb9b/0x2140 [ 137.757366][ T6058] ? up_write+0x1c4/0x420 [ 137.757383][ T6058] __lock_acquire+0xab9/0xd20 [ 137.757401][ T6058] ? ntfs_file_mmap_prepare+0x599/0x770 [ 137.757415][ T6058] lock_acquire+0x120/0x360 [ 137.757431][ T6058] ? ntfs_file_mmap_prepare+0x599/0x770 [ 137.757447][ T6058] down_write+0x96/0x1f0 [ 137.757462][ T6058] ? ntfs_file_mmap_prepare+0x599/0x770 [ 137.757474][ T6058] ? __pfx_down_write+0x10/0x10 [ 137.757489][ T6058] ? vms_clear_ptes+0x42c/0x540 [ 137.757508][ T6058] ntfs_file_mmap_prepare+0x599/0x770 [ 137.757521][ T6058] ? __pfx_vms_clear_ptes+0x10/0x10 [ 137.757540][ T6058] ? __pfx_ntfs_file_mmap_prepare+0x10/0x10 [ 137.757554][ T6058] ? mas_find+0x9ba/0xbc0 [ 137.757575][ T6058] mmap_region+0xb4a/0x2080 [ 137.757596][ T6058] ? process_measurement+0x15b6/0x1a40 [ 137.757611][ T6058] ? __pfx_mmap_region+0x10/0x10 [ 137.757629][ T6058] ? __pfx___mutex_lock+0x10/0x10 [ 137.757645][ T6058] ? rcu_is_watching+0x15/0xb0 [ 137.757663][ T6058] ? process_measurement+0x15c3/0x1a40 [ 137.757689][ T6058] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 137.757712][ T6058] ? cap_mmap_addr+0xb0/0x100 [ 137.757729][ T6058] ? bpf_lsm_mmap_addr+0x9/0x20 [ 137.757746][ T6058] ? security_mmap_addr+0x71/0x270 [ 137.757762][ T6058] ? shmem_mapping+0xd/0x50 [ 137.757777][ T6058] ? memfd_check_seals_mmap+0xc5/0x200 [ 137.757793][ T6058] do_mmap+0xc45/0x10d0 [ 137.757815][ T6058] ? __pfx_do_mmap+0x10/0x10 [ 137.757830][ T6058] ? down_write_killable+0x178/0x230 [ 137.757845][ T6058] ? end_current_label_crit_section+0x152/0x180 [ 137.757865][ T6058] ? __pfx_down_write_killable+0x10/0x10 [ 137.757882][ T6058] vm_mmap_pgoff+0x31b/0x4c0 [ 137.757901][ T6058] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 137.757917][ T6058] ? __fget_files+0x2a/0x420 [ 137.757931][ T6058] ? __fget_files+0x3a0/0x420 [ 137.757943][ T6058] ? __fget_files+0x2a/0x420 [ 137.757956][ T6058] ksys_mmap_pgoff+0x51f/0x760 [ 137.757976][ T6058] do_syscall_64+0xfa/0x3b0 [ 137.757989][ T6058] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.758001][ T6058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.758014][ T6058] ? clear_bhb_loop+0x60/0xb0 [ 137.758029][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.758048][ T6058] RIP: 0033:0x7f987db1e559 [ 137.758062][ T6058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 137.758074][ T6058] RSP: 002b:00007ffff4bb1ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 137.758090][ T6058] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f987db1e559 [ 137.758100][ T6058] RDX: 000000000000000e RSI: 0000000000001000 RDI: 0000200000001000 [ 137.758109][ T6058] RBP: 00002000000000c0 R08: 0000000000000005 R09: 0000000000000000 [ 137.758117][ T6058] R10: 0000000000000011 R11: 0000000000000246 R12: 0031656c69662f2e [ 137.758126][ T6058] R13: 0000200000000040 R14: 431bde82d7b634db R15: 00007ffff4bb1b50 [ 137.758141][ T6058] ./strace-static-x86_64: Process 6062 attached [pid 6061] <... set_robust_list resumed>) = 0 [pid 6060] <... mount resumed>) = 0 [pid 6059] <... write resumed>) = 2097152 [pid 6062] set_robust_list(0x55558b799660, 24 [pid 6061] chdir("./42" [pid 6060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6059] munmap(0x7f9875600000, 138412032 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6062 [pid 6060] <... openat resumed>) = 3 [pid 6062] <... set_robust_list resumed>) = 0 [pid 6061] <... chdir resumed>) = 0 [pid 6060] chdir("./file1" [pid 6059] <... munmap resumed>) = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6060] <... chdir resumed>) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6062] chdir("./41" [pid 6061] <... prctl resumed>) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6059] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6062] <... chdir resumed>) = 0 [pid 6061] setpgid(0, 0 [pid 6060] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6059] close(5 [pid 6061] <... setpgid resumed>) = 0 [pid 6060] open("./file1", O_RDONLY|O_DIRECT [pid 6058] <... mmap resumed>) = 0x200000001000 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6060] <... open resumed>) = 4 [pid 6059] <... close resumed>) = 0 [pid 6062] <... prctl resumed>) = 0 [pid 6060] preadv2(4, [pid 6062] setpgid(0, 0 [pid 6061] <... openat resumed>) = 3 [pid 6059] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6058] exit_group(0) = ? [pid 6058] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5839] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 176 [pid 5839] umount2("\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6062] <... setpgid resumed>) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4 [ 138.156397][ T30] audit: type=1800 audit(1750615419.425:409): pid=6060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 6062] write(3, "1000", 4) = 4 [pid 6061] <... write resumed>) = 4 [pid 6062] close(3 [pid 6060] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6062] <... close resumed>) = 0 [pid 6059] <... open resumed>) = 5 [pid 6062] symlink("/dev/binderfs", "./binderfs" [pid 6060] memfd_create("syzkaller", 0 [pid 6061] close(3 [pid 6062] <... symlink resumed>) = 0 [pid 6061] <... close resumed>) = 0 [pid 6060] <... memfd_create resumed>) = 5 [pid 6059] truncate("./file1", 16784380 [pid 6062] write(1, "executing program\n", 18 [pid 6061] symlink("/dev/binderfs", "./binderfs" [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... umount2 resumed>) = 0 executing program [pid 6062] <... write resumed>) = 18 [pid 6061] <... symlink resumed>) = 0 [pid 6060] <... mmap resumed>) = 0x7f9875600000 [pid 6061] write(1, "executing program\n", 18executing program [pid 6062] memfd_create("syzkaller", 0 [pid 6061] <... write resumed>) = 18 [pid 6059] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6059] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] umount2("\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6059] <... openat resumed>) = 6 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 6059] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] rmdir("\x2e\x2f\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5839] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./41/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./41") = 0 [pid 5839] mkdir("./42", 0777 [pid 6059] <... mmap resumed>) = 0x200000001000 [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6062] <... memfd_create resumed>) = 3 [pid 6061] memfd_create("syzkaller", 0 [pid 6059] exit_group(0) = ? [pid 6059] +++ exited with 0 +++ [ 138.202470][ T30] audit: type=1804 audit(1750615419.475:410): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/40/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6061] <... memfd_create resumed>) = 3 [pid 6062] <... mmap resumed>) = 0x7f9875600000 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5842] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./40/file1") = 0 [pid 5842] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./40/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./40") = 0 [pid 5839] <... close resumed>) = 0 [pid 5842] mkdir("./41", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6060] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6063 ./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x55558b799660, 24) = 0 [pid 6063] chdir("./42") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6063] write(1, "executing program\n", 18) = 18 [pid 6063] memfd_create("syzkaller", 0 [pid 6061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6060] <... write resumed>) = 2097152 [pid 6060] munmap(0x7f9875600000, 138412032 [pid 6063] <... memfd_create resumed>) = 3 [pid 6062] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... close resumed>) = 0 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6064 attached [pid 6063] <... mmap resumed>) = 0x7f9875600000 [pid 6061] <... write resumed>) = 2097152 [pid 6060] <... munmap resumed>) = 0 [pid 6064] set_robust_list(0x55558b799660, 24 [pid 6061] munmap(0x7f9875600000, 138412032 [pid 6060] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6064] <... set_robust_list resumed>) = 0 [pid 6061] <... munmap resumed>) = 0 [pid 6060] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6064] chdir("./41" [pid 6061] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6060] close(5 [pid 6064] <... chdir resumed>) = 0 [pid 6061] <... openat resumed>) = 4 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6061] ioctl(4, LOOP_SET_FD, 3 [pid 6060] <... close resumed>) = 0 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6064 [pid 6064] <... prctl resumed>) = 0 [pid 6060] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6064] setpgid(0, 0 [pid 6063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6062] <... write resumed>) = 2097152 [pid 6061] <... ioctl resumed>) = 0 [pid 6064] <... setpgid resumed>) = 0 [pid 6062] munmap(0x7f9875600000, 138412032 [pid 6061] close(3 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6063] <... write resumed>) = 2097152 [pid 6062] <... munmap resumed>) = 0 [pid 6061] <... close resumed>) = 0 [pid 6064] <... openat resumed>) = 3 [pid 6063] munmap(0x7f9875600000, 138412032 [pid 6062] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6061] close(4 [pid 6064] write(3, "1000", 4 [pid 6063] <... munmap resumed>) = 0 [pid 6062] <... openat resumed>) = 4 [pid 6061] <... close resumed>) = 0 [pid 6060] <... open resumed>) = 5 [pid 6064] <... write resumed>) = 4 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6062] ioctl(4, LOOP_SET_FD, 3 [pid 6061] mkdir("./file1", 0777 [ 138.374902][ T6061] loop1: detected capacity change from 0 to 4096 [ 138.380420][ T30] audit: type=1804 audit(1750615419.655:411): pid=6060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/39/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 6060] truncate("./file1", 16784380 [pid 6064] close(3 [pid 6063] <... openat resumed>) = 4 [pid 6061] <... mkdir resumed>) = 0 [pid 6060] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6064] <... close resumed>) = 0 [pid 6063] ioctl(4, LOOP_SET_FD, 3 [pid 6061] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 executing program [pid 6064] symlink("/dev/binderfs", "./binderfs" [pid 6063] <... ioctl resumed>) = 0 [pid 6062] <... ioctl resumed>) = 0 [pid 6060] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6064] <... symlink resumed>) = 0 [pid 6063] close(3 [pid 6062] close(3 [pid 6060] <... mmap resumed>) = 0x200000001000 [pid 6064] write(1, "executing program\n", 18 [pid 6063] <... close resumed>) = 0 [pid 6062] <... close resumed>) = 0 [pid 6060] exit_group(0 [pid 6064] <... write resumed>) = 18 [pid 6063] close(4 [pid 6062] close(4 [pid 6060] <... exit_group resumed>) = ? [pid 6064] memfd_create("syzkaller", 0 [pid 6063] <... close resumed>) = 0 [pid 6062] <... close resumed>) = 0 [pid 6060] +++ exited with 0 +++ [pid 6064] <... memfd_create resumed>) = 3 [pid 6063] mkdir("./file1", 0777 [pid 6062] mkdir("./file1", 0777 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6063] <... mkdir resumed>) = 0 [pid 6062] <... mkdir resumed>) = 0 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6064] <... mmap resumed>) = 0x7f9875600000 [ 138.419206][ T6062] loop2: detected capacity change from 0 to 4096 [ 138.432562][ T6063] loop0: detected capacity change from 0 to 4096 [ 138.449850][ T6061] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6063] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6062] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5843] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6064] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... openat resumed>) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./39/file1") = 0 [pid 5843] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./39/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [ 138.486123][ T6062] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 138.497835][ T6063] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] rmdir("./39") = 0 [pid 6064] <... write resumed>) = 2097152 [pid 6062] <... mount resumed>) = 0 [pid 6062] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6062] chdir("./file1") = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6062] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6062] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] mkdir("./40", 0777 [pid 6062] memfd_create("syzkaller", 0 [pid 5843] <... mkdir resumed>) = 0 [pid 6062] <... memfd_create resumed>) = 5 [pid 6064] munmap(0x7f9875600000, 138412032 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6062] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... openat resumed>) = 3 [pid 6064] <... munmap resumed>) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3 [pid 6063] <... mount resumed>) = 0 [ 138.547980][ T30] audit: type=1800 audit(1750615419.815:412): pid=6062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 6064] <... ioctl resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6061] <... mount resumed>) = 0 [pid 6063] <... openat resumed>) = 3 [pid 6062] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6061] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... close resumed>) = 0 [pid 6063] chdir("./file1") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6063] open("./file1", O_RDONLY|O_DIRECT [pid 6064] close(3) = 0 [pid 6064] close(4) = 0 [pid 6064] mkdir("./file1", 0777) = 0 [pid 6061] <... openat resumed>) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6063] <... open resumed>) = 4 [ 138.590082][ T6064] loop3: detected capacity change from 0 to 4096 [ 138.620335][ T6064] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6063] preadv2(4, [pid 6064] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6061] chdir("./file1" [pid 6063] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6061] <... chdir resumed>) = 0 [pid 6063] memfd_create("syzkaller", 0) = 5 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6061] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6061] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6061] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6061] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6065 attached ) = 5 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6065 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6065] set_robust_list(0x55558b799660, 24 [pid 6062] <... write resumed>) = 2097152 [pid 6061] <... mmap resumed>) = 0x7f9875600000 [pid 6064] <... mount resumed>) = 0 [pid 6064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 138.629463][ T30] audit: type=1800 audit(1750615419.885:413): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 6065] <... set_robust_list resumed>) = 0 [pid 6064] chdir("./file1" [pid 6062] munmap(0x7f9875600000, 138412032 [pid 6065] chdir("./40" [pid 6064] <... chdir resumed>) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6064] open("./file1", O_RDONLY|O_DIRECT [pid 6065] <... chdir resumed>) = 0 [pid 6064] <... open resumed>) = 4 [pid 6062] <... munmap resumed>) = 0 [pid 6064] preadv2(4, [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6064] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6063] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6062] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6065] <... prctl resumed>) = 0 [pid 6064] memfd_create("syzkaller", 0 [pid 6062] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6061] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6065] setpgid(0, 0 [pid 6064] <... memfd_create resumed>) = 5 [pid 6062] close(5executing program [pid 6065] <... setpgid resumed>) = 0 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6062] <... close resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6062] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6065] <... openat resumed>) = 3 [pid 6062] <... open resumed>) = 5 [pid 6065] write(3, "1000", 4 [pid 6062] truncate("./file1", 16784380 [pid 6065] <... write resumed>) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] write(1, "executing program\n", 18) = 18 [pid 6065] memfd_create("syzkaller", 0) = 3 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6064] <... mmap resumed>) = 0x7f9875600000 [pid 6063] <... write resumed>) = 2097152 [pid 6062] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6062] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6062] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6062] exit_group(0) = ? [pid 6062] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6063] munmap(0x7f9875600000, 138412032 [ 138.672926][ T30] audit: type=1800 audit(1750615419.935:414): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 138.699170][ T30] audit: type=1800 audit(1750615419.965:415): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5841] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./41/file1") = 0 [pid 5841] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./41/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./41") = 0 [pid 5841] mkdir("./42", 0777 [pid 6063] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6063] close(5 [pid 5841] <... openat resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6061] <... write resumed>) = 2097152 [pid 5841] <... close resumed>) = 0 [pid 6061] munmap(0x7f9875600000, 138412032) = 0 [pid 6065] <... write resumed>) = 2097152 [pid 6064] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6063] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6063] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6063] truncate("./file1", 16784380 [pid 6061] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6061] close(5./strace-static-x86_64: Process 6066 attached [pid 6063] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6066] set_robust_list(0x55558b799660, 24 [pid 6063] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6066] <... set_robust_list resumed>) = 0 [pid 6063] <... openat resumed>) = 6 [pid 6063] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6066] chdir("./42" [pid 6063] <... mmap resumed>) = 0x200000001000 [pid 6066] <... chdir resumed>) = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6065] munmap(0x7f9875600000, 138412032 [pid 6063] exit_group(0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6066 [pid 6066] <... prctl resumed>) = 0 [pid 6063] <... exit_group resumed>) = ? [pid 6066] setpgid(0, 0) = 0 [pid 6065] <... munmap resumed>) = 0 [pid 6063] +++ exited with 0 +++ [pid 6061] <... close resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6065] <... openat resumed>) = 4 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6065] ioctl(4, LOOP_SET_FD, 3 [pid 6066] <... openat resumed>) = 3 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] write(3, "1000", 4 [pid 6064] <... write resumed>) = 2097152 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6066] <... write resumed>) = 4 [pid 6064] munmap(0x7f9875600000, 138412032 [pid 5839] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./42/file1") = 0 [pid 6064] <... munmap resumed>) = 0 [pid 5839] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] <... close resumed>) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./42/binderfs", [pid 6066] <... symlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6066] write(1, "executing program\n", 18 [pid 6061] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6061] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6066] <... write resumed>) = 18 [pid 6061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6061] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6061] exit_group(0) = ? executing program [pid 6066] memfd_create("syzkaller", 0 [pid 6061] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=5 /* 0.05 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] unlink("./42/binderfs" [pid 6066] <... memfd_create resumed>) = 3 [pid 6064] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 6064] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 6066] <... mmap resumed>) = 0x7f9875600000 [pid 5839] rmdir("./42" [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] close(5 [pid 5839] <... rmdir resumed>) = 0 [pid 6065] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./42/file1") = 0 [pid 5840] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./42/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./42") = 0 [pid 5840] mkdir("./43", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 138.862272][ T6065] loop4: detected capacity change from 0 to 4096 [pid 5840] close(3 [pid 6065] close(3 [pid 6064] <... close resumed>) = 0 [pid 5839] mkdir("./43", 0777 [pid 6065] <... close resumed>) = 0 [pid 6065] close(4 [pid 5839] <... mkdir resumed>) = 0 [pid 6065] <... close resumed>) = 0 [pid 6065] mkdir("./file1", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6065] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6064] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6066] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached [pid 6064] <... open resumed>) = 5 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6067 [pid 6067] set_robust_list(0x55558b799660, 24 [pid 6064] truncate("./file1", 16784380 [pid 6067] <... set_robust_list resumed>) = 0 [pid 6064] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6067] chdir("./43" [pid 6064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6067] <... chdir resumed>) = 0 [pid 6064] <... openat resumed>) = 6 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6064] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6067] <... prctl resumed>) = 0 [pid 6064] <... mmap resumed>) = 0x200000001000 [pid 6067] setpgid(0, 0 [pid 6064] exit_group(0 [pid 6067] <... setpgid resumed>) = 0 [pid 6064] <... exit_group resumed>) = ? [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached [pid 6067] <... openat resumed>) = 3 [pid 6064] +++ exited with 0 +++ [pid 6067] write(3, "1000", 4 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 6067] <... write resumed>) = 4 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs" [pid 6068] set_robust_list(0x55558b799660, 24 [pid 6067] <... symlink resumed>) = 0 [pid 6068] <... set_robust_list resumed>) = 0 [pid 6067] write(1, "executing program\n", 18 [pid 6068] chdir("./43") = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 6067] <... write resumed>) = 18 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 5842] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6068 [pid 6068] <... openat resumed>) = 3 [pid 5842] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6068] write(3, "1000", 4 [pid 5842] getdents64(3, [pid 6068] <... write resumed>) = 4 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6068] close(3 [pid 5842] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] <... close resumed>) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs" [pid 6067] memfd_create("syzkaller", 0) = 3 [ 138.932939][ T6065] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). executing program [pid 6068] <... symlink resumed>) = 0 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6068] write(1, "executing program\n", 18 [pid 6067] <... mmap resumed>) = 0x7f9875600000 [pid 6068] <... write resumed>) = 18 [pid 6065] <... mount resumed>) = 0 [pid 6068] memfd_create("syzkaller", 0 [pid 6065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] <... memfd_create resumed>) = 3 [pid 6065] chdir("./file1" [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6066] <... write resumed>) = 2097152 [pid 6065] <... chdir resumed>) = 0 [pid 6068] <... mmap resumed>) = 0x7f9875600000 [pid 6065] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6066] munmap(0x7f9875600000, 138412032) = 0 [pid 6065] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6065] open("./file1", O_RDONLY|O_DIRECT [pid 6066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3 [pid 6065] <... open resumed>) = 4 [pid 6067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6065] preadv2(4, [pid 5842] <... umount2 resumed>) = 0 [pid 6068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6066] <... ioctl resumed>) = 0 [pid 6065] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] memfd_create("syzkaller", 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] <... memfd_create resumed>) = 5 [pid 5842] newfstatat(AT_FDCWD, "./41/file1", [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6065] <... mmap resumed>) = 0x7f9875600000 [pid 5842] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./41/file1") = 0 [pid 5842] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./41/binderfs", [pid 6066] close(3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6066] <... close resumed>) = 0 [pid 5842] unlink("./41/binderfs" [pid 6067] <... write resumed>) = 2097152 [pid 6066] close(4 [pid 5842] <... unlink resumed>) = 0 [pid 6066] <... close resumed>) = 0 [pid 5842] getdents64(3, [pid 6067] munmap(0x7f9875600000, 138412032 [pid 6066] mkdir("./file1", 0777 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6066] <... mkdir resumed>) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./41") = 0 [pid 6066] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] mkdir("./42", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6067] <... munmap resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6067] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 139.027903][ T6066] loop2: detected capacity change from 0 to 4096 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached [pid 6069] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6069 [pid 6069] <... set_robust_list resumed>) = 0 [pid 6069] chdir("./42") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] write(1, "executing program\n", 18 [pid 6067] close(3executing program [pid 6069] <... write resumed>) = 18 [pid 6069] memfd_create("syzkaller", 0 [pid 6067] <... close resumed>) = 0 [pid 6067] close(4) = 0 [pid 6067] mkdir("./file1", 0777 [pid 6069] <... memfd_create resumed>) = 3 [pid 6067] <... mkdir resumed>) = 0 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6067] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6069] <... mmap resumed>) = 0x7f9875600000 [ 139.080047][ T6067] loop1: detected capacity change from 0 to 4096 [ 139.091670][ T6066] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6065] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6068] <... write resumed>) = 2097152 [pid 6068] munmap(0x7f9875600000, 138412032) = 0 [pid 6066] <... mount resumed>) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6068] <... openat resumed>) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3 [pid 6066] <... openat resumed>) = 3 [ 139.124757][ T6067] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6066] chdir("./file1") = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6065] <... write resumed>) = 2097152 [pid 6068] <... ioctl resumed>) = 0 [pid 6066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6065] munmap(0x7f9875600000, 138412032 [pid 6068] close(3 [pid 6066] open("./file1", O_RDONLY|O_DIRECT [pid 6065] <... munmap resumed>) = 0 [pid 6068] <... close resumed>) = 0 [pid 6068] close(4 [pid 6067] <... mount resumed>) = 0 [pid 6066] <... open resumed>) = 4 [pid 6065] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6068] <... close resumed>) = 0 [pid 6067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6066] preadv2(4, [pid 6065] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6068] mkdir("./file1", 0777 [pid 6067] <... openat resumed>) = 3 [pid 6066] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6068] <... mkdir resumed>) = 0 [pid 6067] chdir("./file1" [pid 6066] memfd_create("syzkaller", 0 [pid 6065] close(5 [pid 6067] <... chdir resumed>) = 0 [ 139.169202][ T6068] loop0: detected capacity change from 0 to 4096 [pid 6068] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6067] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6066] <... memfd_create resumed>) = 5 [pid 6065] <... close resumed>) = 0 [pid 6067] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6067] open("./file1", O_RDONLY|O_DIRECT [pid 6066] <... mmap resumed>) = 0x7f9875600000 [pid 6065] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6067] <... open resumed>) = 4 [pid 6065] <... open resumed>) = 5 [pid 6067] preadv2(4, [pid 6065] truncate("./file1", 16784380 [pid 6067] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6067] memfd_create("syzkaller", 0) = 5 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6065] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6065] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6065] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6065] exit_group(0) = ? [pid 6065] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [ 139.232167][ T6068] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6068] <... mount resumed>) = 0 [pid 6066] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./file1") = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6068] open("./file1", O_RDONLY|O_DIRECT [pid 6069] <... write resumed>) = 2097152 [pid 6069] munmap(0x7f9875600000, 138412032) = 0 [pid 6068] <... open resumed>) = 4 [pid 6067] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6066] <... write resumed>) = 2097152 [pid 6069] <... openat resumed>) = 4 [pid 6068] preadv2(4, [pid 6069] ioctl(4, LOOP_SET_FD, 3 [pid 6066] munmap(0x7f9875600000, 138412032 [pid 5843] <... umount2 resumed>) = 0 [pid 6068] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6068] memfd_create("syzkaller", 0 [pid 6066] <... munmap resumed>) = 0 [pid 6068] <... memfd_create resumed>) = 5 [pid 5843] getdents64(4, [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6068] <... mmap resumed>) = 0x7f9875600000 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./40/file1") = 0 [pid 5843] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6069] <... ioctl resumed>) = 0 [pid 6066] close(5 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./40/binderfs") = 0 [pid 6069] close(3) = 0 [pid 6069] close(4) = 0 [pid 6069] mkdir("./file1", 0777) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./40") = 0 [pid 6069] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] mkdir("./41", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6067] <... write resumed>) = 2097152 [pid 6067] munmap(0x7f9875600000, 138412032) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6066] <... close resumed>) = 0 [pid 6067] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 139.321985][ T6069] loop3: detected capacity change from 0 to 4096 [ 139.354793][ T6069] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6066] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6068] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6067] close(5 [pid 6066] <... open resumed>) = 5 [pid 6067] <... close resumed>) = 0 [pid 6066] truncate("./file1", 16784380 [pid 5843] <... close resumed>) = 0 [pid 6069] <... mount resumed>) = 0 [pid 6068] <... write resumed>) = 2097152 [pid 6067] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6066] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6069] <... openat resumed>) = 3 [pid 6066] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6069] chdir("./file1" [pid 6068] munmap(0x7f9875600000, 138412032 [pid 6067] <... open resumed>) = 5 [pid 6066] <... mmap resumed>) = 0x200000001000 [pid 6069] <... chdir resumed>) = 0 [pid 6067] truncate("./file1", 16784380 [pid 6066] exit_group(0) = ? ./strace-static-x86_64: Process 6070 attached [pid 6068] <... munmap resumed>) = 0 [pid 6066] +++ exited with 0 +++ [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6070] set_robust_list(0x55558b799660, 24 [pid 6069] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6067] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 6070] <... set_robust_list resumed>) = 0 [pid 6067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6069] open("./file1", O_RDONLY|O_DIRECT [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 6070] chdir("./41" [pid 6067] <... openat resumed>) = 6 [pid 6070] <... chdir resumed>) = 0 [pid 6069] <... open resumed>) = 4 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6067] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] <... mmap resumed>) = 0x200000001000 [pid 6070] setpgid(0, 0 [pid 6067] exit_group(0 [pid 5841] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] <... setpgid resumed>) = 0 [pid 6069] preadv2(4, [pid 6068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6067] <... exit_group resumed>) = ? [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6069] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6068] close(5 [pid 6067] +++ exited with 0 +++ [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6070 [pid 5841] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6069] memfd_create("syzkaller", 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 6069] <... memfd_create resumed>) = 5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] getdents64(3, [pid 6070] <... openat resumed>) = 3 [pid 6070] write(3, "1000", 4 [pid 6069] <... mmap resumed>) = 0x7f9875600000 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] <... write resumed>) = 4 [pid 6070] close(3) = 0 [pid 6070] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6070] write(1, "executing program\n", 18) = 18 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6068] <... close resumed>) = 0 [pid 6068] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] <... open resumed>) = 5 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] truncate("./file1", 16784380 [pid 5841] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6068] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... openat resumed>) = 4 [pid 6068] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] newfstatat(4, "", [pid 6068] <... openat resumed>) = 6 [pid 6068] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 6068] <... mmap resumed>) = 0x200000001000 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] <... umount2 resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] exit_group(0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... exit_group resumed>) = ? [pid 5841] close(4 [pid 5840] newfstatat(AT_FDCWD, "./43/file1", [pid 5841] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] +++ exited with 0 +++ [pid 5841] rmdir("./42/file1" [pid 5840] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5841] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] getdents64(4, [pid 5841] unlink("./42/binderfs" [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5840] rmdir("./43/file1" [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5841] close(3 [pid 5840] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./42" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./43/binderfs") = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5841] mkdir("./43", 0777 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./43") = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] mkdir("./44", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5840] <... mkdir resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6069] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6070] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 6069] <... write resumed>) = 2097152 [pid 5841] <... close resumed>) = 0 [pid 6069] munmap(0x7f9875600000, 138412032 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached ./strace-static-x86_64: Process 6071 attached [pid 5839] <... umount2 resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6071 [pid 5839] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6071] set_robust_list(0x55558b799660, 24) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] chdir("./44" [pid 5839] newfstatat(AT_FDCWD, "./43/file1", [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6072 [pid 6072] set_robust_list(0x55558b799660, 24) = 0 [pid 6072] chdir("./43" [pid 6071] <... chdir resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6072] <... chdir resumed>) = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] <... prctl resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6072] <... prctl resumed>) = 0 [pid 6071] setpgid(0, 0 [pid 6069] <... munmap resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 6072] setpgid(0, 0 [pid 6071] <... setpgid resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6071] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 6072] <... setpgid resumed>) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6071] write(3, "1000", 4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6071] <... write resumed>) = 4 [pid 5839] getdents64(4, [pid 6071] close(3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6072] <... openat resumed>) = 3 [pid 6071] <... close resumed>) = 0 [pid 6070] <... write resumed>) = 2097152 [pid 6069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] close(4 [pid 6072] write(3, "1000", 4 [pid 6071] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... close resumed>) = 0 [pid 6072] <... write resumed>) = 4 [pid 5839] rmdir("./43/file1" [pid 6072] close(3 [pid 5839] <... rmdir resumed>) = 0 [pid 6071] <... symlink resumed>) = 0 [pid 5839] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6069] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6071] write(1, "executing program\n", 18 [pid 6069] close(5 [pid 5839] newfstatat(AT_FDCWD, "./43/binderfs", [pid 6072] <... close resumed>) = 0 [pid 6071] <... write resumed>) = 18 [pid 6070] munmap(0x7f9875600000, 138412032 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs" [pid 6071] memfd_create("syzkaller", 0 [pid 6070] <... munmap resumed>) = 0 [pid 5839] unlink("./43/binderfs" [pid 6072] <... symlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 6071] <... memfd_create resumed>) = 3 [pid 5839] rmdir("./43" [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... rmdir resumed>) = 0 executing program [pid 6071] <... mmap resumed>) = 0x7f9875600000 [pid 5839] mkdir("./44", 0777 [pid 6072] write(1, "executing program\n", 18 [pid 5839] <... mkdir resumed>) = 0 [pid 6072] <... write resumed>) = 18 [pid 6072] memfd_create("syzkaller", 0 [pid 6070] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6069] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6070] <... openat resumed>) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... openat resumed>) = 3 [pid 6072] <... memfd_create resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3) = 0 [pid 6071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6070] <... ioctl resumed>) = 0 [pid 6069] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6070] close(3./strace-static-x86_64: Process 6073 attached ) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6073 [pid 6070] close(4 [pid 6073] set_robust_list(0x55558b799660, 24 [pid 6070] <... close resumed>) = 0 [pid 6070] mkdir("./file1", 0777 [pid 6073] <... set_robust_list resumed>) = 0 [pid 6070] <... mkdir resumed>) = 0 [ 139.608616][ T6070] loop4: detected capacity change from 0 to 4096 [pid 6070] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6073] chdir("./44") = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6071] <... write resumed>) = 2097152 [pid 6073] <... prctl resumed>) = 0 [pid 6072] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6069] <... open resumed>) = 5 [pid 6073] setpgid(0, 0 [pid 6069] truncate("./file1", 16784380 [pid 6073] <... setpgid resumed>) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6069] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6069] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6069] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6069] exit_group(0) = ? [pid 6071] munmap(0x7f9875600000, 138412032 [pid 6069] +++ exited with 0 +++ [pid 6073] <... openat resumed>) = 3 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6071] <... munmap resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6073] write(3, "1000", 4 [pid 6071] <... openat resumed>) = 4 [pid 6073] <... write resumed>) = 4 [ 139.651237][ T6070] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6071] ioctl(4, LOOP_SET_FD, 3 [pid 6073] close(3 [pid 6070] <... mount resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6073] <... close resumed>) = 0 [pid 6070] <... openat resumed>) = 3 [pid 6073] symlink("/dev/binderfs", "./binderfs" [pid 5842] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] chdir("./file1" [pid 6073] <... symlink resumed>) = 0 [pid 6072] <... write resumed>) = 2097152 [pid 6071] <... ioctl resumed>) = 0 [pid 6070] <... chdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6073] write(1, "executing program\n", 18executing program [pid 6072] munmap(0x7f9875600000, 138412032 [pid 6071] close(3 [pid 6070] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6073] <... write resumed>) = 18 [pid 6072] <... munmap resumed>) = 0 [pid 6071] <... close resumed>) = 0 [pid 6070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... openat resumed>) = 3 [pid 6073] memfd_create("syzkaller", 0 [pid 6070] open("./file1", O_RDONLY|O_DIRECT [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6073] <... memfd_create resumed>) = 3 [pid 5842] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6070] <... open resumed>) = 4 [pid 6073] <... mmap resumed>) = 0x7f9875600000 [pid 6070] preadv2(4, [pid 6071] close(4 [pid 6070] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6071] <... close resumed>) = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6071] mkdir("./file1", 0777 [pid 6070] memfd_create("syzkaller", 0 [pid 6071] <... mkdir resumed>) = 0 [pid 6070] <... memfd_create resumed>) = 5 [pid 6072] <... openat resumed>) = 4 [pid 6071] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6072] ioctl(4, LOOP_SET_FD, 3 [pid 6070] <... mmap resumed>) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6072] <... ioctl resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./42/file1", [pid 6072] close(3) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6072] close(4 [pid 5842] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6072] <... close resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6072] mkdir("./file1", 0777) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6072] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 139.702480][ T6071] loop1: detected capacity change from 0 to 4096 [ 139.729711][ T6071] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 139.739821][ T6072] loop2: detected capacity change from 0 to 4096 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./42/file1" [pid 6073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./42/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./42") = 0 [pid 6070] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] mkdir("./43", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6071] <... mount resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 6071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6071] chdir("./file1") = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6071] open("./file1", O_RDONLY|O_DIRECT) = 4 [ 139.778961][ T6072] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6071] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6071] memfd_create("syzkaller", 0) = 5 [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6074 attached [pid 6070] <... write resumed>) = 2097152 [pid 6074] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6074 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6074] chdir("./43" [pid 6072] <... mount resumed>) = 0 [pid 6074] <... chdir resumed>) = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6070] munmap(0x7f9875600000, 138412032 [pid 6074] <... prctl resumed>) = 0 [pid 6074] setpgid(0, 0 [pid 6073] <... write resumed>) = 2097152 [pid 6072] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] chdir("./file1") = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6074] <... setpgid resumed>) = 0 [pid 6072] open("./file1", O_RDONLY|O_DIRECT [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6070] <... munmap resumed>) = 0 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6073] munmap(0x7f9875600000, 138412032 [pid 6070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6074] write(1, "executing program\n", 18 [pid 6073] <... munmap resumed>) = 0 executing program [pid 6070] close(5 [pid 6074] <... write resumed>) = 18 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3 [pid 6074] memfd_create("syzkaller", 0) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6072] <... open resumed>) = 4 [pid 6072] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6072] memfd_create("syzkaller", 0) = 5 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6070] <... close resumed>) = 0 [pid 6070] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6070] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6070] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6073] <... ioctl resumed>) = 0 [pid 6070] exit_group(0 [pid 6073] close(3) = 0 [pid 6073] close(4) = 0 [pid 6070] <... exit_group resumed>) = ? [pid 6073] mkdir("./file1", 0777 [pid 6070] +++ exited with 0 +++ [pid 6073] <... mkdir resumed>) = 0 [pid 6073] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6070, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [ 139.885105][ T6073] loop0: detected capacity change from 0 to 4096 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6071] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5843] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6074] <... write resumed>) = 2097152 [pid 5843] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 6071] <... write resumed>) = 2097152 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./41/file1") = 0 [pid 5843] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./41/binderfs", [ 139.930566][ T6073] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6072] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./41/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./41" [pid 6074] munmap(0x7f9875600000, 138412032 [pid 5843] <... rmdir resumed>) = 0 [pid 6074] <... munmap resumed>) = 0 [pid 5843] mkdir("./42", 0777 [pid 6071] munmap(0x7f9875600000, 138412032 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3 [pid 6072] <... write resumed>) = 2097152 [pid 6071] <... munmap resumed>) = 0 [pid 6072] munmap(0x7f9875600000, 138412032 [pid 5843] <... mkdir resumed>) = 0 [pid 6074] <... ioctl resumed>) = 0 [pid 6074] close(3) = 0 [pid 6074] close(4) = 0 [pid 6074] mkdir("./file1", 0777 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6074] <... mkdir resumed>) = 0 [pid 6074] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... openat resumed>) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6072] <... munmap resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6071] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 6073] <... mount resumed>) = 0 [pid 6072] close(5 [pid 6071] close(5 [pid 6073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./file1") = 0 [pid 6071] <... close resumed>) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6073] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6075 [ 140.012496][ T6074] loop3: detected capacity change from 0 to 4096 [ 140.024741][ T6074] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). ./strace-static-x86_64: Process 6075 attached [pid 6073] <... open resumed>) = 4 [pid 6075] set_robust_list(0x55558b799660, 24) = 0 [pid 6075] chdir("./42" [pid 6073] preadv2(4, [pid 6075] <... chdir resumed>) = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6073] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6075] <... prctl resumed>) = 0 [pid 6075] setpgid(0, 0 [pid 6073] memfd_create("syzkaller", 0 [pid 6075] <... setpgid resumed>) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6073] <... memfd_create resumed>) = 5 [pid 6075] <... openat resumed>) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6075] write(3, "1000", 4 [pid 6073] <... mmap resumed>) = 0x7f9875600000 [pid 6075] <... write resumed>) = 4 [pid 6075] close(3) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6075] write(1, "executing program\n", 18) = 18 [pid 6075] memfd_create("syzkaller", 0) = 3 [pid 6072] <... close resumed>) = 0 [pid 6071] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6072] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6071] <... open resumed>) = 5 [pid 6072] truncate("./file1", 16784380 [pid 6071] truncate("./file1", 16784380 [pid 6072] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6072] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6072] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6072] exit_group(0) = ? [pid 6072] +++ exited with 0 +++ [pid 6073] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6071] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5841] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6071] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6071] exit_group(0) = ? [pid 6071] +++ exited with 0 +++ [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 6074] <... mount resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=4 /* 0.04 s */} --- [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5841] getdents64(3, [pid 6074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./file1" [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6074] <... chdir resumed>) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6074] open("./file1", O_RDONLY|O_DIRECT [pid 5840] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... open resumed>) = 4 [pid 6074] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6074] memfd_create("syzkaller", 0) = 5 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6073] <... write resumed>) = 2097152 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6073] munmap(0x7f9875600000, 138412032 [pid 5840] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./43/file1" [pid 6075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] unlink("./43/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./43") = 0 [pid 5841] mkdir("./44", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3) = 0 [pid 6073] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6076 attached [pid 6073] close(5 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6076 [pid 6076] set_robust_list(0x55558b799660, 24) = 0 [pid 6076] chdir("./44") = 0 [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6076] setpgid(0, 0) = 0 [pid 6075] <... write resumed>) = 2097152 [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6076] write(3, "1000", 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6076] <... write resumed>) = 4 [pid 6076] close(3) = 0 [pid 6076] symlink("/dev/binderfs", "./binderfs" [pid 5840] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6076] <... symlink resumed>) = 0 [pid 6076] write(1, "executing program\n", 18 [pid 6073] <... close resumed>) = 0 executing program [pid 5840] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6076] <... write resumed>) = 18 [pid 6076] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6076] <... memfd_create resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(4, "", [pid 6076] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 6075] munmap(0x7f9875600000, 138412032 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6075] <... munmap resumed>) = 0 [pid 6073] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] getdents64(4, [pid 6075] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6075] ioctl(4, LOOP_SET_FD, 3 [pid 5840] close(4 [pid 6074] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 6073] <... open resumed>) = 5 [pid 5840] rmdir("./44/file1" [pid 6073] truncate("./file1", 16784380 [pid 5840] <... rmdir resumed>) = 0 [pid 6073] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./44/binderfs", [pid 6075] <... ioctl resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6075] close(3 [pid 6073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] unlink("./44/binderfs" [pid 6075] <... close resumed>) = 0 [pid 6075] close(4) = 0 [pid 6075] mkdir("./file1", 0777) = 0 [pid 6073] <... openat resumed>) = 6 [pid 5840] <... unlink resumed>) = 0 [pid 6073] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] getdents64(3, [pid 6075] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6073] <... mmap resumed>) = 0x200000001000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6073] exit_group(0 [pid 5840] <... close resumed>) = 0 [pid 6073] <... exit_group resumed>) = ? [pid 5840] rmdir("./44" [pid 6074] <... write resumed>) = 2097152 [pid 6073] +++ exited with 0 +++ [pid 5840] <... rmdir resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6073, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5840] mkdir("./45", 0777 [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6074] munmap(0x7f9875600000, 138412032 [pid 5839] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6074] <... munmap resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] close(3 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 140.265117][ T6075] loop4: detected capacity change from 0 to 4096 [ 140.292039][ T6075] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6074] close(5 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6077 attached [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6077 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6077] set_robust_list(0x55558b799660, 24 [pid 5839] newfstatat(AT_FDCWD, "./44/file1", [pid 6077] <... set_robust_list resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6077] chdir("./45" [pid 5839] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6077] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6077] <... prctl resumed>) = 0 [pid 6077] setpgid(0, 0 [pid 6074] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 6074] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] newfstatat(4, "", [pid 6077] <... setpgid resumed>) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6077] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 6077] write(3, "1000", 4 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6077] <... write resumed>) = 4 [pid 5839] getdents64(4, [pid 6077] close(3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6077] <... close resumed>) = 0 [pid 5839] close(4 [pid 6077] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... close resumed>) = 0 [pid 6077] <... symlink resumed>) = 0 [pid 5839] rmdir("./44/file1"executing program [pid 6077] write(1, "executing program\n", 18 [pid 5839] <... rmdir resumed>) = 0 [pid 6077] <... write resumed>) = 18 [pid 6076] <... write resumed>) = 2097152 [pid 5839] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... open resumed>) = 5 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6077] memfd_create("syzkaller", 0 [pid 5839] newfstatat(AT_FDCWD, "./44/binderfs", [pid 6077] <... memfd_create resumed>) = 3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] unlink("./44/binderfs" [pid 6077] <... mmap resumed>) = 0x7f9875600000 [pid 6074] truncate("./file1", 16784380 [pid 5839] <... unlink resumed>) = 0 [pid 6076] munmap(0x7f9875600000, 138412032) = 0 [pid 6074] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] getdents64(3, [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6076] <... openat resumed>) = 4 [pid 6074] <... openat resumed>) = 6 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6076] ioctl(4, LOOP_SET_FD, 3 [pid 6074] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] close(3 [pid 6074] <... mmap resumed>) = 0x200000001000 [pid 6074] exit_group(0) = ? [pid 6074] +++ exited with 0 +++ [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./44" [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=6 /* 0.06 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... rmdir resumed>) = 0 [pid 6077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] mkdir("./45", 0777 [pid 6075] <... mount resumed>) = 0 [pid 6075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6075] chdir("./file1") = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] <... restart_syscall resumed>) = 0 [pid 6075] open("./file1", O_RDONLY|O_DIRECT [pid 5842] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... mkdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] getdents64(3, [pid 6075] <... open resumed>) = 4 [pid 5839] <... openat resumed>) = 3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5842] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6075] preadv2(4, [pid 5839] <... ioctl resumed>) = 0 [pid 6076] <... ioctl resumed>) = 0 [pid 6075] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] close(3 [pid 6076] close(3 [pid 6075] memfd_create("syzkaller", 0 [pid 6076] <... close resumed>) = 0 [pid 6075] <... memfd_create resumed>) = 5 [pid 6076] close(4 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6076] <... close resumed>) = 0 [pid 6075] <... mmap resumed>) = 0x7f9875600000 [pid 6076] mkdir("./file1", 0777) = 0 [ 140.407726][ T6076] loop2: detected capacity change from 0 to 4096 [pid 6076] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached [pid 5842] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6078 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6078] set_robust_list(0x55558b799660, 24) = 0 [pid 5842] <... openat resumed>) = 4 [pid 6078] chdir("./45" [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6078] <... chdir resumed>) = 0 [pid 5842] getdents64(4, [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6078] setpgid(0, 0 [pid 5842] getdents64(4, [pid 6078] <... setpgid resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] close(4) = 0 [pid 5842] rmdir("./43/file1" [pid 6077] <... write resumed>) = 2097152 [pid 5842] <... rmdir resumed>) = 0 [pid 6078] <... openat resumed>) = 3 [pid 6078] write(3, "1000", 4 [pid 5842] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6078] <... write resumed>) = 4 [pid 6076] <... mount resumed>) = 0 [pid 6078] close(3 [pid 6077] munmap(0x7f9875600000, 138412032 [pid 5842] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./43/binderfs" [pid 6078] <... close resumed>) = 0 [pid 6076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6076] chdir("./file1") = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6076] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... unlink resumed>) = 0 [ 140.459596][ T6076] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6078] symlink("/dev/binderfs", "./binderfs" [pid 6077] <... munmap resumed>) = 0 [pid 6076] <... open resumed>) = 4 [pid 5842] getdents64(3, [pid 6078] <... symlink resumed>) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6078] write(1, "executing program\n", 18 [pid 6076] preadv2(4, executing program [pid 6078] <... write resumed>) = 18 [pid 6076] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] close(3 [pid 6076] memfd_create("syzkaller", 0) = 5 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6078] memfd_create("syzkaller", 0 [pid 6077] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./43" [pid 6077] <... openat resumed>) = 4 [pid 6075] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6078] <... memfd_create resumed>) = 3 [pid 6077] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... rmdir resumed>) = 0 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] mkdir("./44", 0777 [pid 6077] <... ioctl resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6077] close(3) = 0 [pid 6077] close(4 [pid 6075] <... write resumed>) = 2097152 [pid 5842] <... openat resumed>) = 3 [pid 6077] <... close resumed>) = 0 [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6077] mkdir("./file1", 0777 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 6077] <... mkdir resumed>) = 0 [pid 6077] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6075] munmap(0x7f9875600000, 138412032) = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... close resumed>) = 0 [pid 6075] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6075] close(5 [pid 6076] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6079 attached , child_tidptr=0x55558b799650) = 6079 [ 140.529713][ T6077] loop1: detected capacity change from 0 to 4096 [ 140.566904][ T6077] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6079] set_robust_list(0x55558b799660, 24 [pid 6078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6075] <... close resumed>) = 0 [pid 6079] chdir("./44") = 0 [pid 6079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6079] setpgid(0, 0 [pid 6075] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6079] <... setpgid resumed>) = 0 [pid 6079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6079] write(3, "1000", 4) = 4 [pid 6079] close(3executing program ) = 0 [pid 6079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6079] write(1, "executing program\n", 18) = 18 [pid 6079] memfd_create("syzkaller", 0 [pid 6075] <... open resumed>) = 5 [pid 6079] <... memfd_create resumed>) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6075] truncate("./file1", 16784380 [pid 6079] <... mmap resumed>) = 0x7f9875600000 [pid 6077] <... mount resumed>) = 0 [pid 6077] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./file1" [pid 6075] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6075] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6075] exit_group(0 [pid 6077] <... chdir resumed>) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6075] <... exit_group resumed>) = ? [pid 6077] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6075] +++ exited with 0 +++ [pid 6077] open("./file1", O_RDONLY|O_DIRECT [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=6 /* 0.06 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6076] <... write resumed>) = 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", [pid 6077] <... open resumed>) = 4 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6077] preadv2(4, [pid 6076] munmap(0x7f9875600000, 138412032) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6077] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6077] memfd_create("syzkaller", 0 [pid 5843] newfstatat(AT_FDCWD, "./42/file1", [pid 6077] <... memfd_create resumed>) = 5 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6078] <... write resumed>) = 2097152 [pid 6077] <... mmap resumed>) = 0x7f9875600000 [pid 5843] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./42/file1") = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6076] close(5 [pid 6079] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./42/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3 [pid 6076] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6078] munmap(0x7f9875600000, 138412032) = 0 [pid 6079] <... write resumed>) = 2097152 [pid 6076] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] rmdir("./42" [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... rmdir resumed>) = 0 [pid 6079] munmap(0x7f9875600000, 138412032 [pid 6078] <... openat resumed>) = 4 [pid 5843] mkdir("./43", 0777 [pid 6078] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6079] <... munmap resumed>) = 0 [pid 6077] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6079] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3 [pid 6078] <... ioctl resumed>) = 0 [pid 6078] close(3) = 0 [pid 6078] close(4 [pid 5843] <... close resumed>) = 0 [pid 6078] <... close resumed>) = 0 [pid 6077] <... write resumed>) = 2097152 [pid 6076] <... open resumed>) = 5 [pid 6078] mkdir("./file1", 0777 [pid 6076] truncate("./file1", 16784380 [pid 6078] <... mkdir resumed>) = 0 [ 140.729897][ T6078] loop0: detected capacity change from 0 to 4096 [ 140.755699][ T6079] loop3: detected capacity change from 0 to 4096 [pid 6078] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6079] <... ioctl resumed>) = 0 [pid 6076] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6079] close(3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6079] <... close resumed>) = 0 [pid 6076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000./strace-static-x86_64: Process 6080 attached [pid 6079] close(4) = 0 [pid 6077] munmap(0x7f9875600000, 138412032 [pid 6076] <... openat resumed>) = 6 [pid 6079] mkdir("./file1", 0777 [pid 6080] set_robust_list(0x55558b799660, 24 [pid 6079] <... mkdir resumed>) = 0 [pid 6077] <... munmap resumed>) = 0 [pid 6076] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6080 [pid 6080] <... set_robust_list resumed>) = 0 [pid 6079] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6076] <... mmap resumed>) = 0x200000001000 [pid 6076] exit_group(0) = ? [pid 6076] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6076, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 6077] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6077] close(5 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6080] chdir("./43" [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 6080] <... chdir resumed>) = 0 [pid 6077] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6080] setpgid(0, 0) = 0 [pid 6080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6080] write(3, "1000", 4) = 4 [pid 6080] close(3) = 0 [pid 6080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6080] write(1, "executing program\n", 18executing program ) = 18 [pid 6080] memfd_create("syzkaller", 0) = 3 [pid 6080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6077] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... umount2 resumed>) = 0 [pid 6077] <... open resumed>) = 5 [pid 6077] truncate("./file1", 16784380 [pid 5841] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6078] <... mount resumed>) = 0 [pid 5841] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6077] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] <... openat resumed>) = 4 [pid 6078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6077] <... openat resumed>) = 6 [pid 5841] newfstatat(4, "", [pid 6078] <... openat resumed>) = 3 [pid 6077] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6078] chdir("./file1" [pid 6077] <... mmap resumed>) = 0x200000001000 [pid 5841] getdents64(4, [pid 6078] <... chdir resumed>) = 0 [ 140.774509][ T6078] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 140.798467][ T6079] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6078] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6077] exit_group(0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6078] open("./file1", O_RDONLY|O_DIRECT [pid 5841] close(4) = 0 [pid 5841] rmdir("./44/file1" [pid 6077] <... exit_group resumed>) = ? [pid 6077] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6078] <... open resumed>) = 4 [pid 6078] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6078] memfd_create("syzkaller", 0 [pid 5841] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./44/binderfs") = 0 [pid 5841] getdents64(3, [pid 6078] <... memfd_create resumed>) = 5 [pid 5840] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6079] <... mount resumed>) = 0 [pid 5841] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 6079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6079] <... openat resumed>) = 3 [pid 5841] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 6079] chdir("./file1" [pid 5841] rmdir("./44" [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6079] <... chdir resumed>) = 0 [pid 5840] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6079] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] <... rmdir resumed>) = 0 [pid 6079] open("./file1", O_RDONLY|O_DIRECT [pid 5841] mkdir("./45", 0777 [pid 6079] <... open resumed>) = 4 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6079] preadv2(4, [pid 6080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6079] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6079] memfd_create("syzkaller", 0) = 5 [pid 5841] <... close resumed>) = 0 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... umount2 resumed>) = 0 [pid 6079] <... mmap resumed>) = 0x7f9875600000 [pid 5840] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6081 ./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x55558b799660, 24) = 0 [pid 6081] chdir("./45") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6081] <... openat resumed>) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6081] close(3 [pid 5840] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6081] <... close resumed>) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6081] write(1, "executing program\n", 18) = 18 [pid 6081] memfd_create("syzkaller", 0 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 6081] <... memfd_create resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6080] <... write resumed>) = 2097152 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6078] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 6080] munmap(0x7f9875600000, 138412032 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./45/file1" [pid 6080] <... munmap resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./45/binderfs" [pid 6080] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... unlink resumed>) = 0 [pid 6081] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6080] <... openat resumed>) = 4 [pid 5840] getdents64(3, [pid 6080] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 6078] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 6078] munmap(0x7f9875600000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6078] close(5) = 0 [pid 5840] rmdir("./45" [pid 6081] <... write resumed>) = 2097152 [pid 6080] <... ioctl resumed>) = 0 [pid 6079] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6078] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6080] close(3 [pid 5840] <... rmdir resumed>) = 0 [pid 6080] <... close resumed>) = 0 [pid 5840] mkdir("./46", 0777 [pid 6081] munmap(0x7f9875600000, 138412032 [pid 6080] close(4 [pid 5840] <... mkdir resumed>) = 0 [pid 6081] <... munmap resumed>) = 0 [pid 6080] <... close resumed>) = 0 [pid 6078] <... open resumed>) = 5 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6080] mkdir("./file1", 0777 [pid 5840] <... openat resumed>) = 3 [pid 6078] truncate("./file1", 16784380 [pid 6080] <... mkdir resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6080] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... ioctl resumed>) = 0 [pid 6078] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6078] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6078] exit_group(0) = ? [pid 6081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6078] +++ exited with 0 +++ [pid 6081] <... openat resumed>) = 4 [ 141.019624][ T6080] loop4: detected capacity change from 0 to 4096 [ 141.052965][ T6080] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6081] ioctl(4, LOOP_SET_FD, 3 [pid 5840] close(3 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 6079] <... write resumed>) = 2097152 [pid 5839] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6079] munmap(0x7f9875600000, 138412032 [pid 5840] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6081] <... ioctl resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 6081] close(3 [pid 6079] <... munmap resumed>) = 0 [pid 5839] newfstatat(3, "", [pid 6081] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] getdents64(3, [pid 6081] close(4 [pid 6079] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6081] <... close resumed>) = 0 [pid 5839] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6081] mkdir("./file1", 0777) = 0 [ 141.064889][ T6081] loop2: detected capacity change from 0 to 4096 [pid 6081] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6079] close(5 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... umount2 resumed>) = 0 [pid 6079] <... close resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6082 ./strace-static-x86_64: Process 6082 attached [pid 5839] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6082] set_robust_list(0x55558b799660, 24) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6082] chdir("./46") = 0 [pid 5839] newfstatat(AT_FDCWD, "./45/file1", [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6080] <... mount resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6082] setpgid(0, 0 [pid 5839] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6082] <... setpgid resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6079] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6082] <... openat resumed>) = 3 [pid 6081] <... mount resumed>) = 0 [pid 6080] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 4 [pid 6082] write(3, "1000", 4 [pid 6080] chdir("./file1" [pid 5839] newfstatat(4, "", [pid 6082] <... write resumed>) = 4 [pid 6081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6080] <... chdir resumed>) = 0 [pid 6082] close(3 [pid 6080] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6082] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6082] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] getdents64(4, [pid 6080] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6080] open("./file1", O_RDONLY|O_DIRECT [pid 6082] memfd_create("syzkaller", 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6082] <... memfd_create resumed>) = 3 [pid 5839] close(4 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6080] <... open resumed>) = 4 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./45/file1" [pid 6079] <... open resumed>) = 5 [pid 6080] preadv2(4, [pid 5839] <... rmdir resumed>) = 0 [pid 6079] truncate("./file1", 16784380 [pid 5839] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6080] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6080] memfd_create("syzkaller", 0 [pid 6079] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6081] <... openat resumed>) = 3 [pid 6079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 141.109562][ T6081] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6081] chdir("./file1") = 0 [pid 6080] <... memfd_create resumed>) = 5 [pid 6079] <... openat resumed>) = 6 [pid 5839] unlink("./45/binderfs" [pid 6081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... unlink resumed>) = 0 [pid 6081] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(3, [pid 6081] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 6079] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] rmdir("./45") = 0 [pid 6079] <... mmap resumed>) = 0x200000001000 [pid 6081] <... open resumed>) = 4 [pid 6079] exit_group(0 [pid 6081] preadv2(4, [pid 6079] <... exit_group resumed>) = ? [pid 5839] mkdir("./46", 0777 [pid 6081] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6079] +++ exited with 0 +++ [pid 5839] <... mkdir resumed>) = 0 [pid 6081] memfd_create("syzkaller", 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6079, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6081] <... memfd_create resumed>) = 5 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... openat resumed>) = 3 [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 6081] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5842] <... restart_syscall resumed>) = 0 [pid 5842] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6083 attached [pid 6082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6083 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 6083] set_robust_list(0x55558b799660, 24 [pid 6080] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6083] <... set_robust_list resumed>) = 0 [pid 5842] getdents64(4, [pid 6083] chdir("./46" [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6083] <... chdir resumed>) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./44/file1") = 0 [pid 5842] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] unlink("./44/binderfs" [pid 6083] <... prctl resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 6083] setpgid(0, 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6083] <... setpgid resumed>) = 0 [pid 5842] close(3 [pid 6083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./44") = 0 [pid 6083] <... openat resumed>) = 3 [pid 6083] write(3, "1000", 4) = 4 [pid 6083] close(3) = 0 [pid 6083] symlink("/dev/binderfs", "./binderfs" [pid 5842] mkdir("./45", 0777executing program [pid 6083] <... symlink resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 6083] write(1, "executing program\n", 18 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6083] <... write resumed>) = 18 [pid 5842] <... openat resumed>) = 3 [pid 6083] memfd_create("syzkaller", 0 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6082] <... write resumed>) = 2097152 [pid 6081] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6083] <... memfd_create resumed>) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... close resumed>) = 0 [pid 6082] munmap(0x7f9875600000, 138412032) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6081] <... write resumed>) = 2097152 [pid 6082] <... openat resumed>) = 4 [pid 6081] munmap(0x7f9875600000, 138412032 [pid 6082] ioctl(4, LOOP_SET_FD, 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6081] <... munmap resumed>) = 0 [pid 6080] <... write resumed>) = 2097152 [pid 6080] munmap(0x7f9875600000, 138412032 [pid 6081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6080] <... munmap resumed>) = 0 [pid 6080] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6080] close(5 [pid 6081] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6081] close(5 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6084 ./strace-static-x86_64: Process 6084 attached [pid 6084] set_robust_list(0x55558b799660, 24) = 0 [pid 6084] chdir("./45" [pid 6082] <... ioctl resumed>) = 0 [pid 6084] <... chdir resumed>) = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6082] close(3 [pid 6084] <... prctl resumed>) = 0 [pid 6082] <... close resumed>) = 0 [pid 6082] close(4) = 0 [pid 6082] mkdir("./file1", 0777 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6082] <... mkdir resumed>) = 0 [pid 6084] <... openat resumed>) = 3 [pid 6082] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs" [pid 6083] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6084] <... symlink resumed>) = 0 [pid 6081] <... close resumed>) = 0 [pid 6080] <... close resumed>) = 0 [pid 6084] write(1, "executing program\n", 18executing program ) = 18 [pid 6084] memfd_create("syzkaller", 0) = 3 [pid 6080] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6081] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6080] <... open resumed>) = 5 [pid 6081] truncate("./file1", 16784380 [pid 6080] truncate("./file1", 16784380 [pid 6081] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6080] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6081] <... openat resumed>) = 6 [pid 6080] <... openat resumed>) = 6 [pid 6081] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6080] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6081] <... mmap resumed>) = 0x200000001000 [pid 6080] <... mmap resumed>) = 0x200000001000 [pid 6081] exit_group(0 [pid 6080] exit_group(0 [pid 6081] <... exit_group resumed>) = ? [pid 6080] <... exit_group resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 6080] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6080, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=7 /* 0.07 s */} --- [ 141.314989][ T6082] loop1: detected capacity change from 0 to 4096 [ 141.346347][ T6082] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5843] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] newfstatat(3, "", [pid 5841] <... openat resumed>) = 3 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(3, "", [pid 5843] getdents64(3, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] getdents64(3, [pid 5843] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6084] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 6083] <... write resumed>) = 2097152 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./43/file1", [pid 5841] newfstatat(AT_FDCWD, "./45/file1", [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... openat resumed>) = 4 [pid 5841] <... openat resumed>) = 4 [pid 5843] newfstatat(4, "", [pid 5841] newfstatat(4, "", [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 5841] getdents64(4, [pid 6084] <... write resumed>) = 2097152 [pid 6083] munmap(0x7f9875600000, 138412032 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6084] munmap(0x7f9875600000, 138412032 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5841] getdents64(4, [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 6084] <... munmap resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./43/file1" [pid 5841] close(4 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5843] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./45/file1" [pid 6083] <... munmap resumed>) = 0 [pid 6082] <... mount resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] unlink("./43/binderfs" [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6082] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6083] <... openat resumed>) = 4 [pid 6082] chdir("./file1" [pid 6084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6083] ioctl(4, LOOP_SET_FD, 3 [pid 6082] <... chdir resumed>) = 0 [pid 6084] <... openat resumed>) = 4 [pid 5843] <... unlink resumed>) = 0 [pid 5841] unlink("./45/binderfs" [pid 5843] getdents64(3, [pid 5841] <... unlink resumed>) = 0 [pid 6084] ioctl(4, LOOP_SET_FD, 3 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] getdents64(3, [pid 5843] close(3 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... close resumed>) = 0 [pid 5841] close(3 [pid 5843] rmdir("./43" [pid 5841] <... close resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] rmdir("./45" [pid 5843] mkdir("./44", 0777 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5841] mkdir("./46", 0777 [pid 5843] <... ioctl resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5843] close(3 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6083] <... ioctl resumed>) = 0 [pid 6082] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6083] close(3) = 0 [pid 6084] <... ioctl resumed>) = 0 [pid 6083] close(4 [pid 6082] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... openat resumed>) = 3 [pid 6084] close(3 [pid 6083] <... close resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6084] <... close resumed>) = 0 [pid 6083] mkdir("./file1", 0777 [pid 6082] <... open resumed>) = 4 [pid 5841] <... ioctl resumed>) = 0 [pid 6084] close(4 [pid 6082] preadv2(4, [pid 6084] <... close resumed>) = 0 [pid 6082] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] close(3 [pid 6084] mkdir("./file1", 0777 [pid 6082] memfd_create("syzkaller", 0 [pid 6083] <... mkdir resumed>) = 0 [pid 6082] <... memfd_create resumed>) = 5 [pid 6084] <... mkdir resumed>) = 0 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6084] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6082] <... mmap resumed>) = 0x7f9875600000 [ 141.451287][ T6083] loop0: detected capacity change from 0 to 4096 [ 141.460121][ T6084] loop3: detected capacity change from 0 to 4096 [pid 6083] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6085 attached [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6085] set_robust_list(0x55558b799660, 24 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6085 [pid 6085] <... set_robust_list resumed>) = 0 [pid 6085] chdir("./44") = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6086 [pid 6085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6085] setpgid(0, 0) = 0 [pid 6085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6086 attached ) = 3 [pid 6085] write(3, "1000", 4 [pid 6086] set_robust_list(0x55558b799660, 24 [pid 6085] <... write resumed>) = 4 [pid 6085] close(3executing program [pid 6086] <... set_robust_list resumed>) = 0 [pid 6085] <... close resumed>) = 0 [pid 6085] symlink("/dev/binderfs", "./binderfs" [pid 6086] chdir("./46" [pid 6085] <... symlink resumed>) = 0 [pid 6085] write(1, "executing program\n", 18) = 18 [pid 6086] <... chdir resumed>) = 0 [pid 6085] memfd_create("syzkaller", 0) = 3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6086] setpgid(0, 0) = 0 [pid 6086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6086] write(3, "1000", 4) = 4 [pid 6086] close(3) = 0 [pid 6086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6086] write(1, "executing program\n", 18executing program ) = 18 [ 141.492133][ T6083] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 141.501755][ T6084] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6086] memfd_create("syzkaller", 0) = 3 [pid 6086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6083] <... mount resumed>) = 0 [pid 6083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file1") = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6083] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6083] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6082] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6083] memfd_create("syzkaller", 0) = 5 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6084] <... mount resumed>) = 0 [pid 6083] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6082] <... write resumed>) = 2097152 [pid 6086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6085] <... write resumed>) = 2097152 [pid 6085] munmap(0x7f9875600000, 138412032 [pid 6084] <... openat resumed>) = 3 [pid 6083] <... write resumed>) = 2097152 [pid 6082] munmap(0x7f9875600000, 138412032 [pid 6085] <... munmap resumed>) = 0 [pid 6084] chdir("./file1" [pid 6085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3 [pid 6084] <... chdir resumed>) = 0 [pid 6082] <... munmap resumed>) = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6083] munmap(0x7f9875600000, 138412032 [pid 6084] open("./file1", O_RDONLY|O_DIRECT [pid 6086] <... write resumed>) = 2097152 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6084] <... open resumed>) = 4 [pid 6082] close(5 [pid 6083] <... munmap resumed>) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6083] close(5 [pid 6086] munmap(0x7f9875600000, 138412032 [pid 6084] preadv2(4, [pid 6086] <... munmap resumed>) = 0 [pid 6084] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6082] <... close resumed>) = 0 [pid 6084] memfd_create("syzkaller", 0 [pid 6082] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6084] <... memfd_create resumed>) = 5 [pid 6085] <... ioctl resumed>) = 0 [pid 6085] close(3) = 0 [pid 6085] close(4) = 0 [pid 6085] mkdir("./file1", 0777) = 0 [pid 6085] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6086] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6084] <... mmap resumed>) = 0x7f9875600000 [pid 6083] <... close resumed>) = 0 [pid 6082] <... open resumed>) = 5 [pid 6086] <... openat resumed>) = 4 [pid 6086] ioctl(4, LOOP_SET_FD, 3 [pid 6082] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6083] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6082] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6082] exit_group(0) = ? [pid 6082] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6083] <... open resumed>) = 5 [pid 6083] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6083] <... openat resumed>) = 6 [pid 6083] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6083] <... mmap resumed>) = 0x200000001000 [pid 5840] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6083] exit_group(0 [pid 5840] newfstatat(3, "", [pid 6083] <... exit_group resumed>) = ? [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6083] +++ exited with 0 +++ [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6083, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- [pid 5840] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6085] <... mount resumed>) = 0 [pid 6086] <... ioctl resumed>) = 0 [pid 6085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6086] close(3) = 0 [pid 6085] <... openat resumed>) = 3 [pid 6085] chdir("./file1" [pid 6086] close(4 [pid 6085] <... chdir resumed>) = 0 [pid 6086] <... close resumed>) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6086] mkdir("./file1", 0777 [pid 6085] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 141.672700][ T6085] loop4: detected capacity change from 0 to 4096 [ 141.703167][ T6085] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 141.713724][ T6086] loop2: detected capacity change from 0 to 4096 [pid 6085] open("./file1", O_RDONLY|O_DIRECT [pid 6086] <... mkdir resumed>) = 0 [pid 6085] <... open resumed>) = 4 [pid 6084] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6086] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6085] preadv2(4, [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 6085] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6085] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6085] <... memfd_create resumed>) = 5 [pid 5840] newfstatat(AT_FDCWD, "./46/file1", [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6085] <... mmap resumed>) = 0x7f9875600000 [pid 5840] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(4, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5839] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] rmdir("./46/file1" [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./46/binderfs") = 0 [pid 5840] getdents64(3, [pid 5839] rmdir("./46/file1" [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] close(3 [pid 5839] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5840] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] rmdir("./46" [pid 5839] unlink("./46/binderfs") = 0 [pid 5839] getdents64(3, [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./47", 0777 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./46") = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] mkdir("./47", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... close resumed>) = 0 [ 141.758038][ T6086] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6084] <... write resumed>) = 2097152 [pid 6085] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6084] munmap(0x7f9875600000, 138412032./strace-static-x86_64: Process 6087 attached [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6087 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6088 attached [pid 6087] set_robust_list(0x55558b799660, 24 [pid 6084] <... munmap resumed>) = 0 [pid 6087] <... set_robust_list resumed>) = 0 [pid 6087] chdir("./47" [pid 6088] set_robust_list(0x55558b799660, 24 [pid 6084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6088 [pid 6084] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6088] <... set_robust_list resumed>) = 0 [pid 6084] close(5 [pid 6088] chdir("./47" [pid 6087] <... chdir resumed>) = 0 [pid 6088] <... chdir resumed>) = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6088] setpgid(0, 0) = 0 [pid 6088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6087] <... prctl resumed>) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6088] <... openat resumed>) = 3 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6088] write(3, "1000", 4 [pid 6087] <... openat resumed>) = 3 [pid 6088] <... write resumed>) = 4 [pid 6088] close(3) = 0 [pid 6088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] write(3, "1000", 4 [pid 6088] write(1, "executing program\n", 18executing program [pid 6087] <... write resumed>) = 4 [pid 6088] <... write resumed>) = 18 [pid 6087] close(3 [pid 6086] <... mount resumed>) = 0 [pid 6087] <... close resumed>) = 0 [pid 6088] memfd_create("syzkaller", 0 [pid 6086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6087] symlink("/dev/binderfs", "./binderfs" [pid 6086] <... openat resumed>) = 3 [pid 6088] <... memfd_create resumed>) = 3 [pid 6086] chdir("./file1" [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6087] <... symlink resumed>) = 0 [pid 6086] <... chdir resumed>) = 0 [pid 6088] <... mmap resumed>) = 0x7f9875600000 [pid 6086] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6087] write(1, "executing program\n", 18 [pid 6086] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 6087] <... write resumed>) = 18 [pid 6086] open("./file1", O_RDONLY|O_DIRECT [pid 6085] <... write resumed>) = 2097152 [pid 6084] <... close resumed>) = 0 [pid 6087] memfd_create("syzkaller", 0 [pid 6086] <... open resumed>) = 4 [pid 6084] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6086] preadv2(4, [pid 6085] munmap(0x7f9875600000, 138412032 [pid 6087] <... memfd_create resumed>) = 3 [pid 6086] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6086] memfd_create("syzkaller", 0 [pid 6087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6086] <... memfd_create resumed>) = 5 [pid 6085] <... munmap resumed>) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6085] close(5 [pid 6086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6084] <... open resumed>) = 5 [pid 6084] truncate("./file1", 16784380 [pid 6086] <... mmap resumed>) = 0x7f9875600000 [pid 6085] <... close resumed>) = 0 [pid 6088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6084] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6085] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6084] <... openat resumed>) = 6 [pid 6084] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6084] exit_group(0) = ? [pid 6084] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=4 /* 0.04 s */} --- [pid 6085] <... open resumed>) = 5 [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6085] truncate("./file1", 16784380 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6085] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6085] <... openat resumed>) = 6 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6085] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... openat resumed>) = 3 [pid 6085] <... mmap resumed>) = 0x200000001000 [pid 5842] newfstatat(3, "", [pid 6085] exit_group(0) = ? [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6085] +++ exited with 0 +++ [pid 5842] getdents64(3, [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6085, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5842] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6086] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] newfstatat(AT_FDCWD, "./45/file1", [pid 5843] <... openat resumed>) = 3 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] newfstatat(3, "", [pid 5842] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./45/file1" [pid 6088] <... write resumed>) = 2097152 [pid 6087] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 6088] munmap(0x7f9875600000, 138412032 [pid 5842] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6088] <... munmap resumed>) = 0 [pid 5842] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6086] <... write resumed>) = 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6088] <... openat resumed>) = 4 [pid 6086] munmap(0x7f9875600000, 138412032 [pid 5842] unlink("./45/binderfs") = 0 [pid 5842] getdents64(3, [pid 6088] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 5843] <... umount2 resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./45") = 0 [pid 6087] <... write resumed>) = 2097152 [pid 5843] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] mkdir("./46", 0777 [pid 6087] munmap(0x7f9875600000, 138412032 [pid 6086] <... munmap resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... mkdir resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 6086] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] newfstatat(AT_FDCWD, "./44/file1", [pid 6086] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] close(3 [pid 6088] <... ioctl resumed>) = 0 [pid 6087] <... munmap resumed>) = 0 [pid 6086] close(5 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6088] close(3 [pid 5843] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 6088] <... close resumed>) = 0 [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6088] close(4 [pid 6087] <... openat resumed>) = 4 [pid 5843] getdents64(4, [pid 6088] <... close resumed>) = 0 [pid 6087] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6088] mkdir("./file1", 0777 [pid 6087] <... ioctl resumed>) = 0 [pid 6086] <... close resumed>) = 0 [pid 5843] close(4 [pid 5842] <... close resumed>) = 0 [pid 6088] <... mkdir resumed>) = 0 [pid 6087] close(3 [pid 5843] <... close resumed>) = 0 [pid 6087] <... close resumed>) = 0 [pid 5843] rmdir("./44/file1" [pid 6087] close(4 [pid 5843] <... rmdir resumed>) = 0 [pid 6087] <... close resumed>) = 0 [pid 5843] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] mkdir("./file1", 0777 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 141.992830][ T6088] loop1: detected capacity change from 0 to 4096 [ 142.012351][ T6087] loop0: detected capacity change from 0 to 4096 [pid 6088] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6087] <... mkdir resumed>) = 0 [pid 5843] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6086] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006./strace-static-x86_64: Process 6089 attached [pid 6087] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./44/binderfs" [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6089 [pid 6089] set_robust_list(0x55558b799660, 24 [pid 5843] <... unlink resumed>) = 0 [pid 6089] <... set_robust_list resumed>) = 0 [pid 6089] chdir("./46") = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6089] setpgid(0, 0) = 0 [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6089] write(3, "1000", 4) = 4 [pid 6089] close(3) = 0 [pid 5843] getdents64(3, [pid 6089] symlink("/dev/binderfs", "./binderfs" [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 executing program [pid 6089] <... symlink resumed>) = 0 [pid 5843] close(3 [pid 6089] write(1, "executing program\n", 18 [pid 5843] <... close resumed>) = 0 [pid 6089] <... write resumed>) = 18 [ 142.034919][ T6088] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 142.051426][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 142.051443][ T30] audit: type=1804 audit(1750615423.325:463): pid=6086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.kafNdC/46/file1/file1" dev="loop2" ino=30 res=1 errno=0 [ 142.082067][ T6087] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] rmdir("./44" [pid 6089] memfd_create("syzkaller", 0 [pid 6086] <... open resumed>) = 5 [pid 5843] <... rmdir resumed>) = 0 [pid 6086] truncate("./file1", 16784380 [pid 5843] mkdir("./45", 0777 [pid 6086] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5843] <... mkdir resumed>) = 0 [pid 6086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6089] <... memfd_create resumed>) = 3 [pid 6086] <... openat resumed>) = 6 [pid 5843] <... openat resumed>) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6086] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6089] <... mmap resumed>) = 0x7f9875600000 [pid 6086] <... mmap resumed>) = 0x200000001000 [pid 5843] <... ioctl resumed>) = 0 [pid 6086] exit_group(0 [pid 5843] close(3 [pid 6086] <... exit_group resumed>) = ? [pid 5843] <... close resumed>) = 0 [pid 6086] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6086, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=4 /* 0.04 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6087] <... mount resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 6087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6087] <... openat resumed>) = 3 [pid 6087] chdir("./file1" [pid 5841] getdents64(3, [pid 6087] <... chdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] open("./file1", O_RDONLY|O_DIRECT [pid 6088] <... mount resumed>) = 0 [pid 6087] <... open resumed>) = 4 [pid 6088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./file1") = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6088] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6088] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6087] preadv2(4, [pid 6088] memfd_create("syzkaller", 0 [pid 6087] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6088] <... memfd_create resumed>) = 5 [pid 6087] memfd_create("syzkaller", 0 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6087] <... memfd_create resumed>) = 5 [pid 6089] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6088] <... mmap resumed>) = 0x7f9875600000 [pid 6087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6090 [pid 6089] <... write resumed>) = 2097152 [ 142.156293][ T30] audit: type=1800 audit(1750615423.425:464): pid=6087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop0" ino=30 res=0 errno=0 ./strace-static-x86_64: Process 6090 attached [pid 6089] munmap(0x7f9875600000, 138412032 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./46/file1") = 0 [pid 5841] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./46/binderfs") = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./46") = 0 [pid 5841] mkdir("./47", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [ 142.207257][ T30] audit: type=1800 audit(1750615423.445:465): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5841] close(3 [pid 6090] set_robust_list(0x55558b799660, 24 [pid 6089] <... munmap resumed>) = 0 [pid 6087] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6090] <... set_robust_list resumed>) = 0 [pid 6090] chdir("./45" [pid 6089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6090] <... chdir resumed>) = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6089] <... openat resumed>) = 4 [pid 6090] <... prctl resumed>) = 0 [pid 6089] ioctl(4, LOOP_SET_FD, 3 [pid 6090] setpgid(0, 0) = 0 [pid 6089] <... ioctl resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6089] close(3 [pid 6090] <... openat resumed>) = 3 [pid 6089] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6091 attached [pid 6090] write(3, "1000", 4 [pid 6089] close(4 [pid 6090] <... write resumed>) = 4 [pid 6089] <... close resumed>) = 0 [pid 6090] close(3 [pid 6091] set_robust_list(0x55558b799660, 24 [pid 6090] <... close resumed>) = 0 [pid 6089] mkdir("./file1", 0777 [pid 6090] symlink("/dev/binderfs", "./binderfs" [pid 6091] <... set_robust_list resumed>) = 0 executing program [pid 6091] chdir("./47" [pid 6090] <... symlink resumed>) = 0 [pid 6089] <... mkdir resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6091 [pid 6090] write(1, "executing program\n", 18 [pid 6091] <... chdir resumed>) = 0 [pid 6090] <... write resumed>) = 18 [pid 6089] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6090] memfd_create("syzkaller", 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6090] <... memfd_create resumed>) = 3 [pid 6091] <... openat resumed>) = 3 [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6091] write(1, "executing program\n", 18) = 18 [pid 6091] memfd_create("syzkaller", 0) = 3 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6088] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6090] <... mmap resumed>) = 0x7f9875600000 [pid 6087] <... write resumed>) = 2097152 [pid 6091] <... mmap resumed>) = 0x7f9875600000 [ 142.250361][ T6089] loop3: detected capacity change from 0 to 4096 [ 142.284740][ T6089] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6088] <... write resumed>) = 2097152 [pid 6087] munmap(0x7f9875600000, 138412032) = 0 [pid 6088] munmap(0x7f9875600000, 138412032 [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6088] <... munmap resumed>) = 0 [pid 6087] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6087] close(5 [pid 6090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6088] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6088] close(5 [pid 6087] <... close resumed>) = 0 [pid 6091] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6088] <... close resumed>) = 0 [pid 6089] <... mount resumed>) = 0 [pid 6087] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./file1") = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6088] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6089] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6087] <... open resumed>) = 5 [pid 6091] <... write resumed>) = 2097152 [pid 6090] <... write resumed>) = 2097152 [pid 6089] open("./file1", O_RDONLY|O_DIRECT [pid 6087] truncate("./file1", 16784380 [pid 6088] <... open resumed>) = 5 [pid 6088] truncate("./file1", 16784380 [pid 6091] munmap(0x7f9875600000, 138412032 [pid 6090] munmap(0x7f9875600000, 138412032 [pid 6087] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6089] <... open resumed>) = 4 [pid 6087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6088] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6088] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6091] <... munmap resumed>) = 0 [pid 6088] <... mmap resumed>) = 0x200000001000 [pid 6089] preadv2(4, [pid 6087] <... openat resumed>) = 6 [pid 6088] exit_group(0) = ? [ 142.390992][ T30] audit: type=1804 audit(1750615423.665:466): pid=6087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/47/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 142.414137][ T30] audit: type=1804 audit(1750615423.665:467): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/47/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 6087] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6089] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6087] <... mmap resumed>) = 0x200000001000 [pid 6088] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6088, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6090] <... munmap resumed>) = 0 [pid 6091] <... openat resumed>) = 4 [pid 6089] memfd_create("syzkaller", 0 [pid 6087] exit_group(0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6091] ioctl(4, LOOP_SET_FD, 3 [pid 6090] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6089] <... memfd_create resumed>) = 5 [pid 6087] <... exit_group resumed>) = ? [pid 6090] <... openat resumed>) = 4 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6087] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=6 /* 0.06 s */} --- [pid 6090] ioctl(4, LOOP_SET_FD, 3 [pid 5840] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6091] <... ioctl resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6091] close(3 [pid 5840] newfstatat(3, "", [pid 6091] <... close resumed>) = 0 [pid 6091] close(4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6091] <... close resumed>) = 0 [pid 5840] getdents64(3, [pid 6091] mkdir("./file1", 0777 [pid 5839] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6091] <... mkdir resumed>) = 0 [pid 6090] <... ioctl resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 142.446806][ T30] audit: type=1800 audit(1750615423.715:468): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 142.463147][ T6091] loop2: detected capacity change from 0 to 4096 [ 142.477425][ T6090] loop4: detected capacity change from 0 to 4096 [pid 6091] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6090] close(3 [pid 5840] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6089] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 6090] <... close resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6090] close(4) = 0 [pid 6090] mkdir("./file1", 0777 [pid 5839] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6090] <... mkdir resumed>) = 0 [pid 6090] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./47/file1") = 0 [pid 5839] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./47/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./47") = 0 [ 142.494148][ T6091] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 142.510081][ T6090] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] mkdir("./48", 0777) = 0 [pid 6091] <... mount resumed>) = 0 [pid 6089] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 6091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6089] munmap(0x7f9875600000, 138412032 [pid 6091] <... openat resumed>) = 3 [pid 6091] chdir("./file1") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6091] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6089] <... munmap resumed>) = 0 [pid 5840] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./47/file1") = 0 [pid 5840] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./47/binderfs") = 0 [pid 5840] getdents64(3, [pid 6091] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] close(3) = 0 [pid 5840] rmdir("./47") = 0 [pid 5840] mkdir("./48", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 6089] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6091] <... open resumed>) = 4 [pid 6089] close(5 [pid 5839] <... close resumed>) = 0 [pid 6091] preadv2(4, [pid 6090] <... mount resumed>) = 0 [pid 6089] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6092 attached [pid 6091] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6090] <... openat resumed>) = 3 [pid 6089] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6090] chdir("./file1" [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6092 [pid 6092] set_robust_list(0x55558b799660, 24 [pid 6091] memfd_create("syzkaller", 0 [pid 6090] <... chdir resumed>) = 0 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6091] <... memfd_create resumed>) = 5 [pid 6090] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6093 [pid 6092] chdir("./48" [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6090] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6093 attached [pid 6092] <... chdir resumed>) = 0 [pid 6091] <... mmap resumed>) = 0x7f9875600000 [pid 6090] open("./file1", O_RDONLY|O_DIRECT [pid 6089] <... open resumed>) = 5 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6089] truncate("./file1", 16784380 [pid 6092] <... prctl resumed>) = 0 [pid 6092] setpgid(0, 0 [pid 6089] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6093] set_robust_list(0x55558b799660, 24 [pid 6092] <... setpgid resumed>) = 0 [pid 6089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6090] <... open resumed>) = 4 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6089] <... openat resumed>) = 6 [pid 6093] chdir("./48" [pid 6092] <... openat resumed>) = 3 [pid 6089] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6090] preadv2(4, [pid 6093] <... chdir resumed>) = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6093] write(1, "executing program\n", 18) = 18 [pid 6093] memfd_create("syzkaller", 0) = 3 [ 142.606648][ T30] audit: type=1800 audit(1750615423.855:469): pid=6091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 executing program [pid 6092] write(3, "1000", 4 [pid 6090] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6089] <... mmap resumed>) = 0x200000001000 [pid 6092] <... write resumed>) = 4 [pid 6090] memfd_create("syzkaller", 0 [pid 6092] close(3 [pid 6090] <... memfd_create resumed>) = 5 [pid 6089] exit_group(0 [pid 6092] <... close resumed>) = 0 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6089] <... exit_group resumed>) = ? [pid 6090] <... mmap resumed>) = 0x7f9875600000 [pid 6092] symlink("/dev/binderfs", "./binderfs" [pid 6091] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6089] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 6092] <... symlink resumed>) = 0 [pid 6092] write(1, "executing program\n", 18) = 18 [pid 5842] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6092] memfd_create("syzkaller", 0 [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] <... memfd_create resumed>) = 3 [pid 6093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.681666][ T30] audit: type=1804 audit(1750615423.915:470): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.keN58M/46/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5842] newfstatat(AT_FDCWD, "./46/file1", [pid 6093] <... write resumed>) = 2097152 [pid 6093] munmap(0x7f9875600000, 138412032 [pid 6092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6091] <... write resumed>) = 2097152 [pid 6090] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6093] <... munmap resumed>) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6093] close(3) = 0 [pid 6093] close(4) = 0 [pid 6093] mkdir("./file1", 0777) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 142.735142][ T30] audit: type=1800 audit(1750615423.925:471): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 142.772030][ T6093] loop1: detected capacity change from 0 to 4096 [pid 6093] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6092] <... write resumed>) = 2097152 [pid 6091] munmap(0x7f9875600000, 138412032 [pid 6090] <... write resumed>) = 2097152 [pid 5842] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./46/file1") = 0 [pid 5842] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./46/binderfs") = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3) = 0 [pid 5842] rmdir("./46") = 0 [pid 5842] mkdir("./47", 0777) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6091] <... munmap resumed>) = 0 [pid 6090] munmap(0x7f9875600000, 138412032) = 0 [pid 5842] <... close resumed>) = 0 [pid 6092] munmap(0x7f9875600000, 138412032 [pid 6091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6090] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6092] <... munmap resumed>) = 0 [pid 6091] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6090] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6091] close(5 [pid 6090] close(5 [pid 6093] <... mount resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6094 attached ) = 3 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6093] chdir("./file1" [pid 6094] set_robust_list(0x55558b799660, 24 [pid 6093] <... chdir resumed>) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6092] <... openat resumed>) = 4 [ 142.791447][ T6093] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6092] ioctl(4, LOOP_SET_FD, 3 [pid 6094] <... set_robust_list resumed>) = 0 [pid 6093] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6094 [pid 6093] open("./file1", O_RDONLY|O_DIRECT [pid 6094] chdir("./47" [pid 6093] <... open resumed>) = 4 [pid 6091] <... close resumed>) = 0 [pid 6090] <... close resumed>) = 0 [pid 6090] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6091] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6092] <... ioctl resumed>) = 0 [pid 6092] close(3) = 0 [pid 6092] close(4) = 0 [pid 6092] mkdir("./file1", 0777) = 0 [pid 6092] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6093] preadv2(4, [pid 6094] <... chdir resumed>) = 0 [pid 6093] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6091] <... open resumed>) = 5 [pid 6090] <... open resumed>) = 5 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6093] memfd_create("syzkaller", 0 [pid 6091] truncate("./file1", 16784380 [pid 6090] truncate("./file1", 16784380 [pid 6094] <... prctl resumed>) = 0 [pid 6093] <... memfd_create resumed>) = 5 [pid 6090] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6094] setpgid(0, 0 [pid 6093] <... mmap resumed>) = 0x7f9875600000 [pid 6090] <... openat resumed>) = 6 [pid 6090] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6090] exit_group(0) = ? [pid 6090] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6091] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6091] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6091] exit_group(0) = ? [pid 6094] <... setpgid resumed>) = 0 [pid 5843] <... restart_syscall resumed>) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 142.847194][ T6092] loop0: detected capacity change from 0 to 4096 [ 142.856809][ T30] audit: type=1800 audit(1750615424.125:472): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 142.885278][ T6092] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6094] write(3, "1000", 4 [pid 6091] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 6094] <... write resumed>) = 4 [pid 6094] close(3) = 0 [pid 5841] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6094] symlink("/dev/binderfs", "./binderfs" [pid 5841] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6094] <... symlink resumed>) = 0 [pid 6094] write(1, "executing program\n", 18 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 6094] <... write resumed>) = 18 [pid 6094] memfd_create("syzkaller", 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6094] <... memfd_create resumed>) = 3 [pid 5841] getdents64(3, [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] <... mount resumed>) = 0 [pid 6092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./file1") = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6092] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6092] memfd_create("syzkaller", 0) = 5 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6093] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5841] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./47/file1" [pid 5843] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./47/binderfs") = 0 [pid 5841] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] close(3 [pid 5843] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5843] newfstatat(4, "", [pid 5841] rmdir("./47" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5843] getdents64(4, [pid 5841] mkdir("./48", 0777 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... mkdir resumed>) = 0 [pid 5843] getdents64(4, [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5843] close(4 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5843] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5843] rmdir("./45/file1" [pid 5841] close(3 [pid 5843] <... rmdir resumed>) = 0 [pid 6094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6093] <... write resumed>) = 2097152 [pid 5843] unlink("./45/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./45") = 0 [pid 5843] mkdir("./46", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6093] munmap(0x7f9875600000, 138412032 [pid 5843] <... close resumed>) = 0 [pid 6094] <... write resumed>) = 2097152 [pid 6093] <... munmap resumed>) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6094] munmap(0x7f9875600000, 138412032) = 0 [pid 6093] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6094] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6093] close(5 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6092] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6095 attached [pid 6094] <... openat resumed>) = 4 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6095 [pid 6094] ioctl(4, LOOP_SET_FD, 3 [pid 6095] set_robust_list(0x55558b799660, 24 [pid 6094] <... ioctl resumed>) = 0 [pid 6095] <... set_robust_list resumed>) = 0 [pid 6095] chdir("./48" [pid 6093] <... close resumed>) = 0 [pid 6095] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6096 attached [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6096] set_robust_list(0x55558b799660, 24 [pid 6095] <... prctl resumed>) = 0 [pid 6096] <... set_robust_list resumed>) = 0 [pid 6096] chdir("./46" [pid 6095] setpgid(0, 0 [pid 6096] <... chdir resumed>) = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6096] write(3, "1000", 4) = 4 [pid 6096] close(3) = 0 [pid 6095] <... setpgid resumed>) = 0 executing program [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6093] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6095] <... openat resumed>) = 3 [pid 6096] write(1, "executing program\n", 18) = 18 [pid 6096] memfd_create("syzkaller", 0 [pid 6095] write(3, "1000", 4 [pid 6093] <... open resumed>) = 5 [pid 6095] <... write resumed>) = 4 [pid 6094] close(3 [pid 6093] truncate("./file1", 16784380 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6096 [pid 6096] <... memfd_create resumed>) = 3 [pid 6093] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6095] close(3 [pid 6094] <... close resumed>) = 0 [pid 6093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6095] <... close resumed>) = 0 [pid 6093] <... openat resumed>) = 6 [pid 6095] symlink("/dev/binderfs", "./binderfs" [pid 6094] close(4 [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6095] <... symlink resumed>) = 0 [pid 6094] <... close resumed>) = 0 [pid 6093] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6096] <... mmap resumed>) = 0x7f9875600000 [pid 6095] write(1, "executing program\n", 18 [pid 6093] <... mmap resumed>) = 0x200000001000 [pid 6094] mkdir("./file1", 0777) = 0 executing program [pid 6093] exit_group(0 [pid 6095] <... write resumed>) = 18 [ 143.059773][ T6094] loop3: detected capacity change from 0 to 4096 [pid 6095] memfd_create("syzkaller", 0 [pid 6093] <... exit_group resumed>) = ? [pid 6094] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6093] +++ exited with 0 +++ [pid 6092] <... write resumed>) = 2097152 [pid 6092] munmap(0x7f9875600000, 138412032) = 0 [pid 6095] <... memfd_create resumed>) = 3 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6092] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... restart_syscall resumed>) = 0 [pid 6092] close(5 [pid 6095] <... mmap resumed>) = 0x7f9875600000 [pid 5840] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6095] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 6092] <... close resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6092] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6092] <... open resumed>) = 5 [pid 6092] truncate("./file1", 16784380 [pid 5840] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6092] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6092] exit_group(0) = ? [pid 6092] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=8 /* 0.08 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6094] <... mount resumed>) = 0 [pid 6094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... restart_syscall resumed>) = 0 [pid 6094] <... openat resumed>) = 3 [ 143.105034][ T6094] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6094] chdir("./file1" [pid 5840] <... umount2 resumed>) = 0 [pid 6094] <... chdir resumed>) = 0 [pid 5840] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6094] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6094] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] newfstatat(AT_FDCWD, "./48/file1", [pid 5839] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... openat resumed>) = 3 [pid 6094] open("./file1", O_RDONLY|O_DIRECT [pid 5840] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(3, "", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5839] getdents64(3, [pid 5840] newfstatat(4, "", [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5839] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6094] <... open resumed>) = 4 [pid 5840] close(4) = 0 [pid 5840] rmdir("./48/file1") = 0 [pid 5840] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./48/binderfs") = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./48") = 0 [pid 5840] mkdir("./49", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6094] preadv2(4, [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 6094] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... ioctl resumed>) = 0 [pid 6096] <... write resumed>) = 2097152 [pid 6094] memfd_create("syzkaller", 0 [pid 5840] close(3 [pid 5839] <... umount2 resumed>) = 0 [pid 6096] munmap(0x7f9875600000, 138412032 [pid 6094] <... memfd_create resumed>) = 5 [pid 5839] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6096] <... munmap resumed>) = 0 [pid 6095] <... write resumed>) = 2097152 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6096] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6095] munmap(0x7f9875600000, 138412032 [pid 6094] <... mmap resumed>) = 0x7f9875600000 [pid 5840] <... close resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./48/file1", [pid 6096] <... openat resumed>) = 4 [pid 6096] ioctl(4, LOOP_SET_FD, 3 [pid 6095] <... munmap resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6097 attached [pid 6095] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6097] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6097 [pid 5839] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6095] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 6097] <... set_robust_list resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6097] chdir("./49" [pid 6095] ioctl(4, LOOP_SET_FD, 3 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6096] <... ioctl resumed>) = 0 [pid 6097] <... chdir resumed>) = 0 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] close(4 [pid 6096] close(3 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./48/file1" [pid 6097] setpgid(0, 0 [pid 6096] <... close resumed>) = 0 [pid 6096] close(4) = 0 [pid 6096] mkdir("./file1", 0777 [pid 6097] <... setpgid resumed>) = 0 [pid 6096] <... mkdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6096] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6095] <... ioctl resumed>) = 0 [pid 6094] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6097] <... openat resumed>) = 3 [pid 6097] write(3, "1000", 4 [pid 6095] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6097] <... write resumed>) = 4 [pid 6097] close(3 [pid 6095] <... close resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6097] <... close resumed>) = 0 [pid 6097] symlink("/dev/binderfs", "./binderfs" [pid 6095] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./48/binderfs" [pid 6097] <... symlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 6095] <... close resumed>) = 0 [ 143.229685][ T6096] loop4: detected capacity change from 0 to 4096 [ 143.241761][ T6095] loop2: detected capacity change from 0 to 4096 [ 143.257850][ T6096] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 6097] write(1, "executing program\n", 18executing program [pid 5839] getdents64(3, [pid 6095] mkdir("./file1", 0777 [pid 6097] <... write resumed>) = 18 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6095] <... mkdir resumed>) = 0 [pid 5839] close(3 [pid 6097] memfd_create("syzkaller", 0 [pid 6095] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./48" [pid 6097] <... memfd_create resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./49", 0777 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... mkdir resumed>) = 0 [pid 6097] <... mmap resumed>) = 0x7f9875600000 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6094] <... write resumed>) = 2097152 [pid 5839] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6098 ./strace-static-x86_64: Process 6098 attached [pid 6098] set_robust_list(0x55558b799660, 24 [pid 6094] munmap(0x7f9875600000, 138412032 [pid 6098] <... set_robust_list resumed>) = 0 [pid 6098] chdir("./49") = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] <... munmap resumed>) = 0 [ 143.278441][ T6095] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6098] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6094] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6098] <... openat resumed>) = 3 [pid 6094] close(5 [pid 6098] write(3, "1000", 4) = 4 [pid 6098] close(3) = 0 [pid 6098] symlink("/dev/binderfs", "./binderfs" [pid 6096] <... mount resumed>) = 0 [pid 6098] <... symlink resumed>) = 0 executing program [pid 6098] write(1, "executing program\n", 18 [pid 6096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6098] <... write resumed>) = 18 [pid 6096] <... openat resumed>) = 3 [pid 6098] memfd_create("syzkaller", 0) = 3 [pid 6094] <... close resumed>) = 0 [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6096] chdir("./file1") = 0 [pid 6098] <... mmap resumed>) = 0x7f9875600000 [pid 6096] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6096] open("./file1", O_RDONLY|O_DIRECT [pid 6095] <... mount resumed>) = 0 [pid 6096] <... open resumed>) = 4 [pid 6095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6096] preadv2(4, [pid 6095] <... openat resumed>) = 3 [pid 6095] chdir("./file1" [pid 6094] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6096] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6095] <... chdir resumed>) = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6096] memfd_create("syzkaller", 0 [pid 6095] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6096] <... memfd_create resumed>) = 5 [pid 6095] open("./file1", O_RDONLY|O_DIRECT [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6095] <... open resumed>) = 4 [pid 6097] <... write resumed>) = 2097152 [pid 6095] preadv2(4, [pid 6094] <... open resumed>) = 5 [pid 6094] truncate("./file1", 16784380 [pid 6095] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6094] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6095] memfd_create("syzkaller", 0 [pid 6097] munmap(0x7f9875600000, 138412032 [pid 6094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6095] <... memfd_create resumed>) = 5 [pid 6094] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6097] <... munmap resumed>) = 0 [pid 6094] <... mmap resumed>) = 0x200000001000 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6094] exit_group(0 [pid 6096] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6097] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6094] <... exit_group resumed>) = ? [pid 6095] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6094] +++ exited with 0 +++ [pid 6097] <... openat resumed>) = 4 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 6097] ioctl(4, LOOP_SET_FD, 3 [pid 6098] <... write resumed>) = 2097152 [pid 6096] <... write resumed>) = 2097152 [pid 6095] <... write resumed>) = 2097152 [pid 5842] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] munmap(0x7f9875600000, 138412032 [pid 6097] <... ioctl resumed>) = 0 [pid 6096] munmap(0x7f9875600000, 138412032 [pid 6095] munmap(0x7f9875600000, 138412032 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6097] close(3) = 0 [pid 6096] <... munmap resumed>) = 0 [pid 6098] <... munmap resumed>) = 0 [pid 6097] close(4 [pid 6095] <... munmap resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6097] <... close resumed>) = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... openat resumed>) = 3 [pid 6097] mkdir("./file1", 0777 [pid 6096] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] newfstatat(3, "", [pid 6097] <... mkdir resumed>) = 0 [pid 6096] close(5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6097] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6098] <... openat resumed>) = 4 [pid 5842] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] ioctl(4, LOOP_SET_FD, 3 [pid 6095] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6095] close(5 [pid 6098] <... ioctl resumed>) = 0 [pid 6096] <... close resumed>) = 0 [pid 6096] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6095] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./47/file1", [pid 6095] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", [pid 6096] <... open resumed>) = 5 [pid 6095] <... open resumed>) = 5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 6096] truncate("./file1", 16784380 [pid 6095] truncate("./file1", 16784380 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 6095] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6096] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6095] <... openat resumed>) = 6 [pid 6096] <... openat resumed>) = 6 [pid 6095] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6096] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6095] <... mmap resumed>) = 0x200000001000 [pid 6096] <... mmap resumed>) = 0x200000001000 [pid 6095] exit_group(0 [pid 6096] exit_group(0 [pid 6095] <... exit_group resumed>) = ? [ 143.461797][ T6097] loop1: detected capacity change from 0 to 4096 [ 143.490286][ T6097] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 143.500633][ T6098] loop0: detected capacity change from 0 to 4096 [pid 6096] <... exit_group resumed>) = ? [pid 5842] close(4 [pid 6096] +++ exited with 0 +++ [pid 5842] <... close resumed>) = 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=5 /* 0.05 s */} --- [pid 5842] rmdir("./47/file1" [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6095] +++ exited with 0 +++ [pid 5842] <... rmdir resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5842] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6098] close(3 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 6098] <... close resumed>) = 0 [pid 5842] unlink("./47/binderfs" [pid 5843] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... unlink resumed>) = 0 [pid 6098] close(4 [pid 5843] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] getdents64(3, [pid 6098] <... close resumed>) = 0 [pid 6098] mkdir("./file1", 0777 [pid 5843] <... openat resumed>) = 3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6098] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] close(3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5843] getdents64(3, [pid 5842] rmdir("./47" [pid 5841] newfstatat(3, "", [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... rmdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] mkdir("./48", 0777 [pid 6098] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... mkdir resumed>) = 0 [pid 5841] getdents64(3, [pid 6097] <... mount resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6097] <... openat resumed>) = 3 [pid 5842] <... openat resumed>) = 3 [pid 6097] chdir("./file1") = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6097] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... ioctl resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5843] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./46/file1", [pid 6097] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] close(3 [pid 5843] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6097] <... open resumed>) = 4 [pid 5843] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, [pid 5843] getdents64(4, [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 6097] preadv2(4, [pid 5843] close(4 [pid 5841] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5841] rmdir("./48/file1" [pid 6097] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] rmdir("./46/file1" [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6097] memfd_create("syzkaller", 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6097] <... memfd_create resumed>) = 5 [pid 5843] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6097] <... mmap resumed>) = 0x7f9875600000 [pid 5843] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5841] unlink("./48/binderfs" [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... close resumed>) = 0 [pid 5843] unlink("./46/binderfs") = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./48" [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... rmdir resumed>) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./46") = 0 [pid 5841] mkdir("./49", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6099 [pid 5841] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6099 attached [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 6099] set_robust_list(0x55558b799660, 24 [pid 5843] mkdir("./47", 0777 [pid 6099] <... set_robust_list resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 6099] chdir("./48" [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6099] <... chdir resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6099] <... prctl resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 6099] setpgid(0, 0 [ 143.556966][ T6098] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] close(3 [pid 6099] <... setpgid resumed>) = 0 [pid 6098] <... mount resumed>) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] <... close resumed>) = 0 [pid 6098] chdir("./file1") = 0 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] write(1, "executing program\n", 18executing program ) = 18 [pid 6099] memfd_create("syzkaller", 0) = 3 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6098] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6098] preadv2(4, [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... close resumed>) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6100 attached , child_tidptr=0x55558b799650) = 6101 [pid 6098] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6100] set_robust_list(0x55558b799660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6100 [pid 6100] <... set_robust_list resumed>) = 0 [pid 6098] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x55558b799660, 24 [pid 6098] <... memfd_create resumed>) = 5 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6101] chdir("./47" [pid 6100] chdir("./49" [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6101] <... chdir resumed>) = 0 [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] setpgid(0, 0) = 0 [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6101] write(3, "1000", 4) = 4 executing program [pid 6098] <... mmap resumed>) = 0x7f9875600000 [pid 6101] close(3) = 0 [pid 6101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6101] write(1, "executing program\n", 18) = 18 [pid 6101] memfd_create("syzkaller", 0 [pid 6100] <... chdir resumed>) = 0 [pid 6097] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] <... memfd_create resumed>) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6100] write(1, "executing program\n", 18 [pid 6098] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6100] <... write resumed>) = 18 [pid 6100] memfd_create("syzkaller", 0 [pid 6097] <... write resumed>) = 2097152 [pid 6100] <... memfd_create resumed>) = 3 [pid 6099] <... write resumed>) = 2097152 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6097] munmap(0x7f9875600000, 138412032 [pid 6100] <... mmap resumed>) = 0x7f9875600000 [pid 6097] <... munmap resumed>) = 0 [pid 6099] munmap(0x7f9875600000, 138412032) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6099] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6097] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6099] <... openat resumed>) = 4 [pid 6097] close(5 [pid 6099] ioctl(4, LOOP_SET_FD, 3 [pid 6098] <... write resumed>) = 2097152 [pid 6098] munmap(0x7f9875600000, 138412032 [pid 6101] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6099] <... ioctl resumed>) = 0 [pid 6098] <... munmap resumed>) = 0 [pid 6097] <... close resumed>) = 0 [pid 6097] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6099] close(3) = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6099] close(4) = 0 [pid 6098] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6099] mkdir("./file1", 0777 [pid 6098] close(5 [pid 6099] <... mkdir resumed>) = 0 [pid 6099] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6097] <... open resumed>) = 5 [pid 6097] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6097] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6097] exit_group(0) = ? [pid 6097] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6097, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 6101] <... write resumed>) = 2097152 [pid 6100] <... write resumed>) = 2097152 [pid 6098] <... close resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6098] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6101] munmap(0x7f9875600000, 138412032 [pid 6100] munmap(0x7f9875600000, 138412032 [pid 5840] <... restart_syscall resumed>) = 0 [pid 6101] <... munmap resumed>) = 0 [pid 6100] <... munmap resumed>) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6101] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6100] <... openat resumed>) = 4 [pid 6101] <... openat resumed>) = 4 [ 143.757273][ T6099] loop3: detected capacity change from 0 to 4096 [ 143.791998][ T6099] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 6101] ioctl(4, LOOP_SET_FD, 3 [pid 6100] ioctl(4, LOOP_SET_FD, 3 [pid 6099] <... mount resumed>) = 0 [pid 6098] <... open resumed>) = 5 [pid 5840] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6098] truncate("./file1", 16784380 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6099] <... openat resumed>) = 3 [pid 6098] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6099] chdir("./file1" [pid 6098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... openat resumed>) = 3 [pid 6099] <... chdir resumed>) = 0 [pid 6098] <... openat resumed>) = 6 [pid 5840] newfstatat(3, "", [pid 6099] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6098] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6099] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6098] <... mmap resumed>) = 0x200000001000 [pid 5840] getdents64(3, [pid 6098] exit_group(0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6099] open("./file1", O_RDONLY|O_DIRECT [pid 6098] <... exit_group resumed>) = ? [pid 5840] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6099] <... open resumed>) = 4 [pid 6101] <... ioctl resumed>) = 0 [pid 6100] <... ioctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6101] close(3 [pid 6099] preadv2(4, [pid 6101] <... close resumed>) = 0 [pid 6101] close(4 [pid 6100] close(3 [pid 5839] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6100] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6101] <... close resumed>) = 0 [pid 6100] close(4 [pid 5839] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6101] mkdir("./file1", 0777 [pid 6100] <... close resumed>) = 0 [pid 6099] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... openat resumed>) = 3 [pid 6101] <... mkdir resumed>) = 0 [pid 6100] mkdir("./file1", 0777 [pid 6099] memfd_create("syzkaller", 0 [pid 5840] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(3, "", [pid 6101] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6100] <... mkdir resumed>) = 0 [pid 6099] <... memfd_create resumed>) = 5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(3, [pid 6100] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6099] <... mmap resumed>) = 0x7f9875600000 [pid 5840] newfstatat(AT_FDCWD, "./49/file1", [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5840] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(AT_FDCWD, "./49/file1", [pid 5840] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] newfstatat(4, "", [pid 5839] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(4, [pid 5839] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... openat resumed>) = 4 [pid 5840] getdents64(4, [pid 5839] newfstatat(4, "", [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] close(4 [pid 5839] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5840] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] rmdir("./49/file1" [pid 5839] rmdir("./49/file1" [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./49/binderfs", [pid 5839] newfstatat(AT_FDCWD, "./49/binderfs", [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./49/binderfs" [pid 5839] unlink("./49/binderfs" [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5840] getdents64(3, [pid 5839] getdents64(3, [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5839] close(3 [pid 5840] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] rmdir("./49" [pid 5839] rmdir("./49" [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./50", 0777 [pid 5840] mkdir("./50", 0777) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [ 143.840624][ T6100] loop2: detected capacity change from 0 to 4096 [ 143.849022][ T6101] loop4: detected capacity change from 0 to 4096 [ 143.872240][ T6101] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 143.873370][ T6100] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(3) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x55558b799660, 24) = 0 [pid 6102] chdir("./50") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6101] <... mount resumed>) = 0 [pid 6101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... close resumed>) = 0 [pid 6101] <... openat resumed>) = 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6101] chdir("./file1"executing program [pid 6102] write(1, "executing program\n", 18./strace-static-x86_64: Process 6103 attached [pid 6101] <... chdir resumed>) = 0 [pid 6099] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6101] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6103] set_robust_list(0x55558b799660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6103 [pid 6103] <... set_robust_list resumed>) = 0 [pid 6101] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6103] chdir("./50" [pid 6101] open("./file1", O_RDONLY|O_DIRECT [pid 6102] <... write resumed>) = 18 [pid 6101] <... open resumed>) = 4 [pid 6103] <... chdir resumed>) = 0 [pid 6101] preadv2(4, [pid 6103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] memfd_create("syzkaller", 0 [pid 6101] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6103] setpgid(0, 0) = 0 [pid 6101] memfd_create("syzkaller", 0 [pid 6103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6101] <... memfd_create resumed>) = 5 [pid 6103] <... openat resumed>) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6103] write(3, "1000", 4) = 4 [pid 6101] <... mmap resumed>) = 0x7f9875600000 [pid 6103] close(3 [pid 6102] <... memfd_create resumed>) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6103] <... close resumed>) = 0 [pid 6103] symlink("/dev/binderfs", "./binderfs" [pid 6100] <... mount resumed>) = 0 [pid 6103] <... symlink resumed>) = 0 [pid 6100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./file1") = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6100] open("./file1", O_RDONLY|O_DIRECTexecuting program [pid 6103] write(1, "executing program\n", 18 [pid 6100] <... open resumed>) = 4 [pid 6100] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6100] memfd_create("syzkaller", 0) = 5 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6103] <... write resumed>) = 18 [pid 6103] memfd_create("syzkaller", 0 [pid 6099] <... write resumed>) = 2097152 [pid 6103] <... memfd_create resumed>) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6099] munmap(0x7f9875600000, 138412032) = 0 [pid 6102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6099] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6099] close(5 [pid 6101] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6103] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6099] <... close resumed>) = 0 [pid 6099] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 6099] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6099] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6100] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6099] exit_group(0) = ? [pid 6099] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6102] <... write resumed>) = 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 6102] munmap(0x7f9875600000, 138412032 [pid 5842] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6100] <... write resumed>) = 2097152 [pid 5842] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5842] newfstatat(4, "", [pid 6103] <... write resumed>) = 2097152 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6103] munmap(0x7f9875600000, 138412032 [pid 6100] munmap(0x7f9875600000, 138412032 [pid 5842] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4) = 0 [pid 5842] rmdir("./48/file1" [pid 6102] <... munmap resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5842] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6103] <... munmap resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./48/binderfs" [pid 6102] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... unlink resumed>) = 0 [pid 6100] <... munmap resumed>) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6101] <... write resumed>) = 2097152 [pid 6100] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] getdents64(3, [pid 6103] <... openat resumed>) = 4 [pid 6101] munmap(0x7f9875600000, 138412032 [pid 6100] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(5 [pid 5842] close(3 [pid 6102] <... ioctl resumed>) = 0 [pid 6101] <... munmap resumed>) = 0 [pid 6100] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 6102] close(3 [pid 6101] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] rmdir("./48" [pid 6103] close(3 [pid 6102] <... close resumed>) = 0 [pid 6101] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... rmdir resumed>) = 0 [pid 6103] <... close resumed>) = 0 [pid 6102] close(4 [pid 6101] close(5 [pid 5842] mkdir("./49", 0777 [pid 6103] close(4 [pid 6102] <... close resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 6103] <... close resumed>) = 0 [pid 6102] mkdir("./file1", 0777 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6103] mkdir("./file1", 0777 [pid 6102] <... mkdir resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [ 144.121535][ T6102] loop1: detected capacity change from 0 to 4096 [ 144.130147][ T6103] loop0: detected capacity change from 0 to 4096 [pid 6103] <... mkdir resumed>) = 0 [pid 6102] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6103] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 6100] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6101] <... close resumed>) = 0 [pid 6101] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... close resumed>) = 0 [pid 6101] <... open resumed>) = 5 [pid 6100] <... open resumed>) = 5 [pid 6100] truncate("./file1", 16784380 [pid 6101] truncate("./file1", 16784380 [pid 6100] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6101] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6100] <... openat resumed>) = 6 [pid 6101] <... openat resumed>) = 6 [pid 6100] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6101] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6100] <... mmap resumed>) = 0x200000001000 [pid 6101] <... mmap resumed>) = 0x200000001000 [pid 6100] exit_group(0 [pid 6101] exit_group(0 [pid 6100] <... exit_group resumed>) = ? [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6104 attached [pid 6101] <... exit_group resumed>) = ? [pid 6100] +++ exited with 0 +++ [pid 6104] set_robust_list(0x55558b799660, 24 [pid 6101] +++ exited with 0 +++ [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6104 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 6104] <... set_robust_list resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 6104] chdir("./49" [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6104] <... chdir resumed>) = 0 [pid 5843] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... openat resumed>) = 3 [pid 5841] <... restart_syscall resumed>) = 0 [pid 6104] <... prctl resumed>) = 0 [pid 5843] newfstatat(3, "", [pid 6104] setpgid(0, 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6104] <... setpgid resumed>) = 0 [pid 5843] getdents64(3, [pid 5841] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 144.172867][ T6102] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 144.183331][ T6103] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6104] <... openat resumed>) = 3 [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6104] write(1, "executing program\n", 18) = 18 [pid 6104] memfd_create("syzkaller", 0) = 3 [pid 6103] <... mount resumed>) = 0 [pid 6102] <... mount resumed>) = 0 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6103] <... openat resumed>) = 3 [pid 6102] <... openat resumed>) = 3 [pid 6104] <... mmap resumed>) = 0x7f9875600000 [pid 6103] chdir("./file1" [pid 6102] chdir("./file1" [pid 5843] <... umount2 resumed>) = 0 [pid 6103] <... chdir resumed>) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6102] <... chdir resumed>) = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6103] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6102] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6102] open("./file1", O_RDONLY|O_DIRECT [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6103] open("./file1", O_RDONLY|O_DIRECT [pid 5843] newfstatat(4, "", [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, [pid 6102] <... open resumed>) = 4 [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, [pid 5841] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(AT_FDCWD, "./49/file1", [pid 5843] close(4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... close resumed>) = 0 [pid 5843] rmdir("./47/file1" [pid 5841] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... rmdir resumed>) = 0 [pid 6102] preadv2(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6103] <... open resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 6103] preadv2(4, [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(4, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] newfstatat(AT_FDCWD, "./47/binderfs", [pid 5841] close(4 [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... close resumed>) = 0 [pid 5843] unlink("./47/binderfs" [pid 5841] rmdir("./49/file1" [pid 6103] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6102] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... unlink resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] memfd_create("syzkaller", 0 [pid 5843] getdents64(3, [pid 5841] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6103] <... memfd_create resumed>) = 5 [pid 5843] close(3 [pid 5841] newfstatat(AT_FDCWD, "./49/binderfs", [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6102] <... memfd_create resumed>) = 5 [pid 5843] rmdir("./47" [pid 5841] unlink("./49/binderfs" [pid 6103] <... mmap resumed>) = 0x7f9875600000 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... rmdir resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5843] mkdir("./48", 0777 [pid 5841] getdents64(3, [pid 5843] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./49" [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... rmdir resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] mkdir("./50", 0777) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5843] close(3 [pid 6102] <... mmap resumed>) = 0x7f9875600000 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5843] <... close resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6105 attached [pid 6104] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6105 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6106 ./strace-static-x86_64: Process 6106 attached [pid 6106] set_robust_list(0x55558b799660, 24) = 0 [pid 6106] chdir("./50") = 0 [pid 6106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6106] setpgid(0, 0) = 0 [pid 6106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6106] write(3, "1000", 4) = 4 [pid 6106] close(3) = 0 [pid 6106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6106] write(1, "executing program\n", 18) = 18 [pid 6106] memfd_create("syzkaller", 0) = 3 [pid 6105] set_robust_list(0x55558b799660, 24 [pid 6103] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6105] <... set_robust_list resumed>) = 0 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6105] chdir("./48" [pid 6102] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6106] <... mmap resumed>) = 0x7f9875600000 [pid 6105] <... chdir resumed>) = 0 [pid 6104] <... write resumed>) = 2097152 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6104] munmap(0x7f9875600000, 138412032 [pid 6105] <... prctl resumed>) = 0 [pid 6105] setpgid(0, 0 [pid 6104] <... munmap resumed>) = 0 [pid 6105] <... setpgid resumed>) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6104] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6103] <... write resumed>) = 2097152 [pid 6105] <... openat resumed>) = 3 [pid 6104] <... openat resumed>) = 4 [pid 6105] write(3, "1000", 4 [pid 6103] munmap(0x7f9875600000, 138412032 [pid 6105] <... write resumed>) = 4 [pid 6104] ioctl(4, LOOP_SET_FD, 3 [pid 6103] <... munmap resumed>) = 0 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6105] write(1, "executing program\n", 18 [pid 6103] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6105] <... write resumed>) = 18 [pid 6106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6105] memfd_create("syzkaller", 0 [pid 6104] <... ioctl resumed>) = 0 [pid 6103] close(5 [pid 6102] <... write resumed>) = 2097152 [pid 6105] <... memfd_create resumed>) = 3 [pid 6102] munmap(0x7f9875600000, 138412032 [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6104] close(3) = 0 [pid 6106] <... write resumed>) = 2097152 [pid 6105] <... mmap resumed>) = 0x7f9875600000 [pid 6104] close(4 [pid 6103] <... close resumed>) = 0 [pid 6102] <... munmap resumed>) = 0 [pid 6106] munmap(0x7f9875600000, 138412032 [pid 6104] <... close resumed>) = 0 [pid 6104] mkdir("./file1", 0777 [ 144.383630][ T6104] loop3: detected capacity change from 0 to 4096 [pid 6102] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6102] close(5 [pid 6106] <... munmap resumed>) = 0 [pid 6104] <... mkdir resumed>) = 0 [pid 6103] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6102] <... close resumed>) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6104] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6103] <... open resumed>) = 5 [pid 6102] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6106] <... openat resumed>) = 4 [pid 6103] truncate("./file1", 16784380 [pid 6106] ioctl(4, LOOP_SET_FD, 3 [pid 6105] <... write resumed>) = 2097152 [pid 6103] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6102] <... open resumed>) = 5 [pid 6103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6102] truncate("./file1", 16784380 [pid 6103] <... openat resumed>) = 6 [pid 6103] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6103] exit_group(0) = ? [pid 6106] <... ioctl resumed>) = 0 [pid 6103] +++ exited with 0 +++ [pid 6102] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6103, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=8 /* 0.08 s */} --- [pid 6106] close(3 [pid 6102] <... openat resumed>) = 6 [pid 6106] <... close resumed>) = 0 [pid 6102] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6106] close(4 [pid 6105] munmap(0x7f9875600000, 138412032 [pid 6102] <... mmap resumed>) = 0x200000001000 [pid 6106] <... close resumed>) = 0 [pid 6102] exit_group(0 [pid 6106] mkdir("./file1", 0777 [pid 6105] <... munmap resumed>) = 0 [pid 6102] <... exit_group resumed>) = ? [pid 5839] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] <... mkdir resumed>) = 0 [pid 6102] +++ exited with 0 +++ [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6106] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", [pid 6105] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6104] <... mount resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6105] <... openat resumed>) = 4 [pid 6104] <... openat resumed>) = 3 [pid 5839] getdents64(3, [pid 6104] chdir("./file1" [pid 5840] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [ 144.475069][ T6104] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 144.485067][ T6106] loop2: detected capacity change from 0 to 4096 [ 144.507639][ T6106] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6105] ioctl(4, LOOP_SET_FD, 3 [pid 6104] <... chdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6106] <... mount resumed>) = 0 [pid 5839] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6104] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6104] open("./file1", O_RDONLY|O_DIRECT [pid 6105] <... ioctl resumed>) = 0 [pid 6106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6104] <... open resumed>) = 4 [pid 5839] <... umount2 resumed>) = 0 [pid 6104] preadv2(4, [pid 6105] close(3 [pid 6104] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6104] memfd_create("syzkaller", 0) = 5 [pid 6105] <... close resumed>) = 0 [pid 6105] close(4 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6105] <... close resumed>) = 0 [pid 6104] <... mmap resumed>) = 0x7f9875600000 [ 144.522524][ T6105] loop4: detected capacity change from 0 to 4096 [pid 6105] mkdir("./file1", 0777) = 0 [pid 6106] <... openat resumed>) = 3 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] chdir("./file1" [pid 6105] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6106] <... chdir resumed>) = 0 [pid 5840] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./50/file1", [pid 5839] newfstatat(AT_FDCWD, "./50/file1", [pid 6106] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] getdents64(4, [pid 6106] <... open resumed>) = 4 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... openat resumed>) = 4 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(4, "", [pid 5840] close(4) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] rmdir("./50/file1" [pid 6106] preadv2(4, [pid 5840] <... rmdir resumed>) = 0 [pid 5839] getdents64(4, [pid 5840] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./50/file1") = 0 [pid 5839] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./50/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./50" [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... rmdir resumed>) = 0 [pid 6106] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6106] memfd_create("syzkaller", 0 [pid 5839] mkdir("./51", 0777 [pid 5840] newfstatat(AT_FDCWD, "./50/binderfs", [pid 5839] <... mkdir resumed>) = 0 [pid 6106] <... memfd_create resumed>) = 5 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./50/binderfs" [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] getdents64(3, [pid 5839] close(3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./50") = 0 [pid 5840] mkdir("./51", 0777 [pid 6104] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 144.557302][ T6105] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(3 [pid 5839] <... close resumed>) = 0 [pid 6105] <... mount resumed>) = 0 [pid 6104] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6107 [pid 6105] <... openat resumed>) = 3 [pid 6104] munmap(0x7f9875600000, 138412032./strace-static-x86_64: Process 6107 attached ) = 0 [pid 6105] chdir("./file1" [pid 6107] set_robust_list(0x55558b799660, 24 [pid 6105] <... chdir resumed>) = 0 [pid 6107] <... set_robust_list resumed>) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6104] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6105] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6108 attached [pid 6107] chdir("./51" [pid 6105] open("./file1", O_RDONLY|O_DIRECT [pid 6104] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 6107] <... chdir resumed>) = 0 [pid 6105] <... open resumed>) = 4 [pid 6104] close(5 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6108 [pid 6108] set_robust_list(0x55558b799660, 24) = 0 [pid 6108] chdir("./51") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] write(1, "executing program\n", 18) = 18 [pid 6106] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6108] memfd_create("syzkaller", 0 [pid 6107] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6105] preadv2(4, [pid 6104] <... close resumed>) = 0 [pid 6108] <... memfd_create resumed>) = 3 [pid 6107] <... prctl resumed>) = 0 [pid 6105] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6104] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6108] <... mmap resumed>) = 0x7f9875600000 [pid 6107] setpgid(0, 0 [pid 6105] memfd_create("syzkaller", 0 [pid 6107] <... setpgid resumed>) = 0 [pid 6105] <... memfd_create resumed>) = 5 [pid 6107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6107] <... openat resumed>) = 3 [pid 6105] <... mmap resumed>) = 0x7f9875600000 [pid 6107] write(3, "1000", 4 [pid 6104] <... open resumed>) = 5 [pid 6104] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6104] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6107] <... write resumed>) = 4 [pid 6106] <... write resumed>) = 2097152 [pid 6104] <... mmap resumed>) = 0x200000001000 [pid 6107] close(3) = 0 [pid 6107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6104] exit_group(0) = ? [pid 6107] write(1, "executing program\n", 18executing program ) = 18 [pid 6107] memfd_create("syzkaller", 0 [pid 6106] munmap(0x7f9875600000, 138412032 [pid 6105] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6107] <... memfd_create resumed>) = 3 [pid 6107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6104] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=6 /* 0.06 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6106] <... munmap resumed>) = 0 [pid 5842] <... restart_syscall resumed>) = 0 [pid 6107] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6106] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6105] <... write resumed>) = 2097152 [pid 6106] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6106] close(5) = 0 [pid 6105] munmap(0x7f9875600000, 138412032 [pid 5842] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6105] <... munmap resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6108] <... write resumed>) = 2097152 [pid 6106] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6105] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6108] munmap(0x7f9875600000, 138412032 [pid 6105] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... openat resumed>) = 3 [pid 6105] close(5 [pid 5842] newfstatat(3, "", [pid 6107] <... write resumed>) = 2097152 [pid 6106] <... open resumed>) = 5 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6107] munmap(0x7f9875600000, 138412032 [pid 6106] truncate("./file1", 16784380 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6108] <... munmap resumed>) = 0 [pid 6107] <... munmap resumed>) = 0 [pid 6106] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6108] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6108] ioctl(4, LOOP_SET_FD, 3 [pid 6106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6105] <... close resumed>) = 0 [pid 6106] <... openat resumed>) = 6 [pid 6106] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6106] exit_group(0) = ? [pid 5842] <... umount2 resumed>) = 0 [pid 6105] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] +++ exited with 0 +++ [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6105] <... open resumed>) = 5 [pid 6107] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6106, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5842] <... openat resumed>) = 4 [pid 6105] truncate("./file1", 16784380 [pid 5842] newfstatat(4, "", [pid 6107] <... openat resumed>) = 4 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6105] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] getdents64(4, [pid 6105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6107] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6108] <... ioctl resumed>) = 0 [pid 6105] <... openat resumed>) = 6 [pid 5842] getdents64(4, [pid 6105] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6105] <... mmap resumed>) = 0x200000001000 [pid 5842] close(4) = 0 [pid 5842] rmdir("./49/file1") = 0 [pid 5841] <... restart_syscall resumed>) = 0 [pid 6108] close(3 [pid 5842] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 6108] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6108] close(4 [pid 5842] newfstatat(AT_FDCWD, "./49/binderfs", [pid 6108] <... close resumed>) = 0 [pid 5841] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6108] mkdir("./file1", 0777 [pid 5842] unlink("./49/binderfs" [pid 6108] <... mkdir resumed>) = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] getdents64(3, [pid 6108] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6105] exit_group(0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6105] <... exit_group resumed>) = ? [pid 5842] close(3) = 0 [pid 6105] +++ exited with 0 +++ [pid 6107] <... ioctl resumed>) = 0 [pid 5842] rmdir("./49" [pid 5841] <... umount2 resumed>) = 0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 6107] close(3 [pid 5841] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6107] <... close resumed>) = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5843] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6107] close(4 [pid 5841] newfstatat(AT_FDCWD, "./50/file1", [pid 6107] <... close resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6107] mkdir("./file1", 0777 [pid 5843] newfstatat(3, "", [pid 5841] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6107] <... mkdir resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] mkdir("./50", 0777 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] getdents64(3, [pid 5841] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 144.785272][ T6108] loop1: detected capacity change from 0 to 4096 [ 144.797516][ T6107] loop0: detected capacity change from 0 to 4096 [ 144.813668][ T6108] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 6107] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... openat resumed>) = 4 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] <... mkdir resumed>) = 0 [pid 5843] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./50/file1") = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 5841] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./50/binderfs", [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] newfstatat(AT_FDCWD, "./48/file1", [pid 5841] unlink("./50/binderfs" [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5843] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./48/file1") = 0 [pid 5843] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./48/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./48") = 0 [pid 5843] mkdir("./49", 0777 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./50") = 0 [pid 5841] mkdir("./51", 0777 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... mkdir resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] <... close resumed>) = 0 [pid 5843] close(3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3./strace-static-x86_64: Process 6109 attached [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6109 [pid 6109] set_robust_list(0x55558b799660, 24) = 0 [ 144.839221][ T6107] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6109] chdir("./50" [pid 5843] <... close resumed>) = 0 [pid 6109] <... chdir resumed>) = 0 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6109] setpgid(0, 0 [pid 6108] <... mount resumed>) = 0 [pid 6109] <... setpgid resumed>) = 0 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6109] <... openat resumed>) = 3 [pid 6108] <... openat resumed>) = 3 [pid 6109] write(3, "1000", 4 [pid 6108] chdir("./file1" [pid 6109] <... write resumed>) = 4 [pid 6108] <... chdir resumed>) = 0 [pid 6109] close(3 [pid 6108] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6109] <... close resumed>) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs" [pid 6107] <... mount resumed>) = 0 [pid 6107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6107] chdir("./file1") = 0 [pid 6107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6107] open("./file1", O_RDONLY|O_DIRECT [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6110 ./strace-static-x86_64: Process 6110 attached [pid 6107] <... open resumed>) = 4 [pid 6107] preadv2(4, [pid 6109] <... symlink resumed>) = 0 [pid 6107] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6107] memfd_create("syzkaller", 0) = 5 [pid 6108] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6110] set_robust_list(0x55558b799660, 24 [pid 6107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 executing program [pid 6110] <... set_robust_list resumed>) = 0 [pid 6109] write(1, "executing program\n", 18 [pid 6108] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... close resumed>) = 0 [pid 6110] chdir("./49" [pid 6109] <... write resumed>) = 18 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6109] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6111 attached ) = 3 [pid 6108] <... open resumed>) = 4 [pid 6111] set_robust_list(0x55558b799660, 24 [pid 6108] preadv2(4, [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6111] <... set_robust_list resumed>) = 0 [pid 6111] chdir("./51" [pid 6110] <... chdir resumed>) = 0 [pid 6108] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6111 [pid 6108] memfd_create("syzkaller", 0 [pid 6110] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6111] <... chdir resumed>) = 0 [pid 6110] <... prctl resumed>) = 0 [pid 6110] setpgid(0, 0 [pid 6108] <... memfd_create resumed>) = 5 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6110] <... setpgid resumed>) = 0 [pid 6111] <... prctl resumed>) = 0 [pid 6110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6111] setpgid(0, 0) = 0 [pid 6110] <... openat resumed>) = 3 [pid 6108] <... mmap resumed>) = 0x7f9875600000 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4 [pid 6110] write(3, "1000", 4 [pid 6111] <... write resumed>) = 4 [pid 6110] <... write resumed>) = 4 [pid 6111] close(3 [pid 6110] close(3 [pid 6111] <... close resumed>) = 0 [pid 6110] <... close resumed>) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs" [pid 6110] symlink("/dev/binderfs", "./binderfs" [pid 6111] <... symlink resumed>) = 0 [pid 6110] <... symlink resumed>) = 0 executing program executing program [pid 6110] write(1, "executing program\n", 18 [pid 6111] write(1, "executing program\n", 18 [pid 6110] <... write resumed>) = 18 [pid 6111] <... write resumed>) = 18 [pid 6110] memfd_create("syzkaller", 0 [pid 6111] memfd_create("syzkaller", 0 [pid 6110] <... memfd_create resumed>) = 3 [pid 6107] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6111] <... memfd_create resumed>) = 3 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6110] <... mmap resumed>) = 0x7f9875600000 [pid 6111] <... mmap resumed>) = 0x7f9875600000 [pid 6109] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6107] <... write resumed>) = 2097152 [pid 6108] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6107] munmap(0x7f9875600000, 138412032 [pid 6111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6109] <... write resumed>) = 2097152 [pid 6107] <... munmap resumed>) = 0 [pid 6107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6107] close(5 [pid 6110] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6109] munmap(0x7f9875600000, 138412032 [pid 6108] <... write resumed>) = 2097152 [pid 6109] <... munmap resumed>) = 0 [pid 6108] munmap(0x7f9875600000, 138412032 [pid 6107] <... close resumed>) = 0 [pid 6111] <... write resumed>) = 2097152 [pid 6110] <... write resumed>) = 2097152 [pid 6109] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6108] <... munmap resumed>) = 0 [pid 6111] munmap(0x7f9875600000, 138412032 [pid 6110] munmap(0x7f9875600000, 138412032 [pid 6109] <... openat resumed>) = 4 [pid 6108] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6107] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6111] <... munmap resumed>) = 0 [pid 6110] <... munmap resumed>) = 0 [pid 6108] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6109] ioctl(4, LOOP_SET_FD, 3 [pid 6111] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6110] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6108] close(5 [pid 6107] <... open resumed>) = 5 [pid 6111] <... openat resumed>) = 4 [pid 6111] ioctl(4, LOOP_SET_FD, 3 [pid 6110] <... openat resumed>) = 4 [pid 6109] <... ioctl resumed>) = 0 [pid 6108] <... close resumed>) = 0 [pid 6107] truncate("./file1", 16784380 [pid 6110] ioctl(4, LOOP_SET_FD, 3 [pid 6107] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6109] close(3 [pid 6108] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6109] <... close resumed>) = 0 [pid 6109] close(4) = 0 [pid 6109] mkdir("./file1", 0777) = 0 [pid 6109] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6107] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6111] <... ioctl resumed>) = 0 [pid 6111] close(3 [pid 6108] <... open resumed>) = 5 [pid 6108] truncate("./file1", 16784380 [pid 6107] exit_group(0 [pid 6108] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6107] <... exit_group resumed>) = ? [pid 6108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6108] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6108] exit_group(0) = ? [pid 6108] +++ exited with 0 +++ [pid 6107] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6107, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=5 /* 0.05 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6111] <... close resumed>) = 0 [pid 6111] close(4) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6111] mkdir("./file1", 0777) = 0 [pid 6111] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [ 145.095544][ T6109] loop3: detected capacity change from 0 to 4096 [ 145.108705][ T6111] loop2: detected capacity change from 0 to 4096 [ 145.116374][ T6110] loop4: detected capacity change from 0 to 4096 [ 145.118973][ T6109] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5839] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6110] <... ioctl resumed>) = 0 [pid 5840] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6110] close(3 [pid 5840] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6110] <... close resumed>) = 0 [pid 5840] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6110] close(4) = 0 [pid 6109] <... mount resumed>) = 0 [pid 6110] mkdir("./file1", 0777 [pid 5839] <... umount2 resumed>) = 0 [pid 6109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6110] <... mkdir resumed>) = 0 [pid 6109] <... openat resumed>) = 3 [pid 6109] chdir("./file1") = 0 [ 145.145625][ T6111] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 6109] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6110] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6109] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6109] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6109] memfd_create("syzkaller", 0) = 5 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./51/file1", [pid 5840] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./51/file1", [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(4, "", [pid 5840] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] newfstatat(4, "", [pid 5839] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, [pid 5839] getdents64(4, [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5840] getdents64(4, [pid 6111] <... mount resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] <... close resumed>) = 0 [pid 6111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] close(4 [pid 5839] rmdir("./51/file1" [pid 6111] <... openat resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 6111] chdir("./file1") = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] rmdir("./51/file1" [pid 5839] <... rmdir resumed>) = 0 [pid 6111] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6111] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... rmdir resumed>) = 0 [pid 5839] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6111] <... open resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6111] preadv2(4, [pid 5839] unlink("./51/binderfs" [pid 6111] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5839] <... unlink resumed>) = 0 [pid 6111] memfd_create("syzkaller", 0) = 5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] getdents64(3, [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] unlink("./51/binderfs" [pid 6111] <... mmap resumed>) = 0x7f9875600000 [ 145.191172][ T6110] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6110] <... mount resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5839] close(3 [pid 6110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6109] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] getdents64(3, [pid 5839] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] rmdir("./51" [pid 6110] <... openat resumed>) = 3 [pid 6110] chdir("./file1" [pid 5840] close(3 [pid 5839] <... rmdir resumed>) = 0 [pid 6110] <... chdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] mkdir("./52", 0777 [pid 6110] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... mkdir resumed>) = 0 [pid 6110] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] rmdir("./51" [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6111] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6110] open("./file1", O_RDONLY|O_DIRECT [pid 6109] <... write resumed>) = 2097152 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5840] mkdir("./52", 0777) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6110] <... open resumed>) = 4 [pid 6109] munmap(0x7f9875600000, 138412032 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... ioctl resumed>) = 0 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5840] close(3 [pid 6109] <... munmap resumed>) = 0 [pid 6110] preadv2(4, [pid 6109] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 6109] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6110] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6109] close(5executing program [pid 5840] <... close resumed>) = 0 ./strace-static-x86_64: Process 6112 attached [pid 6111] <... write resumed>) = 2097152 [pid 6110] memfd_create("syzkaller", 0 [pid 6109] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6112 [pid 6112] set_robust_list(0x55558b799660, 24 [pid 6111] munmap(0x7f9875600000, 138412032 [pid 6110] <... memfd_create resumed>) = 5 [pid 6109] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6112] <... set_robust_list resumed>) = 0 [pid 6112] chdir("./52") = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6112] setpgid(0, 0) = 0 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6112] write(3, "1000", 4) = 4 [pid 6112] close(3) = 0 [pid 6112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6112] write(1, "executing program\n", 18) = 18 [pid 6112] memfd_create("syzkaller", 0 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6109] <... open resumed>) = 5 [pid 6110] <... mmap resumed>) = 0x7f9875600000 [pid 6109] truncate("./file1", 16784380 [pid 6112] <... memfd_create resumed>) = 3 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6113 attached [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6113 [pid 6113] set_robust_list(0x55558b799660, 24) = 0 [pid 6113] chdir("./52") = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6109] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6113] setpgid(0, 0 [pid 6111] <... munmap resumed>) = 0 [pid 6109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6113] <... setpgid resumed>) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs" [pid 6111] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6109] <... openat resumed>) = 6 [pid 6113] <... symlink resumed>) = 0 executing program [pid 6109] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6111] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6111] close(5 [pid 6113] write(1, "executing program\n", 18) = 18 [pid 6113] memfd_create("syzkaller", 0 [pid 6109] <... mmap resumed>) = 0x200000001000 [pid 6113] <... memfd_create resumed>) = 3 [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6111] <... close resumed>) = 0 [pid 6109] exit_group(0) = ? [pid 6109] +++ exited with 0 +++ [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5842] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5842] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5842] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 6111] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6111] <... open resumed>) = 5 [pid 6111] truncate("./file1", 16784380 [pid 6110] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... umount2 resumed>) = 0 [pid 5842] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6111] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] newfstatat(AT_FDCWD, "./50/file1", [pid 6111] <... openat resumed>) = 6 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6111] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5842] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6111] <... mmap resumed>) = 0x200000001000 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6111] exit_group(0 [pid 5842] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6111] <... exit_group resumed>) = ? [pid 5842] <... openat resumed>) = 4 [pid 5842] newfstatat(4, "", [pid 6113] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6111] +++ exited with 0 +++ [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(4, [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5842] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./50/file1") = 0 [pid 5842] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./50/binderfs", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./50/binderfs" [pid 5841] <... openat resumed>) = 3 [pid 5842] <... unlink resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 5842] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] close(3) = 0 [pid 5841] getdents64(3, [pid 5842] rmdir("./50") = 0 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5842] mkdir("./51", 0777) = 0 [pid 5841] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6112] <... write resumed>) = 2097152 [pid 6110] <... write resumed>) = 2097152 [pid 6113] <... write resumed>) = 2097152 [pid 6112] munmap(0x7f9875600000, 138412032) = 0 [pid 6113] munmap(0x7f9875600000, 138412032 [pid 6110] munmap(0x7f9875600000, 138412032 [pid 6113] <... munmap resumed>) = 0 [pid 6110] <... munmap resumed>) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3 [pid 5842] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6113] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] newfstatat(AT_FDCWD, "./51/file1", [pid 6113] <... openat resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6113] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6114 attached [pid 5841] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6114] set_robust_list(0x55558b799660, 24 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6110] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6114] <... set_robust_list resumed>) = 0 [pid 6110] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6114 [pid 5841] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6110] close(5 [pid 5841] <... openat resumed>) = 4 [pid 6114] chdir("./51") = 0 [pid 5841] newfstatat(4, "", [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6110] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6114] setpgid(0, 0 [pid 5841] getdents64(4, [pid 6114] <... setpgid resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] getdents64(4, [pid 6114] <... openat resumed>) = 3 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6114] write(3, "1000", 4 [pid 5841] close(4 [pid 6114] <... write resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 6114] close(3 [pid 5841] rmdir("./51/file1" [pid 6114] <... close resumed>) = 0 [pid 6113] <... ioctl resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs" [pid 5841] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] close(3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6114] <... symlink resumed>) = 0 [pid 6113] <... close resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6113] close(4) = 0 [pid 6113] mkdir("./file1", 0777 [pid 6112] <... ioctl resumed>) = 0 [pid 6113] <... mkdir resumed>) = 0 [pid 6112] close(3 [pid 6113] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6112] <... close resumed>) = 0 [pid 6112] close(4) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6114] write(1, "executing program\n", 18 [pid 5841] unlink("./51/binderfs" [pid 6112] mkdir("./file1", 0777 [pid 5841] <... unlink resumed>) = 0 [ 145.499116][ T6112] loop0: detected capacity change from 0 to 4096 [ 145.507786][ T6113] loop1: detected capacity change from 0 to 4096 [ 145.532607][ T6113] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). executing program [pid 6112] <... mkdir resumed>) = 0 [pid 6114] <... write resumed>) = 18 [pid 6112] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] getdents64(3, [pid 6114] memfd_create("syzkaller", 0 [pid 6110] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 6114] <... memfd_create resumed>) = 3 [pid 5841] rmdir("./51" [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5841] mkdir("./52", 0777 [pid 6110] <... open resumed>) = 5 [pid 6110] truncate("./file1", 16784380 [pid 5841] <... mkdir resumed>) = 0 [pid 6110] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6114] <... mmap resumed>) = 0x7f9875600000 [pid 6110] <... openat resumed>) = 6 [pid 5841] <... openat resumed>) = 3 [pid 6110] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6110] <... mmap resumed>) = 0x200000001000 [pid 6110] exit_group(0) = ? [pid 6110] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6110, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5843] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6113] <... mount resumed>) = 0 [pid 5843] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] <... openat resumed>) = 3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6113] chdir("./file1" [pid 5843] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 145.545324][ T6112] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 6113] <... chdir resumed>) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6113] open("./file1", O_RDONLY|O_DIRECT [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6113] <... open resumed>) = 4 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 6113] preadv2(4, [pid 5843] <... close resumed>) = 0 [pid 6113] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] rmdir("./49/file1" [pid 5841] <... close resumed>) = 0 [pid 5843] <... rmdir resumed>) = 0 [pid 6113] memfd_create("syzkaller", 0) = 5 [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5843] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./49/binderfs"./strace-static-x86_64: Process 6115 attached ) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6115 [pid 6115] set_robust_list(0x55558b799660, 24) = 0 [pid 5843] close(3) = 0 [pid 5843] rmdir("./49") = 0 [pid 5843] mkdir("./50", 0777) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6115] chdir("./52" [pid 5843] <... openat resumed>) = 3 [pid 6115] <... chdir resumed>) = 0 [pid 6115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6115] setpgid(0, 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 6115] <... setpgid resumed>) = 0 [pid 6115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3 [pid 6115] <... openat resumed>) = 3 [pid 6112] <... mount resumed>) = 0 [pid 6112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] write(3, "1000", 4 [pid 6112] chdir("./file1" [pid 6115] <... write resumed>) = 4 [pid 6112] <... chdir resumed>) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6112] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 6112] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6112] memfd_create("syzkaller", 0 [pid 6114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6115] close(3 [pid 6112] <... memfd_create resumed>) = 5 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6115] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6112] <... mmap resumed>) = 0x7f9875600000 [pid 6115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6116 attached , child_tidptr=0x55558b799650) = 6116 [pid 6116] set_robust_list(0x55558b799660, 24 [pid 6115] write(1, "executing program\n", 18 [pid 6116] <... set_robust_list resumed>) = 0 [pid 6116] chdir("./50"executing program ) = 0 [pid 6115] <... write resumed>) = 18 [pid 6116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6116] setpgid(0, 0) = 0 [pid 6116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6116] write(3, "1000", 4) = 4 [pid 6116] close(3) = 0 [pid 6116] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6116] write(1, "executing program\n", 18) = 18 [pid 6115] memfd_create("syzkaller", 0 [pid 6116] memfd_create("syzkaller", 0 [pid 6115] <... memfd_create resumed>) = 3 [pid 6116] <... memfd_create resumed>) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6115] <... mmap resumed>) = 0x7f9875600000 [pid 6116] <... mmap resumed>) = 0x7f9875600000 [pid 6113] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6112] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6116] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6114] <... write resumed>) = 2097152 [pid 6113] <... write resumed>) = 2097152 [pid 6114] munmap(0x7f9875600000, 138412032) = 0 [pid 6113] munmap(0x7f9875600000, 138412032) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6114] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6113] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6114] <... openat resumed>) = 4 [pid 6113] close(5 [pid 6114] ioctl(4, LOOP_SET_FD, 3 [pid 6115] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6112] <... write resumed>) = 2097152 [pid 6113] <... close resumed>) = 0 [pid 6116] <... write resumed>) = 2097152 [pid 6112] munmap(0x7f9875600000, 138412032) = 0 [pid 6116] munmap(0x7f9875600000, 138412032 [pid 6115] <... write resumed>) = 2097152 [pid 6114] <... ioctl resumed>) = 0 [pid 6113] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6116] <... munmap resumed>) = 0 [pid 6114] close(3 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6116] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6114] <... close resumed>) = 0 [pid 6112] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6116] <... openat resumed>) = 4 [pid 6114] close(4 [pid 6112] close(5 [pid 6116] ioctl(4, LOOP_SET_FD, 3 [pid 6114] <... close resumed>) = 0 [ 145.765434][ T6114] loop3: detected capacity change from 0 to 4096 [pid 6116] <... ioctl resumed>) = 0 [pid 6115] munmap(0x7f9875600000, 138412032 [pid 6114] mkdir("./file1", 0777 [pid 6113] <... open resumed>) = 5 [pid 6115] <... munmap resumed>) = 0 [pid 6114] <... mkdir resumed>) = 0 [pid 6113] truncate("./file1", 16784380 [pid 6114] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6115] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6112] <... close resumed>) = 0 [pid 6115] <... openat resumed>) = 4 [pid 6112] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6115] ioctl(4, LOOP_SET_FD, 3 [pid 6113] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6113] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6113] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6113] exit_group(0 [pid 6112] <... open resumed>) = 5 [pid 6112] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6112] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6112] exit_group(0) = ? [pid 6116] close(3 [pid 6113] <... exit_group resumed>) = ? [pid 6112] +++ exited with 0 +++ [pid 6116] <... close resumed>) = 0 [pid 6113] +++ exited with 0 +++ [pid 6116] close(4 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 6116] <... close resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6116] mkdir("./file1", 0777 [ 145.820953][ T6116] loop4: detected capacity change from 0 to 4096 [ 145.840516][ T6114] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 145.845034][ T6115] loop2: detected capacity change from 0 to 4096 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 6116] <... mkdir resumed>) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5839] <... restart_syscall resumed>) = 0 [pid 6116] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5839] newfstatat(3, "", [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5839] getdents64(3, [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6115] <... ioctl resumed>) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./file1", 0777) = 0 [pid 6115] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6114] <... mount resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] getdents64(4, [pid 6114] chdir("./file1" [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6114] <... chdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5839] getdents64(4, [pid 6114] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6114] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] close(4 [pid 6114] open("./file1", O_RDONLY|O_DIRECT [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./52/file1") = 0 [pid 5839] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5840] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] unlink("./52/binderfs" [pid 5840] newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] <... unlink resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5839] getdents64(3, [pid 6114] <... open resumed>) = 4 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 6116] <... mount resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6114] preadv2(4, [ 145.883381][ T6116] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 145.915336][ T6115] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5840] getdents64(4, [pid 5839] close(3 [pid 5840] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 6116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./52" [pid 5840] rmdir("./52/file1" [pid 6116] <... openat resumed>) = 3 [pid 6114] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... rmdir resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 6116] chdir("./file1" [pid 6114] memfd_create("syzkaller", 0 [pid 5839] mkdir("./53", 0777 [pid 6116] <... chdir resumed>) = 0 [pid 5840] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6116] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6114] <... memfd_create resumed>) = 5 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... mkdir resumed>) = 0 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6114] <... mmap resumed>) = 0x7f9875600000 [pid 6116] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./52/binderfs" [pid 6116] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./52") = 0 [pid 5840] mkdir("./53", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6116] <... open resumed>) = 4 [pid 5839] <... openat resumed>) = 3 [pid 6116] preadv2(4, [pid 5840] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... ioctl resumed>) = 0 [pid 6116] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 6116] memfd_create("syzkaller", 0 [pid 5840] close(3 [pid 6116] <... memfd_create resumed>) = 5 [pid 6116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5840] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached [pid 6117] set_robust_list(0x55558b799660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6117 [pid 6117] <... set_robust_list resumed>) = 0 [pid 6115] <... mount resumed>) = 0 [pid 6117] chdir("./53") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6117] close(3 [pid 6115] <... openat resumed>) = 3 [pid 6117] <... close resumed>) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... close resumed>) = 0 [pid 6117] <... symlink resumed>) = 0 [pid 6115] chdir("./file1") = 0 executing program [pid 6117] write(1, "executing program\n", 18 [pid 6115] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] open("./file1", O_RDONLY|O_DIRECT [pid 6117] <... write resumed>) = 18 [pid 6117] memfd_create("syzkaller", 0 [pid 6115] <... open resumed>) = 4 [pid 6115] preadv2(4, [pid 6117] <... memfd_create resumed>) = 3 [pid 6115] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6115] memfd_create("syzkaller", 0) = 5 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6117] <... mmap resumed>) = 0x7f9875600000 [pid 6115] <... mmap resumed>) = 0x7f9875600000 [pid 6114] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6118 attached [pid 6116] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6118 [pid 6118] set_robust_list(0x55558b799660, 24) = 0 [pid 6118] chdir("./53") = 0 [pid 6118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6118] setpgid(0, 0) = 0 [pid 6118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6118] write(3, "1000", 4) = 4 [pid 6118] close(3) = 0 [pid 6118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6118] write(1, "executing program\n", 18executing program ) = 18 [pid 6116] <... write resumed>) = 2097152 [pid 6115] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6118] memfd_create("syzkaller", 0 [pid 6117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6114] <... write resumed>) = 2097152 [pid 6118] <... memfd_create resumed>) = 3 [pid 6116] munmap(0x7f9875600000, 138412032 [pid 6114] munmap(0x7f9875600000, 138412032 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6116] <... munmap resumed>) = 0 [pid 6114] <... munmap resumed>) = 0 [pid 6116] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6114] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6116] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6114] close(5 [pid 6116] close(5 [pid 6115] <... write resumed>) = 2097152 [pid 6114] <... close resumed>) = 0 [pid 6116] <... close resumed>) = 0 [pid 6115] munmap(0x7f9875600000, 138412032 [pid 6114] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6116] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6117] <... write resumed>) = 2097152 [pid 6116] <... open resumed>) = 5 [pid 6115] <... munmap resumed>) = 0 [pid 6114] <... open resumed>) = 5 [pid 6117] munmap(0x7f9875600000, 138412032 [pid 6116] truncate("./file1", 16784380 [pid 6117] <... munmap resumed>) = 0 [pid 6116] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6114] truncate("./file1", 16784380 [pid 6117] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6116] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6115] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6117] <... openat resumed>) = 4 [pid 6116] <... openat resumed>) = 6 [pid 6114] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6117] ioctl(4, LOOP_SET_FD, 3 [pid 6116] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6115] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6116] <... mmap resumed>) = 0x200000001000 [pid 6115] close(5 [pid 6114] <... openat resumed>) = 6 [pid 6116] exit_group(0 [pid 6118] <... write resumed>) = 2097152 [pid 6116] <... exit_group resumed>) = ? [pid 6115] <... close resumed>) = 0 [pid 6114] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6118] munmap(0x7f9875600000, 138412032 [pid 6116] +++ exited with 0 +++ [pid 6115] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6114] <... mmap resumed>) = 0x200000001000 [pid 6117] <... ioctl resumed>) = 0 [pid 6114] exit_group(0 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6116, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 6114] <... exit_group resumed>) = ? [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 6118] <... munmap resumed>) = 0 [pid 6117] close(3 [pid 5843] <... restart_syscall resumed>) = 0 [pid 6117] <... close resumed>) = 0 [pid 6117] close(4) = 0 [pid 5843] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6117] mkdir("./file1", 0777 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", [pid 6117] <... mkdir resumed>) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6117] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] getdents64(3, [pid 6118] <... openat resumed>) = 4 [pid 6115] <... open resumed>) = 5 [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6115] truncate("./file1", 16784380 [pid 6114] +++ exited with 0 +++ [pid 6115] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6118] ioctl(4, LOOP_SET_FD, 3 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 6115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6115] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6115] exit_group(0) = ? [pid 6115] +++ exited with 0 +++ [pid 6118] <... ioctl resumed>) = 0 [pid 5843] <... umount2 resumed>) = 0 [pid 6118] close(3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6115, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6118] <... close resumed>) = 0 [pid 5843] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6118] close(4 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6118] <... close resumed>) = 0 [pid 5843] newfstatat(AT_FDCWD, "./50/file1", [pid 5842] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6118] mkdir("./file1", 0777 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6118] <... mkdir resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5842] newfstatat(3, "", [pid 5841] newfstatat(3, "", [ 146.203084][ T6117] loop1: detected capacity change from 0 to 4096 [ 146.224162][ T6117] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 146.236608][ T6118] loop0: detected capacity change from 0 to 4096 [pid 6118] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] newfstatat(4, "", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] getdents64(3, [pid 5843] getdents64(4, [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] getdents64(3, [pid 5842] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4 [pid 6117] <... mount resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 6117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] rmdir("./50/file1" [pid 6117] <... openat resumed>) = 3 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... umount2 resumed>) = 0 [pid 6117] chdir("./file1" [pid 5842] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6117] <... chdir resumed>) = 0 [pid 5843] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = 0 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./51/file1", [pid 5841] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6117] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] newfstatat(AT_FDCWD, "./50/binderfs", [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6117] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./52/file1", [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6117] open("./file1", O_RDONLY|O_DIRECT [pid 5843] unlink("./50/binderfs" [pid 5842] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] <... unlink resumed>) = 0 [pid 6117] <... open resumed>) = 4 [pid 5842] <... openat resumed>) = 4 [pid 5841] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] getdents64(3, [pid 5842] newfstatat(4, "", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] getdents64(4, [pid 5843] close(3 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5841] <... openat resumed>) = 4 [pid 5843] <... close resumed>) = 0 [pid 5842] getdents64(4, [pid 5841] newfstatat(4, "", [pid 6117] preadv2(4, [pid 5843] rmdir("./50" [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] close(4 [pid 5841] getdents64(4, [pid 6117] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6117] memfd_create("syzkaller", 0 [pid 5843] mkdir("./51", 0777 [pid 5842] rmdir("./51/file1" [pid 5841] getdents64(4, [pid 5843] <... mkdir resumed>) = 0 [pid 5841] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 6117] <... memfd_create resumed>) = 5 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] close(4 [pid 5842] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] rmdir("./52/file1" [pid 5842] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5842] unlink("./51/binderfs" [pid 6117] <... mmap resumed>) = 0x7f9875600000 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] <... unlink resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5842] getdents64(3, [pid 5841] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] ioctl(3, LOOP_CLR_FD) = 0 [ 146.257063][ T6118] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] close(3 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] close(3 [pid 5841] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5842] <... close resumed>) = 0 [pid 5842] rmdir("./51" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./52/binderfs") = 0 [pid 5842] <... rmdir resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5842] mkdir("./52", 0777 [pid 5841] <... close resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5841] rmdir("./52" [pid 6118] <... mount resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 6118] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] mkdir("./53", 0777 [pid 6118] <... openat resumed>) = 3 [pid 6118] chdir("./file1") = 0 [pid 5842] <... openat resumed>) = 3 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] ioctl(3, LOOP_CLR_FD [pid 6118] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] <... ioctl resumed>) = 0 [pid 6118] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... mkdir resumed>) = 0 [pid 5842] close(3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b799650) = 6119 ./strace-static-x86_64: Process 6119 attached [pid 6119] set_robust_list(0x55558b799660, 24) = 0 [pid 6119] chdir("./51" [pid 5841] ioctl(3, LOOP_CLR_FD [pid 6119] <... chdir resumed>) = 0 [pid 6118] <... open resumed>) = 4 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6118] preadv2(4, [pid 6119] <... prctl resumed>) = 0 [pid 6118] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... ioctl resumed>) = 0 [pid 6119] setpgid(0, 0 [pid 6118] memfd_create("syzkaller", 0 [pid 5841] close(3 [pid 6119] <... setpgid resumed>) = 0 [pid 6118] <... memfd_create resumed>) = 5 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6119] <... openat resumed>) = 3 [pid 6118] <... mmap resumed>) = 0x7f9875600000 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6119] write(1, "executing program\n", 18) = 18 [pid 6119] memfd_create("syzkaller", 0) = 3 [pid 6119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 ./strace-static-x86_64: Process 6120 attached [pid 5841] <... close resumed>) = 0 [pid 6120] set_robust_list(0x55558b799660, 24 [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6120 [pid 6120] <... set_robust_list resumed>) = 0 [pid 6120] chdir("./52") = 0 [pid 6117] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6120] <... setpgid resumed>) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6121 attached ) = 3 [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6121 [pid 6120] write(3, "1000", 4 [pid 6121] set_robust_list(0x55558b799660, 24 [pid 6120] <... write resumed>) = 4 [pid 6120] close(3 [pid 6121] <... set_robust_list resumed>) = 0 [pid 6120] <... close resumed>) = 0 [pid 6121] chdir("./53" [pid 6120] symlink("/dev/binderfs", "./binderfs" [pid 6121] <... chdir resumed>) = 0 [pid 6120] <... symlink resumed>) = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL executing program [pid 6120] write(1, "executing program\n", 18 [pid 6121] <... prctl resumed>) = 0 [pid 6120] <... write resumed>) = 18 [pid 6121] setpgid(0, 0 [pid 6120] memfd_create("syzkaller", 0 [pid 6121] <... setpgid resumed>) = 0 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6120] <... memfd_create resumed>) = 3 [pid 6121] <... openat resumed>) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6121] write(3, "1000", 4) = 4 [pid 6121] close(3) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] <... write resumed>) = 2097152 [pid 6121] write(1, "executing program\n", 18executing program ) = 18 [pid 6118] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6121] memfd_create("syzkaller", 0 [pid 6120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6119] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6117] munmap(0x7f9875600000, 138412032) = 0 [pid 6121] <... memfd_create resumed>) = 3 [pid 6118] <... write resumed>) = 2097152 [pid 6117] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6117] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6121] <... mmap resumed>) = 0x7f9875600000 [pid 6117] close(5 [pid 6120] <... write resumed>) = 2097152 [pid 6119] <... write resumed>) = 2097152 [pid 6118] munmap(0x7f9875600000, 138412032 [pid 6117] <... close resumed>) = 0 [pid 6121] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6120] munmap(0x7f9875600000, 138412032 [pid 6119] munmap(0x7f9875600000, 138412032 [pid 6120] <... munmap resumed>) = 0 [pid 6118] <... munmap resumed>) = 0 [pid 6117] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6119] <... munmap resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6120] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6119] <... openat resumed>) = 4 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6117] <... open resumed>) = 5 [pid 6120] <... openat resumed>) = 4 [pid 6119] ioctl(4, LOOP_SET_FD, 3 [pid 6118] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6117] truncate("./file1", 16784380 [pid 6121] <... write resumed>) = 2097152 [pid 6121] munmap(0x7f9875600000, 138412032) = 0 [pid 6120] ioctl(4, LOOP_SET_FD, 3 [pid 6118] close(5 [pid 6117] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6121] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6120] <... ioctl resumed>) = 0 [pid 6119] <... ioctl resumed>) = 0 [pid 6117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6117] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6121] <... openat resumed>) = 4 [pid 6119] close(3 [pid 6117] <... mmap resumed>) = 0x200000001000 [pid 6121] ioctl(4, LOOP_SET_FD, 3 [pid 6119] <... close resumed>) = 0 [pid 6120] close(3 [pid 6119] close(4 [pid 6117] exit_group(0 [pid 6120] <... close resumed>) = 0 [pid 6117] <... exit_group resumed>) = ? [pid 6119] <... close resumed>) = 0 [pid 6118] <... close resumed>) = 0 [pid 6119] mkdir("./file1", 0777 [pid 6118] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6120] close(4) = 0 [pid 6119] <... mkdir resumed>) = 0 [pid 6117] +++ exited with 0 +++ [pid 6120] mkdir("./file1", 0777 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 6120] <... mkdir resumed>) = 0 [pid 6120] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.515833][ T6119] loop4: detected capacity change from 0 to 4096 [ 146.525182][ T6120] loop3: detected capacity change from 0 to 4096 [ 146.538949][ T6121] loop2: detected capacity change from 0 to 4096 [ 146.552790][ T6120] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5840] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6119] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6118] <... open resumed>) = 5 [pid 5840] <... openat resumed>) = 3 [pid 6118] truncate("./file1", 16784380 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6118] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] getdents64(3, [pid 6118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6118] <... openat resumed>) = 6 [pid 5840] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6118] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6121] <... ioctl resumed>) = 0 [pid 6121] close(3) = 0 [pid 6121] close(4) = 0 [pid 6121] mkdir("./file1", 0777) = 0 [pid 6121] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6118] exit_group(0) = ? [pid 6118] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6118, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5839] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./53/file1") = 0 [pid 5840] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./53/binderfs") = 0 [ 146.554028][ T6119] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 146.584938][ T6121] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] <... umount2 resumed>) = 0 [pid 6120] <... mount resumed>) = 0 [pid 5840] getdents64(3, [pid 6120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6119] <... mount resumed>) = 0 [pid 6120] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6120] chdir("./file1" [pid 6119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6120] <... chdir resumed>) = 0 [pid 6119] <... openat resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6119] chdir("./file1" [pid 5840] rmdir("./53" [pid 5839] newfstatat(AT_FDCWD, "./53/file1", [pid 6121] <... mount resumed>) = 0 [pid 6120] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... rmdir resumed>) = 0 [pid 6121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6120] open("./file1", O_RDONLY|O_DIRECT [pid 5840] mkdir("./54", 0777 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6119] <... chdir resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6119] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6121] <... openat resumed>) = 3 [pid 6121] chdir("./file1" [pid 6120] <... open resumed>) = 4 [pid 5840] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] <... openat resumed>) = 4 [pid 6121] <... chdir resumed>) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 6121] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6119] <... open resumed>) = 4 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] newfstatat(4, "", [pid 6121] open("./file1", O_RDONLY|O_DIRECT [pid 6120] preadv2(4, [pid 5840] <... ioctl resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6119] preadv2(4, [pid 5839] getdents64(4, [pid 6121] <... open resumed>) = 4 [pid 6120] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6119] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] close(3 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6121] preadv2(4, [pid 6120] memfd_create("syzkaller", 0 [pid 6119] memfd_create("syzkaller", 0 [pid 6121] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6120] <... memfd_create resumed>) = 5 [pid 6119] <... memfd_create resumed>) = 5 [pid 5839] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./53/file1") = 0 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6120] <... mmap resumed>) = 0x7f9875600000 [pid 6119] <... mmap resumed>) = 0x7f9875600000 [pid 6121] memfd_create("syzkaller", 0 [pid 5840] <... close resumed>) = 0 [pid 5839] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./53/binderfs") = 0 [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./53") = 0 [pid 5839] mkdir("./54", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 6121] <... memfd_create resumed>) = 5 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6122 attached ) = 0x7f9875600000 [pid 5839] <... close resumed>) = 0 [pid 6122] set_robust_list(0x55558b799660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55558b799650) = 6122 [pid 6122] chdir("./54") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6122] <... prctl resumed>) = 0 [pid 6122] setpgid(0, 0 [pid 5839] <... clone resumed>, child_tidptr=0x55558b799650) = 6123 ./strace-static-x86_64: Process 6123 attached [pid 6122] <... setpgid resumed>) = 0 [pid 6123] set_robust_list(0x55558b799660, 24 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6123] <... set_robust_list resumed>) = 0 [pid 6122] <... openat resumed>) = 3 [pid 6123] chdir("./54" [pid 6122] write(3, "1000", 4 [pid 6123] <... chdir resumed>) = 0 [pid 6122] <... write resumed>) = 4 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6122] close(3) = 0 [pid 6123] <... prctl resumed>) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs" [pid 6123] setpgid(0, 0 [pid 6122] <... symlink resumed>) = 0 [pid 6123] <... setpgid resumed>) = 0 [pid 6122] write(1, "executing program\n", 18executing program [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6122] <... write resumed>) = 18 [pid 6123] <... openat resumed>) = 3 [pid 6123] write(3, "1000", 4executing program ) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] memfd_create("syzkaller", 0 [pid 6123] write(1, "executing program\n", 18) = 18 [pid 6123] memfd_create("syzkaller", 0) = 3 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6119] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6122] <... memfd_create resumed>) = 3 [pid 6121] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6120] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6119] <... write resumed>) = 2097152 [pid 6123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6121] <... write resumed>) = 2097152 [pid 6120] <... write resumed>) = 2097152 [pid 6119] munmap(0x7f9875600000, 138412032) = 0 [pid 6122] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6121] munmap(0x7f9875600000, 138412032 [pid 6120] munmap(0x7f9875600000, 138412032 [pid 6121] <... munmap resumed>) = 0 [pid 6120] <... munmap resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6121] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6119] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6119] close(5 [pid 6121] close(5 [pid 6120] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6120] close(5 [pid 6123] <... write resumed>) = 2097152 [pid 6123] munmap(0x7f9875600000, 138412032 [pid 6121] <... close resumed>) = 0 [pid 6119] <... close resumed>) = 0 [pid 6121] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6119] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6121] <... open resumed>) = 5 [pid 6121] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 6121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 6123] <... munmap resumed>) = 0 [pid 6121] <... openat resumed>) = 6 [pid 6121] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6121] <... mmap resumed>) = 0x200000001000 [pid 6119] <... open resumed>) = 5 [pid 6121] exit_group(0 [pid 6119] truncate("./file1", 16784380 [pid 6121] <... exit_group resumed>) = ? [pid 6123] <... openat resumed>) = 4 [pid 6120] <... close resumed>) = 0 [pid 6119] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6123] ioctl(4, LOOP_SET_FD, 3 [pid 6119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6121] +++ exited with 0 +++ [pid 6119] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6119] exit_group(0) = ? [pid 6123] <... ioctl resumed>) = 0 [pid 6120] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6119] +++ exited with 0 +++ [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 6123] close(3 [pid 6122] <... write resumed>) = 2097152 [pid 6120] <... open resumed>) = 5 [pid 5843] <... restart_syscall resumed>) = 0 [pid 6123] <... close resumed>) = 0 [pid 6122] munmap(0x7f9875600000, 138412032 [pid 6120] truncate("./file1", 16784380 [pid 6123] close(4 [pid 6120] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6123] <... close resumed>) = 0 [pid 6120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5843] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] mkdir("./file1", 0777 [pid 6120] <... openat resumed>) = 6 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6120] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5843] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6123] <... mkdir resumed>) = 0 [pid 6120] <... mmap resumed>) = 0x200000001000 [pid 5843] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6120] exit_group(0 [pid 5843] newfstatat(3, "", [pid 5841] <... openat resumed>) = 3 [pid 6120] <... exit_group resumed>) = ? [pid 5843] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6123] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6122] <... munmap resumed>) = 0 [pid 6120] +++ exited with 0 +++ [pid 5843] getdents64(3, [pid 5841] newfstatat(3, "", [pid 5843] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... umount2 resumed>) = 0 [pid 5842] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5843] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5842] restart_syscall(<... resuming interrupted clone ...> [pid 6122] <... openat resumed>) = 4 [pid 5843] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... restart_syscall resumed>) = 0 [pid 6122] ioctl(4, LOOP_SET_FD, 3 [pid 5843] newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5843] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5843] close(4) = 0 [pid 5843] rmdir("./51/file1") = 0 [pid 5843] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] unlink("./51/binderfs") = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 6122] <... ioctl resumed>) = 0 [pid 5843] rmdir("./51" [pid 6122] close(3 [pid 5843] <... rmdir resumed>) = 0 [pid 5842] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6122] <... close resumed>) = 0 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = 0 [pid 6122] close(4 [pid 5842] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6122] <... close resumed>) = 0 [pid 5843] mkdir("./52", 0777 [pid 6122] mkdir("./file1", 0777 [pid 5842] <... openat resumed>) = 3 [pid 5842] newfstatat(3, "", [pid 6122] <... mkdir resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6122] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5842] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 146.892531][ T6123] loop0: detected capacity change from 0 to 4096 [ 146.919740][ T6123] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 146.936012][ T6122] loop1: detected capacity change from 0 to 4096 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5842] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] newfstatat(AT_FDCWD, "./53/file1", [pid 5843] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5843] ioctl(3, LOOP_CLR_FD [pid 5841] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] <... ioctl resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5843] close(3 [pid 5841] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5843] <... close resumed>) = 0 [pid 5841] getdents64(4, 0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./53/file1") = 0 [pid 5841] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] <... mount resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./53/binderfs" [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./53") = 0 ./strace-static-x86_64: Process 6124 attached [pid 6123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... clone resumed>, child_tidptr=0x55558b799650) = 6124 [pid 5842] <... umount2 resumed>) = 0 [pid 5841] mkdir("./54", 0777 [pid 6123] <... openat resumed>) = 3 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [ 146.954066][ T6122] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5841] close(3 [pid 6124] set_robust_list(0x55558b799660, 24 [pid 6123] chdir("./file1" [pid 6124] <... set_robust_list resumed>) = 0 [pid 6124] chdir("./52") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] <... chdir resumed>) = 0 [pid 5842] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6124] setpgid(0, 0 [pid 6123] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5842] newfstatat(AT_FDCWD, "./52/file1", [pid 6123] open("./file1", O_RDONLY|O_DIRECT [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6124] <... setpgid resumed>) = 0 [pid 5842] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6124] <... openat resumed>) = 3 [pid 6123] <... open resumed>) = 4 [pid 5842] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6124] write(3, "1000", 4) = 4 [pid 5842] <... openat resumed>) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6124] write(1, "executing program\n", 18) = 18 [pid 6124] memfd_create("syzkaller", 0 [pid 6123] preadv2(4, [pid 5842] newfstatat(4, "", [pid 6123] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... close resumed>) = 0 [pid 6124] <... memfd_create resumed>) = 3 [pid 6123] memfd_create("syzkaller", 0 [pid 5842] getdents64(4, [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 5842] getdents64(4, [pid 6123] <... memfd_create resumed>) = 5 [pid 5842] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5842] close(4 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... close resumed>) = 0 [pid 6123] <... mmap resumed>) = 0x7f9875600000 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] rmdir("./52/file1" [pid 5841] <... clone resumed>, child_tidptr=0x55558b799650) = 6125 [pid 5842] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6125 attached [pid 5842] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6125] set_robust_list(0x55558b799660, 24 [pid 5842] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] newfstatat(AT_FDCWD, "./52/binderfs", [pid 6125] <... set_robust_list resumed>) = 0 [pid 5842] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] unlink("./52/binderfs" [pid 6125] chdir("./54") = 0 [pid 5842] <... unlink resumed>) = 0 [pid 5842] getdents64(3, [pid 6125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] <... getdents64 resumed>0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5842] close(3 [pid 6125] setpgid(0, 0 [pid 5842] <... close resumed>) = 0 [pid 6125] <... setpgid resumed>) = 0 [pid 6125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5842] rmdir("./52" [pid 6125] <... openat resumed>) = 3 [pid 5842] <... rmdir resumed>) = 0 [pid 6125] write(3, "1000", 4) = 4 [pid 5842] mkdir("./53", 0777 [pid 6125] close(3) = 0 [pid 6125] symlink("/dev/binderfs", "./binderfs" [pid 5842] <... mkdir resumed>) = 0 [pid 6125] <... symlink resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 executing program [pid 6125] write(1, "executing program\n", 18) = 18 [pid 5842] ioctl(3, LOOP_CLR_FD) = 0 [pid 5842] close(3 [pid 6125] memfd_create("syzkaller", 0) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6124] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6123] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6122] <... mount resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 6122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6124] <... write resumed>) = 2097152 [pid 6122] <... openat resumed>) = 3 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6122] chdir("./file1" [pid 6124] munmap(0x7f9875600000, 138412032./strace-static-x86_64: Process 6126 attached ) = 0 [pid 6122] <... chdir resumed>) = 0 [pid 6126] set_robust_list(0x55558b799660, 24 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] <... clone resumed>, child_tidptr=0x55558b799650) = 6126 [pid 6122] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6122] open("./file1", O_RDONLY|O_DIRECT [pid 6124] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6122] <... open resumed>) = 4 [pid 6124] <... openat resumed>) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3 [pid 6126] <... set_robust_list resumed>) = 0 [pid 6125] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6122] preadv2(4, [pid 6124] <... ioctl resumed>) = 0 [pid 6126] chdir("./53" [pid 6125] <... write resumed>) = 2097152 [pid 6123] <... write resumed>) = 2097152 [pid 6122] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6126] <... chdir resumed>) = 0 [pid 6125] munmap(0x7f9875600000, 138412032 [pid 6122] memfd_create("syzkaller", 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6124] close(3) = 0 [pid 6124] close(4) = 0 [pid 6124] mkdir("./file1", 0777) = 0 [ 147.141333][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 147.141351][ T30] audit: type=1800 audit(1750615428.415:535): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 147.152179][ T6124] loop4: detected capacity change from 0 to 4096 [pid 6124] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6126] <... prctl resumed>) = 0 [pid 6125] <... munmap resumed>) = 0 [pid 6122] <... memfd_create resumed>) = 5 [pid 6126] setpgid(0, 0 [pid 6125] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6126] <... setpgid resumed>) = 0 [pid 6122] <... mmap resumed>) = 0x7f9875600000 [pid 6125] <... openat resumed>) = 4 [pid 6125] ioctl(4, LOOP_SET_FD, 3 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6123] munmap(0x7f9875600000, 138412032) = 0 [pid 6126] <... openat resumed>) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6126] symlink("/dev/binderfs", "./binderfs" [pid 6123] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6126] <... symlink resumed>) = 0 [pid 6123] close(5 [pid 6124] <... mount resumed>) = 0 [pid 6124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./file1") = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6126] write(1, "executing program\n", 18 [pid 6124] open("./file1", O_RDONLY|O_DIRECT) = 4 [ 147.195673][ T6124] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 147.207143][ T6125] loop2: detected capacity change from 0 to 4096 executing program [pid 6126] <... write resumed>) = 18 [pid 6125] <... ioctl resumed>) = 0 [pid 6124] preadv2(4, [pid 6123] <... close resumed>) = 0 [pid 6122] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6126] memfd_create("syzkaller", 0 [pid 6125] close(3 [pid 6124] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6123] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 6126] <... memfd_create resumed>) = 3 [pid 6125] <... close resumed>) = 0 [pid 6124] memfd_create("syzkaller", 0 [ 147.233481][ T30] audit: type=1800 audit(1750615428.505:536): pid=6124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 6126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6125] close(4 [pid 6124] <... memfd_create resumed>) = 5 [pid 6125] <... close resumed>) = 0 [pid 6125] mkdir("./file1", 0777) = 0 [pid 6125] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9875600000 [pid 6122] <... write resumed>) = 2097152 [pid 6122] munmap(0x7f9875600000, 138412032) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6122] close(5 [pid 6126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6123] <... open resumed>) = 5 [pid 6123] truncate("./file1", 16784380 [pid 6122] <... close resumed>) = 0 [pid 6123] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 6123] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 6123] exit_group(0) = ? [pid 6123] +++ exited with 0 +++ [pid 6122] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=4 /* 0.04 s */} --- [ 147.279400][ T30] audit: type=1804 audit(1750615428.535:537): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.ykAWuU/54/file1/file1" dev="loop0" ino=30 res=1 errno=0 [ 147.291037][ T6125] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 6126] <... write resumed>) = 2097152 [pid 6124] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6122] <... open resumed>) = 5 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6126] munmap(0x7f9875600000, 138412032) = 0 [pid 5839] <... openat resumed>) = 3 [pid 6126] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] newfstatat(3, "", [pid 6126] <... openat resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6126] ioctl(4, LOOP_SET_FD, 3 [pid 6125] <... mount resumed>) = 0 [pid 6122] truncate("./file1", 16784380 [pid 5839] getdents64(3, [pid 6125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... getdents64 resumed>0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 6125] <... openat resumed>) = 3 [pid 5839] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6126] <... ioctl resumed>) = 0 [pid 6126] close(3) = 0 [pid 6126] close(4 [pid 6125] chdir("./file1" [pid 6122] <... truncate resumed>) = -1 EFBIG (File too large) [pid 6125] <... chdir resumed>) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] <... umount2 resumed>) = 0 [pid 6126] <... close resumed>) = 0 [pid 6125] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6124] <... write resumed>) = 2097152 [pid 6122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./54/file1", [pid 6122] <... openat resumed>) = 6 [pid 6126] mkdir("./file1", 0777 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6122] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 6125] open("./file1", O_RDONLY|O_DIRECT [pid 6126] <... mkdir resumed>) = 0 [pid 5839] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 147.358684][ T30] audit: type=1804 audit(1750615428.625:538): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.GPnrTm/54/file1/file1" dev="loop1" ino=30 res=1 errno=0 [ 147.386304][ T6126] loop3: detected capacity change from 0 to 4096 [pid 6126] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 6125] <... open resumed>) = 4 [pid 6122] <... mmap resumed>) = 0x200000001000 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6125] preadv2(4, [pid 5839] <... openat resumed>) = 4 [pid 6124] munmap(0x7f9875600000, 138412032 [pid 5839] newfstatat(4, "", [pid 6125] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 6125] memfd_create("syzkaller", 0 [pid 6124] <... munmap resumed>) = 0 [pid 6122] exit_group(0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6125] <... memfd_create resumed>) = 5 [pid 6122] <... exit_group resumed>) = ? [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] getdents64(4, [pid 6125] <... mmap resumed>) = 0x7f9875600000 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 2 entries */, 32768) = 48 [pid 6124] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] getdents64(4, [ 147.414895][ T6126] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 147.428761][ T30] audit: type=1800 audit(1750615428.685:539): pid=6125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor884" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 6124] close(5) = 0 [pid 5839] <... getdents64 resumed>0x55558b7a2730 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 6124] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... close resumed>) = 0 [pid 5839] rmdir("./54/file1") = 0 [pid 5839] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6124] <... open resumed>) = 5 [pid 5839] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6124] truncate("./file1", 16784380 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./54/binderfs") = 0 [pid 6124] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] getdents64(3, 0x55558b79a6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 6124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] <... close resumed>) = 0 [pid 6124] <... openat resumed>) = 6 [pid 5839] rmdir("./54" [pid 6124] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5839] <... rmdir resumed>) = 0 [pid 6124] exit_group(0 [pid 5839] mkdir("./55", 0777 [pid 6124] <... exit_group resumed>) = ? [pid 5839] <... mkdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6125] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6124] +++ exited with 0 +++ [pid 5839] <... openat resumed>) = 3 [pid 5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5843] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... ioctl resumed>) = 0 [pid 5843] <... restart_syscall resumed>) = 0 [pid 5843] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5843] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558b79a6f0 /* 4 entries */, 32768) = 112 [pid 5843] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6122] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=8 /* 0.08 s */} --- [pid 5839] close(3 [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6126] <... mount resumed>) = 0 [pid 5840] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6126] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6126] chdir("./file1" [pid 5840] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6126] <... chdir resumed>) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... openat resumed>) = 3 [pid 6126] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] newfstatat(3, "", [pid 6126] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 147.460357][ T30] audit: type=1804 audit(1750615428.735:540): pid=6124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor884" name="/root/syzkaller.YdVRUk/52/file1/file1" dev="loop4" ino=30 res=1 errno=0