./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor743655199 <...> Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. execve("./syz-executor743655199", ["./syz-executor743655199"], 0x7fff0d12f490 /* 10 vars */) = 0 brk(NULL) = 0x55555857c000 brk(0x55555857cd00) = 0x55555857cd00 arch_prctl(ARCH_SET_FS, 0x55555857c380) = 0 set_tid_address(0x55555857c650) = 5836 set_robust_list(0x55555857c660, 24) = 0 rseq(0x55555857cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor743655199", 4096) = 27 getrandom("\x3c\xfe\xb3\x30\x50\x19\x5d\xcf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555857cd00 brk(0x55555859dd00) = 0x55555859dd00 brk(0x55555859e000) = 0x55555859e000 mprotect(0x7f34a2c46000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached [pid 5837] set_robust_list(0x55555857c660, 24 [pid 5836] <... clone resumed>, child_tidptr=0x55555857c650) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] mkdir("./syzkaller.1NoKxz", 0700./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x55555857c660, 24 [pid 5836] <... clone resumed>, child_tidptr=0x55555857c650) = 5838 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] mkdir("./syzkaller.SduaD7", 0700 [pid 5837] <... mkdir resumed>) = 0 [pid 5837] chmod("./syzkaller.1NoKxz", 0777 [pid 5838] <... mkdir resumed>) = 0 [pid 5837] <... chmod resumed>) = 0 [pid 5838] chmod("./syzkaller.SduaD7", 0777./strace-static-x86_64: Process 5839 attached ) = 0 [pid 5837] chdir("./syzkaller.1NoKxz" [pid 5839] set_robust_list(0x55555857c660, 24 [pid 5837] <... chdir resumed>) = 0 [pid 5836] <... clone resumed>, child_tidptr=0x55555857c650) = 5839 [pid 5838] chdir("./syzkaller.SduaD7" [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... set_robust_list resumed>) = 0 [pid 5837] mkdir("./0", 0777 [pid 5839] mkdir("./syzkaller.IxtiFh", 0700 [pid 5838] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5840 attached [pid 5838] mkdir("./0", 0777 [pid 5837] <... mkdir resumed>) = 0 [pid 5836] <... clone resumed>, child_tidptr=0x55555857c650) = 5840 [pid 5840] set_robust_list(0x55555857c660, 24 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5839] chmod("./syzkaller.IxtiFh", 0777 [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... set_robust_list resumed>) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5841 attached [pid 5840] mkdir("./syzkaller.s9h7xo", 0700 [pid 5839] chdir("./syzkaller.IxtiFh" [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] <... openat resumed>) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5836] <... clone resumed>, child_tidptr=0x55555857c650) = 5841 [pid 5841] set_robust_list(0x55555857c660, 24 [pid 5840] <... mkdir resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5840] chmod("./syzkaller.s9h7xo", 0777 [pid 5839] mkdir("./0", 0777 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5841] <... set_robust_list resumed>) = 0 [pid 5840] <... chmod resumed>) = 0 [pid 5837] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5841] mkdir("./syzkaller.tq1PXa", 0700 [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] chdir("./syzkaller.s9h7xo" [pid 5839] <... openat resumed>) = 3 [pid 5838] close(3 [pid 5837] close(3 [pid 5840] <... chdir resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] mkdir("./0", 0777 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5843 attached ./strace-static-x86_64: Process 5842 attached [pid 5841] chmod("./syzkaller.tq1PXa", 0777 [pid 5839] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5842] set_robust_list(0x55555857c660, 24) = 0 [pid 5842] chdir("./0" [pid 5841] <... chmod resumed>) = 0 [pid 5839] close(3 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5843 [pid 5842] <... chdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] set_robust_list(0x55555857c660, 24 [pid 5842] <... prctl resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... set_robust_list resumed>) = 0 [pid 5841] chdir("./syzkaller.tq1PXa" [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5844 attached [pid 5843] chdir("./0" [pid 5842] <... openat resumed>) = 3 [pid 5841] <... chdir resumed>) = 0 [pid 5840] close(3 [pid 5843] <... chdir resumed>) = 0 [pid 5841] mkdir("./0", 0777 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5844 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5842 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... mkdir resumed>) = 0 [pid 5843] <... prctl resumed>) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5841] close(3 [pid 5844] set_robust_list(0x55555857c660, 24 [pid 5843] write(1, "executing program\n", 18 [pid 5842] write(3, "1000", 4 [pid 5840] <... close resumed>) = 0 executing program [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] <... write resumed>) = 18 [pid 5842] <... write resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached [pid 5843] memfd_create("syzkaller", 0 [pid 5842] close(3 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5844] chdir("./0" [pid 5842] <... close resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5847 [pid 5844] <... chdir resumed>) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs" [pid 5847] set_robust_list(0x55555857c660, 24 [pid 5842] <... symlink resumed>) = 0 executing program [pid 5847] <... set_robust_list resumed>) = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] write(1, "executing program\n", 18 [pid 5847] chdir("./0" [pid 5844] <... prctl resumed>) = 0 [pid 5843] <... memfd_create resumed>) = 3 [pid 5842] <... write resumed>) = 18 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5848 [pid 5847] <... chdir resumed>) = 0 [pid 5844] setpgid(0, 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5848 attached [pid 5847] <... prctl resumed>) = 0 [pid 5843] <... mmap resumed>) = 0x7f349a600000 [pid 5847] setpgid(0, 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] set_robust_list(0x55555857c660, 24 [pid 5847] <... setpgid resumed>) = 0 [pid 5842] <... memfd_create resumed>) = 3 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] chdir("./0" [pid 5847] <... openat resumed>) = 3 [pid 5847] write(3, "1000", 4 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... chdir resumed>) = 0 [pid 5847] <... write resumed>) = 4 [pid 5842] <... mmap resumed>) = 0x7f349a600000 [pid 5847] close(3 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] <... close resumed>) = 0 [pid 5844] <... openat resumed>) = 3 [pid 5844] write(3, "1000", 4 [pid 5848] <... prctl resumed>) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs" [pid 5844] <... write resumed>) = 4 [pid 5844] close(3executing program [pid 5848] setpgid(0, 0 [pid 5847] <... symlink resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5848] <... setpgid resumed>) = 0 [pid 5847] write(1, "executing program\n", 18 [pid 5844] symlink("/dev/binderfs", "./binderfs" [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] <... write resumed>) = 18 [pid 5844] <... symlink resumed>) = 0 executing program [pid 5848] <... openat resumed>) = 3 [pid 5847] memfd_create("syzkaller", 0 [pid 5848] write(3, "1000", 4) = 4 [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5848] write(1, "executing program\n", 18 [pid 5847] <... memfd_create resumed>) = 3 [pid 5844] memfd_create("syzkaller", 0 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... write resumed>) = 18 [pid 5847] <... mmap resumed>) = 0x7f349a600000 [pid 5848] memfd_create("syzkaller", 0 [pid 5844] <... memfd_create resumed>) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5848] <... memfd_create resumed>) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5847] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5844] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5842] <... write resumed>) = 2097152 [pid 5842] munmap(0x7f349a600000, 138412032 [pid 5843] <... write resumed>) = 2097152 [pid 5848] <... write resumed>) = 2097152 [pid 5847] <... write resumed>) = 2097152 [pid 5844] <... write resumed>) = 2097152 [pid 5842] <... munmap resumed>) = 0 [pid 5843] munmap(0x7f349a600000, 138412032 [pid 5848] munmap(0x7f349a600000, 138412032 [pid 5847] munmap(0x7f349a600000, 138412032 [pid 5844] munmap(0x7f349a600000, 138412032 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... munmap resumed>) = 0 [pid 5847] <... munmap resumed>) = 0 [pid 5842] <... openat resumed>) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3 [pid 5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5844] <... munmap resumed>) = 0 [pid 5843] <... munmap resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5847] <... openat resumed>) = 4 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5848] ioctl(4, LOOP_SET_FD, 3 [pid 5847] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... openat resumed>) = 4 [pid 5843] <... openat resumed>) = 4 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./file1", 0777) = 0 [pid 5842] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5848] <... ioctl resumed>) = 0 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [ 83.550833][ T5842] loop0: detected capacity change from 0 to 4096 [ 83.562569][ T5847] loop3: detected capacity change from 0 to 4096 [ 83.570115][ T5848] loop4: detected capacity change from 0 to 4096 [ 83.584123][ T5844] loop2: detected capacity change from 0 to 4096 [ 83.585564][ T5842] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... ioctl resumed>) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file1", 0777) = 0 [pid 5848] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("./file1", 0777) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5847] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file1", 0777) = 0 [ 83.591500][ T5843] loop1: detected capacity change from 0 to 4096 [ 83.606767][ T5848] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 83.624276][ T5847] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5844] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5843] <... ioctl resumed>) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file1", 0777) = 0 [ 83.649662][ T5844] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5843] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5848] <... mount resumed>) = 0 [pid 5847] <... mount resumed>) = 0 [pid 5842] <... mount resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5847] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5842] <... openat resumed>) = 3 [ 83.693564][ T5843] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5848] <... openat resumed>) = 3 [pid 5847] <... openat resumed>) = 3 [pid 5842] chdir("./file1") = 0 [pid 5848] chdir("./file1" [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... chdir resumed>) = 0 [pid 5847] chdir("./file1" [pid 5842] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5847] <... chdir resumed>) = 0 [pid 5842] open("./file1", O_RDONLY|O_DIRECT [pid 5848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] open("./file1", O_RDONLY|O_DIRECT [pid 5847] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5848] <... open resumed>) = 4 [pid 5844] <... mount resumed>) = 0 [pid 5842] <... open resumed>) = 4 [pid 5847] preadv2(4, [pid 5848] preadv2(4, [pid 5842] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5842] memfd_create("syzkaller", 0) = 5 [pid 5848] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5848] memfd_create("syzkaller", 0 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... memfd_create resumed>) = 5 [pid 5842] <... mmap resumed>) = 0x7f349a600000 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5847] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5847] memfd_create("syzkaller", 0) = 5 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file1") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [ 83.775874][ T30] audit: type=1800 audit(1750594909.395:2): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5844] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5844] preadv2(4, [pid 5843] <... mount resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5843] chdir("./file1" [pid 5844] memfd_create("syzkaller", 0 [pid 5843] <... chdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5844] <... memfd_create resumed>) = 5 [pid 5843] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] open("./file1", O_RDONLY|O_DIRECT [pid 5844] <... mmap resumed>) = 0x7f349a600000 [pid 5842] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... open resumed>) = 4 [pid 5843] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [ 83.874210][ T30] audit: type=1800 audit(1750594909.405:3): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5847] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] memfd_create("syzkaller", 0 [pid 5844] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5843] <... memfd_create resumed>) = 5 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5848] <... write resumed>) = 2097152 [pid 5842] <... write resumed>) = 2097152 [pid 5848] munmap(0x7f349a600000, 138412032 [pid 5847] <... write resumed>) = 2097152 [pid 5843] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5848] <... munmap resumed>) = 0 [pid 5847] munmap(0x7f349a600000, 138412032) = 0 [pid 5844] <... write resumed>) = 2097152 [pid 5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] munmap(0x7f349a600000, 138412032 [ 83.971645][ T30] audit: type=1800 audit(1750594909.405:4): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5848] close(5 [pid 5847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5844] munmap(0x7f349a600000, 138412032 [pid 5842] <... munmap resumed>) = 0 [pid 5847] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] close(5 [pid 5848] <... close resumed>) = 0 [pid 5844] <... munmap resumed>) = 0 [pid 5843] <... write resumed>) = 2097152 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] close(5 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5843] munmap(0x7f349a600000, 138412032 [pid 5847] <... close resumed>) = 0 [pid 5844] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... munmap resumed>) = 0 [pid 5844] close(5 [pid 5848] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [ 84.049169][ T30] audit: type=1800 audit(1750594909.485:5): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop2" ino=30 res=0 errno=0 [pid 5847] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] <... open resumed>) = 5 [pid 5848] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5847] <... open resumed>) = 5 [pid 5843] close(5 [pid 5842] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5847] truncate("./file1", 16784380 [pid 5848] <... openat resumed>) = 6 [pid 5848] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5847] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5848] exit_group(0 [pid 5847] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5848] <... exit_group resumed>) = ? [pid 5842] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5848] +++ exited with 0 +++ [pid 5844] <... close resumed>) = 0 [pid 5842] <... open resumed>) = 5 [pid 5843] <... close resumed>) = 0 [pid 5847] exit_group(0) = ? [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5843] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5842] truncate("./file1", 16784380 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5847] +++ exited with 0 +++ [pid 5841] <... restart_syscall resumed>) = 0 [pid 5842] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- [ 84.112841][ T30] audit: type=1800 audit(1750594909.535:6): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5841] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... openat resumed>) = 6 [pid 5844] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5843] <... open resumed>) = 5 [pid 5842] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5843] truncate("./file1", 16784380 [pid 5842] <... mmap resumed>) = 0x200000001000 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5843] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5842] exit_group(0 [pid 5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5842] <... exit_group resumed>) = ? [pid 5840] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5844] <... open resumed>) = 5 [pid 5843] <... openat resumed>) = 6 [pid 5842] +++ exited with 0 +++ [pid 5840] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5843] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5844] truncate("./file1", 16784380 [pid 5840] <... openat resumed>) = 3 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} --- [pid 5843] <... mmap resumed>) = 0x200000001000 [pid 5840] newfstatat(3, "", [pid 5843] exit_group(0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5843] <... exit_group resumed>) = ? [pid 5837] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, [pid 5844] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5844] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5843] +++ exited with 0 +++ [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5844] exit_group(0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5844] <... exit_group resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5838] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 84.173884][ T30] audit: type=1804 audit(1750594909.745:7): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.s9h7xo/0/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [ 84.240667][ T30] audit: type=1804 audit(1750594909.745:8): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.tq1PXa/0/file1/file1" dev="loop4" ino=30 res=1 errno=0 [ 84.264735][ T30] audit: type=1804 audit(1750594909.785:9): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.1NoKxz/0/file1/file1" dev="loop0" ino=30 res=1 errno=0 [pid 5838] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... umount2 resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./0/file1", [pid 5841] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5841] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... openat resumed>) = 4 [pid 5840] <... openat resumed>) = 4 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(4, "", [pid 5840] newfstatat(4, "", [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] newfstatat(AT_FDCWD, "./0/file1", [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5840] getdents64(4, [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(4, [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(4, [pid 5841] close(4 [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] <... close resumed>) = 0 [pid 5840] close(4 [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] rmdir("./0/file1" [pid 5840] <... close resumed>) = 0 [pid 5837] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/file1", [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... rmdir resumed>) = 0 [pid 5840] rmdir("./0/file1" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(4, "", [pid 5839] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5837] getdents64(4, [pid 5840] <... rmdir resumed>) = 0 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./0/file1") = 0 [pid 5837] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5840] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5840] unlink("./0/binderfs" [pid 5839] newfstatat(4, "", [pid 5837] unlink("./0/binderfs" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... unlink resumed>) = 0 [pid 5841] unlink("./0/binderfs" [pid 5840] getdents64(3, [pid 5841] <... unlink resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] getdents64(4, [pid 5837] getdents64(3, [pid 5841] getdents64(3, [pid 5840] close(3 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... close resumed>) = 0 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] close(3 [pid 5841] close(3 [pid 5840] rmdir("./0" [pid 5838] <... umount2 resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5838] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] rmdir("./0" [pid 5841] rmdir("./0" [pid 5840] <... rmdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... rmdir resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./0/file1", [pid 5837] mkdir("./1", 0777 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] mkdir("./1", 0777 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] <... mkdir resumed>) = 0 [pid 5841] mkdir("./1", 0777 [pid 5838] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5839] close(4 [pid 5837] <... ioctl resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5839] <... close resumed>) = 0 [pid 5837] close(3 [pid 5840] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 84.288696][ T30] audit: type=1804 audit(1750594909.805:10): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.SduaD7/0/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5841] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5839] rmdir("./0/file1") = 0 [pid 5840] close(3 [pid 5839] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] unlink("./0/binderfs") = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] getdents64(3, [pid 5838] close(4 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] <... close resumed>) = 0 [pid 5839] close(3) = 0 [pid 5838] rmdir("./0/file1") = 0 [pid 5839] rmdir("./0") = 0 [pid 5838] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] mkdir("./1", 0777) = 0 [pid 5838] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./0/binderfs") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] <... close resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5838] rmdir("./0" [pid 5839] <... close resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3 [pid 5838] mkdir("./1", 0777 [pid 5837] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5852 [pid 5838] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x55555857c660, 24) = 0 [pid 5852] chdir("./1") = 0 executing program [pid 5841] <... close resumed>) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] <... close resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... prctl resumed>) = 0 [pid 5852] setpgid(0, 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5853 [pid 5852] <... setpgid resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 5853 attached [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] set_robust_list(0x55555857c660, 24) = 0 [pid 5853] chdir("./1" [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] memfd_create("syzkaller", 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5854 [pid 5853] <... chdir resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... memfd_create resumed>) = 3 [pid 5840] <... close resumed>) = 0 [pid 5853] <... prctl resumed>) = 0 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5855 ./strace-static-x86_64: Process 5854 attached [pid 5853] setpgid(0, 0 [pid 5852] <... mmap resumed>) = 0x7f349a600000 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] set_robust_list(0x55555857c660, 24 [pid 5853] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5855] set_robust_list(0x55555857c660, 24 [pid 5853] <... openat resumed>) = 3 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] write(3, "1000", 4 [pid 5855] chdir("./1" [pid 5853] <... write resumed>) = 4 [pid 5855] <... chdir resumed>) = 0 [pid 5853] close(3 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] <... close resumed>) = 0 [pid 5855] <... prctl resumed>) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5854] chdir("./1"./strace-static-x86_64: Process 5856 attached [pid 5855] setpgid(0, 0 [pid 5853] <... symlink resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5856 [ 84.408451][ T30] audit: type=1804 audit(1750594909.835:11): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.IxtiFh/0/file1/file1" dev="loop2" ino=30 res=1 errno=0 executing program [pid 5856] set_robust_list(0x55555857c660, 24 [pid 5855] <... setpgid resumed>) = 0 [pid 5854] <... chdir resumed>) = 0 [pid 5853] write(1, "executing program\n", 18 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] <... write resumed>) = 18 [pid 5856] chdir("./1" [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5856] <... chdir resumed>) = 0 [pid 5854] <... prctl resumed>) = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] <... openat resumed>) = 3 [pid 5854] setpgid(0, 0 [pid 5856] <... prctl resumed>) = 0 [pid 5854] <... setpgid resumed>) = 0 [pid 5855] write(3, "1000", 4 [pid 5853] memfd_create("syzkaller", 0 [pid 5856] setpgid(0, 0 [pid 5855] <... write resumed>) = 4 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] <... memfd_create resumed>) = 3 [pid 5856] <... setpgid resumed>) = 0 [pid 5855] close(3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] <... close resumed>) = 0 [pid 5854] <... openat resumed>) = 3 [pid 5853] <... mmap resumed>) = 0x7f349a600000 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] write(3, "1000", 4 [pid 5856] <... openat resumed>) = 3 [pid 5855] <... symlink resumed>) = 0 [pid 5854] <... write resumed>) = 4 [pid 5856] write(3, "1000", 4 [pid 5854] close(3) = 0 [pid 5856] <... write resumed>) = 4 [pid 5854] symlink("/dev/binderfs", "./binderfs" [pid 5856] close(3 [pid 5855] write(1, "executing program\n", 18 [pid 5854] <... symlink resumed>) = 0 [pid 5856] <... close resumed>) = 0 [pid 5854] write(1, "executing program\n", 18executing program executing program [pid 5856] symlink("/dev/binderfs", "./binderfs" [pid 5854] <... write resumed>) = 18 [pid 5855] <... write resumed>) = 18 [pid 5856] <... symlink resumed>) = 0 [pid 5854] memfd_create("syzkaller", 0executing program [pid 5856] write(1, "executing program\n", 18 [pid 5854] <... memfd_create resumed>) = 3 [pid 5856] <... write resumed>) = 18 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5856] memfd_create("syzkaller", 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5854] <... mmap resumed>) = 0x7f349a600000 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5856] <... memfd_create resumed>) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] <... mmap resumed>) = 0x7f349a600000 [pid 5855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5852] <... write resumed>) = 2097152 [pid 5855] <... write resumed>) = 2097152 [pid 5853] <... write resumed>) = 2097152 [pid 5852] munmap(0x7f349a600000, 138412032 [pid 5855] munmap(0x7f349a600000, 138412032 [pid 5854] <... write resumed>) = 2097152 [pid 5855] <... munmap resumed>) = 0 [pid 5853] munmap(0x7f349a600000, 138412032 [pid 5852] <... munmap resumed>) = 0 [pid 5856] <... write resumed>) = 2097152 [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5854] munmap(0x7f349a600000, 138412032 [pid 5853] <... munmap resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... openat resumed>) = 4 [pid 5856] munmap(0x7f349a600000, 138412032 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5854] <... munmap resumed>) = 0 [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5855] <... close resumed>) = 0 [pid 5854] <... openat resumed>) = 4 [pid 5855] close(4 [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... close resumed>) = 0 [pid 5855] mkdir("./file1", 0777 [pid 5853] <... ioctl resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5852] close(3) = 0 [pid 5853] close(3 [pid 5852] close(4 [pid 5853] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5853] close(4) = 0 [pid 5852] mkdir("./file1", 0777 [pid 5855] <... mkdir resumed>) = 0 [ 84.654833][ T5852] loop2: detected capacity change from 0 to 4096 [ 84.662526][ T5853] loop1: detected capacity change from 0 to 4096 [ 84.669363][ T5855] loop4: detected capacity change from 0 to 4096 [ 84.677611][ T5854] loop0: detected capacity change from 0 to 4096 [pid 5852] <... mkdir resumed>) = 0 [pid 5856] <... munmap resumed>) = 0 [pid 5855] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5853] mkdir("./file1", 0777) = 0 [pid 5853] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5852] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5854] <... ioctl resumed>) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file1", 0777 [pid 5856] <... openat resumed>) = 4 [pid 5854] <... mkdir resumed>) = 0 [pid 5854] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 84.699266][ T5855] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 84.708498][ T5853] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 84.720220][ T5852] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 84.741433][ T5856] loop3: detected capacity change from 0 to 4096 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file1", 0777) = 0 [pid 5856] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5855] <... mount resumed>) = 0 [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file1") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5855] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [ 84.743379][ T5854] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 84.760172][ T5856] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5855] memfd_create("syzkaller", 0) = 5 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5854] <... mount resumed>) = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file1") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] open("./file1", O_RDONLY|O_DIRECT [pid 5856] <... mount resumed>) = 0 [pid 5853] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file1") = 0 [pid 5854] <... open resumed>) = 4 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5854] preadv2(4, [pid 5853] <... openat resumed>) = 3 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5853] chdir("./file1" [pid 5856] open("./file1", O_RDONLY|O_DIRECT [pid 5853] <... chdir resumed>) = 0 [pid 5854] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5856] <... open resumed>) = 4 [pid 5854] memfd_create("syzkaller", 0 [pid 5853] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5854] <... memfd_create resumed>) = 5 [pid 5853] open("./file1", O_RDONLY|O_DIRECT [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5856] preadv2(4, [pid 5853] <... open resumed>) = 4 [pid 5856] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5856] memfd_create("syzkaller", 0 [pid 5852] <... mount resumed>) = 0 [pid 5856] <... memfd_create resumed>) = 5 [pid 5853] preadv2(4, [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5853] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5853] memfd_create("syzkaller", 0 [pid 5856] <... mmap resumed>) = 0x7f349a600000 [pid 5852] <... openat resumed>) = 3 [pid 5853] <... memfd_create resumed>) = 5 [pid 5852] chdir("./file1" [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... chdir resumed>) = 0 [pid 5853] <... mmap resumed>) = 0x7f349a600000 [pid 5852] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5852] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5852] memfd_create("syzkaller", 0) = 5 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5855] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5853] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5852] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5855] <... write resumed>) = 2097152 [pid 5855] munmap(0x7f349a600000, 138412032 [pid 5854] <... write resumed>) = 2097152 [pid 5855] <... munmap resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5854] munmap(0x7f349a600000, 138412032 [pid 5856] <... write resumed>) = 2097152 [pid 5856] munmap(0x7f349a600000, 138412032 [pid 5852] <... write resumed>) = 2097152 [pid 5856] <... munmap resumed>) = 0 [pid 5855] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5854] <... munmap resumed>) = 0 [pid 5855] close(5 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] munmap(0x7f349a600000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5853] <... write resumed>) = 2097152 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5856] close(5 [pid 5854] close(5 [pid 5853] munmap(0x7f349a600000, 138412032 [pid 5852] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] close(5 [pid 5853] <... munmap resumed>) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] close(5 [pid 5855] <... close resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5856] <... close resumed>) = 0 [pid 5855] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5852] <... close resumed>) = 0 [pid 5856] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5852] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5854] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5853] <... close resumed>) = 0 [pid 5856] <... open resumed>) = 5 [pid 5855] <... open resumed>) = 5 [pid 5853] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5856] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5853] <... open resumed>) = 5 [pid 5852] <... open resumed>) = 5 [pid 5852] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5852] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5852] exit_group(0) = ? [pid 5853] truncate("./file1", 16784380 [pid 5856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5855] truncate("./file1", 16784380 [pid 5854] <... open resumed>) = 5 [pid 5852] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5854] truncate("./file1", 16784380 [pid 5856] <... openat resumed>) = 6 [pid 5839] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5856] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5855] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5854] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5853] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5855] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5853] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5856] <... mmap resumed>) = 0x200000001000 [pid 5853] <... openat resumed>) = 6 [pid 5853] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5853] exit_group(0) = ? [pid 5856] exit_group(0 [pid 5855] <... openat resumed>) = 6 [pid 5854] <... openat resumed>) = 6 [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", [pid 5854] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5856] <... exit_group resumed>) = ? [pid 5855] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5855] <... mmap resumed>) = 0x200000001000 [pid 5854] <... mmap resumed>) = 0x200000001000 [pid 5853] +++ exited with 0 +++ [pid 5839] getdents64(3, [pid 5855] exit_group(0 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5855] <... exit_group resumed>) = ? [pid 5854] exit_group(0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5854] <... exit_group resumed>) = ? [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5856] +++ exited with 0 +++ [pid 5838] <... restart_syscall resumed>) = 0 [pid 5855] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5840] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5854] +++ exited with 0 +++ [pid 5841] <... restart_syscall resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5838] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(3, "", [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5838] <... openat resumed>) = 3 [pid 5841] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] newfstatat(3, "", [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] getdents64(3, [pid 5837] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... openat resumed>) = 3 [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(3, [pid 5837] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] newfstatat(3, "", [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] <... openat resumed>) = 3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] newfstatat(3, "", [pid 5841] getdents64(3, [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] getdents64(3, [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] rmdir("./1/file1") = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] newfstatat(4, "", [pid 5840] unlink("./1/binderfs" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4 [pid 5840] getdents64(3, [pid 5839] <... close resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] rmdir("./1/file1" [pid 5840] close(3) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5840] rmdir("./1") = 0 [pid 5839] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5840] mkdir("./2", 0777) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./1/file1", [pid 5839] unlink("./1/binderfs" [pid 5838] <... openat resumed>) = 4 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5838] newfstatat(4, "", [pid 5841] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(3, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5841] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] <... openat resumed>) = 4 [pid 5838] getdents64(4, [pid 5840] <... openat resumed>) = 3 [pid 5838] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5838] close(4 [pid 5839] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5838] rmdir("./1/file1" [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] rmdir("./1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5841] getdents64(4, [pid 5840] close(3 [pid 5838] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] <... close resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5839] mkdir("./2", 0777 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(4, [pid 5839] <... mkdir resumed>) = 0 [pid 5838] unlink("./1/binderfs" [pid 5837] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5857 attached [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... unlink resumed>) = 0 [pid 5837] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(3, [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] rmdir("./1/file1" [pid 5839] <... openat resumed>) = 3 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] newfstatat(AT_FDCWD, "./1/file1", [pid 5857] set_robust_list(0x55555857c660, 24 [pid 5841] <... rmdir resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] close(3 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5841] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5857 [pid 5839] <... ioctl resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5837] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] chdir("./2" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5838] rmdir("./1" [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... close resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... chdir resumed>) = 0 [pid 5841] unlink("./1/binderfs"executing program ./strace-static-x86_64: Process 5858 attached [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... unlink resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5858 [pid 5838] mkdir("./2", 0777 [pid 5837] <... openat resumed>) = 4 [pid 5857] <... prctl resumed>) = 0 [pid 5837] newfstatat(4, "", [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5857] write(3, "1000", 4 [pid 5841] rmdir("./1" [pid 5857] <... write resumed>) = 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] mkdir("./2", 0777 [pid 5857] write(1, "executing program\n", 18 [pid 5841] <... mkdir resumed>) = 0 [pid 5857] <... write resumed>) = 18 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] set_robust_list(0x55555857c660, 24 [pid 5857] memfd_create("syzkaller", 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... mkdir resumed>) = 0 [pid 5837] getdents64(4, [pid 5841] <... openat resumed>) = 3 [pid 5857] <... memfd_create resumed>) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5857] <... mmap resumed>) = 0x7f349a600000 [pid 5841] close(3 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... openat resumed>) = 3 [pid 5837] getdents64(4, [pid 5858] chdir("./2" [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5837] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5858] <... chdir resumed>) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5837] close(4 [pid 5838] close(3 [pid 5837] <... close resumed>) = 0 [pid 5837] rmdir("./1/file1") = 0 [pid 5837] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./1/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] <... close resumed>) = 0 [pid 5858] <... prctl resumed>) = 0 [pid 5837] rmdir("./1" [pid 5858] setpgid(0, 0 [pid 5837] <... rmdir resumed>) = 0 [pid 5858] <... setpgid resumed>) = 0 [pid 5837] mkdir("./2", 0777 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] <... mkdir resumed>) = 0 [pid 5858] <... openat resumed>) = 3 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5841] <... close resumed>) = 0 [pid 5837] <... ioctl resumed>) = 0 [pid 5837] close(3) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5859 [pid 5858] <... close resumed>) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] memfd_create("syzkaller", 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached [pid 5859] set_robust_list(0x55555857c660, 24 [pid 5858] <... memfd_create resumed>) = 3 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] chdir("./2" [pid 5858] <... mmap resumed>) = 0x7f349a600000 ./strace-static-x86_64: Process 5860 attached [pid 5859] <... chdir resumed>) = 0 [pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] set_robust_list(0x55555857c660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0 [pid 5860] chdir("./2" [pid 5859] <... setpgid resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5860] <... chdir resumed>) = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5859] symlink("/dev/binderfs", "./binderfs" [pid 5860] <... prctl resumed>) = 0 [pid 5860] setpgid(0, 0 [pid 5859] <... symlink resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5860] <... setpgid resumed>) = 0 [pid 5859] write(1, "executing program\n", 18 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5862 attached [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5857] <... write resumed>) = 2097152 [pid 5859] <... write resumed>) = 18 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5862 [pid 5862] set_robust_list(0x55555857c660, 24) = 0 [pid 5862] chdir("./2" [pid 5860] <... openat resumed>) = 3 [pid 5857] munmap(0x7f349a600000, 138412032 [pid 5862] <... chdir resumed>) = 0 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] write(3, "1000", 4 [pid 5857] <... munmap resumed>) = 0 [pid 5862] <... prctl resumed>) = 0 [pid 5860] <... write resumed>) = 4 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5860] close(3) = 0 [pid 5857] <... openat resumed>) = 4 [pid 5862] setpgid(0, 0 [pid 5860] symlink("/dev/binderfs", "./binderfs" [pid 5862] <... setpgid resumed>) = 0 [pid 5857] ioctl(4, LOOP_SET_FD, 3executing program [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] <... symlink resumed>) = 0 [pid 5857] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] write(1, "executing program\n", 18 [pid 5857] ioctl(4, LOOP_CLR_FD [pid 5860] <... write resumed>) = 18 [pid 5862] <... openat resumed>) = 3 [pid 5860] memfd_create("syzkaller", 0 [pid 5857] <... ioctl resumed>) = 0 [pid 5862] write(3, "1000", 4 [pid 5858] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5862] <... write resumed>) = 4 [pid 5862] close(3) = 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5862] symlink("/dev/binderfs", "./binderfs" [pid 5857] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5862] <... symlink resumed>) = 0 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] close(4 [pid 5860] <... mmap resumed>) = 0x7f349a600000 executing program [pid 5862] write(1, "executing program\n", 18 [pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5862] <... write resumed>) = 18 [pid 5858] <... write resumed>) = 2097152 [pid 5862] memfd_create("syzkaller", 0 [pid 5857] <... close resumed>) = 0 [pid 5857] close(3 [pid 5858] munmap(0x7f349a600000, 138412032 [pid 5862] <... memfd_create resumed>) = 3 [pid 5858] <... munmap resumed>) = 0 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5862] <... mmap resumed>) = 0x7f349a600000 [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] <... write resumed>) = 2097152 [pid 5859] munmap(0x7f349a600000, 138412032 [pid 5857] <... close resumed>) = 0 [pid 5859] <... munmap resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] <... ioctl resumed>) = 0 [pid 5857] open("./file1", O_RDONLY|O_DIRECT [pid 5859] close(3 [pid 5858] close(3 [pid 5857] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5859] <... close resumed>) = 0 [pid 5858] <... close resumed>) = 0 [pid 5859] close(4 [pid 5858] close(4 [pid 5857] preadv2(-1, [pid 5859] <... close resumed>) = 0 [pid 5858] <... close resumed>) = 0 [ 85.623953][ T5858] loop2: detected capacity change from 0 to 4096 [ 85.650993][ T5859] loop0: detected capacity change from 0 to 4096 [pid 5859] mkdir("./file1", 0777 [pid 5858] mkdir("./file1", 0777 [pid 5859] <... mkdir resumed>) = 0 [pid 5858] <... mkdir resumed>) = 0 [pid 5857] <... preadv2 resumed>[{iov_base=0x200000001200, iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = -1 EBADF (Bad file descriptor) [pid 5859] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5858] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] <... write resumed>) = 2097152 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5860] munmap(0x7f349a600000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 85.684381][ T5858] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 85.699987][ T5859] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5858] <... mount resumed>) = 0 [pid 5858] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file1") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] open("./file1", O_RDONLY|O_DIRECT [pid 5860] <... ioctl resumed>) = 0 [pid 5858] <... open resumed>) = 4 [ 85.743563][ T5860] loop4: detected capacity change from 0 to 4096 [pid 5860] close(3 [pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5862] <... write resumed>) = 2097152 [pid 5860] <... close resumed>) = 0 [pid 5858] preadv2(4, [pid 5860] close(4) = 0 [pid 5860] mkdir("./file1", 0777) = 0 [pid 5860] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5862] munmap(0x7f349a600000, 138412032 [pid 5858] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5862] <... munmap resumed>) = 0 [pid 5859] <... mount resumed>) = 0 [pid 5858] memfd_create("syzkaller", 0 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5858] <... memfd_create resumed>) = 5 [pid 5859] <... openat resumed>) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] chdir("./file1") = 0 [pid 5858] <... mmap resumed>) = 0x7f349a600000 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5862] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] <... openat resumed>) = 4 [pid 5859] open("./file1", O_RDONLY|O_DIRECT [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5859] <... open resumed>) = 4 [pid 5859] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5859] memfd_create("syzkaller", 0) = 5 [pid 5862] <... ioctl resumed>) = 0 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5862] close(3 [pid 5859] <... mmap resumed>) = 0x7f349a600000 [pid 5862] <... close resumed>) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file1", 0777) = 0 [ 85.802224][ T5860] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 85.838456][ T5862] loop1: detected capacity change from 0 to 4096 [pid 5862] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5857] <... write resumed>) = 2097152 [pid 5857] munmap(0x7f349a600000, 138412032) = 0 [pid 5858] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5859] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] <... mount resumed>) = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1" [pid 5857] <... ioctl resumed>) = 0 [pid 5860] <... chdir resumed>) = 0 [pid 5857] close(3 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5857] <... close resumed>) = 0 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] close(4 [pid 5860] open("./file1", O_RDONLY|O_DIRECT [pid 5857] <... close resumed>) = 0 [pid 5857] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5860] <... open resumed>) = 4 [pid 5857] <... mkdir resumed>) = 0 [pid 5860] preadv2(4, [ 85.896400][ T5862] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 85.932133][ T5857] loop3: detected capacity change from 0 to 4096 [pid 5857] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", 0, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x10\x37\x35\x2c\x73\x70\x61\x72\x73\x65\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x65\x75\x63\x2d\x6a\x70\x2c\x61\x63\x6c\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70"... [pid 5860] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5860] memfd_create("syzkaller", 0) = 5 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... write resumed>) = 2097152 [pid 5860] <... mmap resumed>) = 0x7f349a600000 [pid 5862] <... mount resumed>) = 0 [pid 5858] munmap(0x7f349a600000, 138412032 [pid 5862] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] <... write resumed>) = 2097152 [pid 5862] chdir("./file1") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] open("./file1", O_RDONLY|O_DIRECT [pid 5858] <... munmap resumed>) = 0 [pid 5862] <... open resumed>) = 4 [pid 5862] preadv2(4, [pid 5859] munmap(0x7f349a600000, 138412032 [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] close(5 [pid 5862] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5859] <... munmap resumed>) = 0 [pid 5862] memfd_create("syzkaller", 0 [pid 5860] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5862] <... memfd_create resumed>) = 5 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5857] <... mount resumed>) = 0 [pid 5857] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5859] close(5 [pid 5857] <... open resumed>) = 4 [pid 5857] truncate("./file1", 16784380 [pid 5858] <... close resumed>) = 0 [pid 5857] <... truncate resumed>) = 0 [pid 5857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 5 [ 86.094792][ T5857] [ 86.097243][ T5857] ====================================================== [ 86.104269][ T5857] WARNING: possible circular locking dependency detected [ 86.111306][ T5857] 6.16.0-rc2-next-20250620-syzkaller #0 Not tainted [ 86.117899][ T5857] ------------------------------------------------------ [ 86.124916][ T5857] syz-executor743/5857 is trying to acquire lock: [ 86.131333][ T5857] ffff88807693be58 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: ntfs_file_mmap_prepare+0x599/0x770 [ 86.142282][ T5857] [ 86.142282][ T5857] but task is already holding lock: [ 86.149666][ T5857] ffff888078e26d60 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1bd/0x4c0 [ 86.158637][ T5857] [ 86.158637][ T5857] which lock already depends on the new lock. [ 86.158637][ T5857] [ 86.169041][ T5857] [ 86.169041][ T5857] the existing dependency chain (in reverse order) is: [ 86.178048][ T5857] [ 86.178048][ T5857] -> #1 (&mm->mmap_lock){++++}-{4:4}: [ 86.185603][ T5857] lock_acquire+0x120/0x360 [ 86.190636][ T5857] gup_fast_fallback+0x22e/0x2270 [ 86.196193][ T5857] iov_iter_extract_pages+0x35a/0x5e0 [ 86.202081][ T5857] __blockdev_direct_IO+0x1166/0x3490 [ 86.207970][ T5857] ntfs_direct_IO+0x20b/0x410 [ 86.213167][ T5857] generic_file_read_iter+0x319/0x510 [ 86.219063][ T5857] do_iter_readv_writev+0x56b/0x7f0 [ 86.224788][ T5857] vfs_readv+0x253/0x850 [ 86.229570][ T5857] __se_sys_preadv2+0x179/0x290 [ 86.234961][ T5857] do_syscall_64+0xfa/0x3b0 [ 86.239997][ T5857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.246415][ T5857] [ 86.246415][ T5857] -> #0 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}: [ 86.255103][ T5857] validate_chain+0xb9b/0x2140 [ 86.260389][ T5857] __lock_acquire+0xab9/0xd20 [ 86.265581][ T5857] lock_acquire+0x120/0x360 [ 86.270596][ T5857] down_write+0x96/0x1f0 [ 86.275348][ T5857] ntfs_file_mmap_prepare+0x599/0x770 [ 86.281224][ T5857] mmap_region+0xb4a/0x2080 [ 86.286243][ T5857] do_mmap+0xc45/0x10d0 [ 86.290954][ T5857] vm_mmap_pgoff+0x31b/0x4c0 [ 86.296064][ T5857] ksys_mmap_pgoff+0x51f/0x760 [ 86.301343][ T5857] do_syscall_64+0xfa/0x3b0 [ 86.306365][ T5857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.312767][ T5857] [ 86.312767][ T5857] other info that might help us debug this: [ 86.312767][ T5857] [ 86.322985][ T5857] Possible unsafe locking scenario: [ 86.322985][ T5857] [ 86.330423][ T5857] CPU0 CPU1 [ 86.335775][ T5857] ---- ---- [ 86.341124][ T5857] lock(&mm->mmap_lock); [ 86.345446][ T5857] lock(&sb->s_type->i_mutex_key#15); [ 86.353427][ T5857] lock(&mm->mmap_lock); [ 86.360274][ T5857] lock(&sb->s_type->i_mutex_key#15); [ 86.365739][ T5857] [ 86.365739][ T5857] *** DEADLOCK *** [ 86.365739][ T5857] [ 86.373879][ T5857] 1 lock held by syz-executor743/5857: [ 86.379340][ T5857] #0: ffff888078e26d60 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1bd/0x4c0 [ 86.388758][ T5857] [ 86.388758][ T5857] stack backtrace: [pid 5857] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5862] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] <... write resumed>) = 2097152 [pid 5859] <... close resumed>) = 0 [pid 5858] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5859] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5860] munmap(0x7f349a600000, 138412032 [pid 5862] <... write resumed>) = 2097152 [ 86.394660][ T5857] CPU: 0 UID: 0 PID: 5857 Comm: syz-executor743 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 86.394684][ T5857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 86.394699][ T5857] Call Trace: [ 86.394707][ T5857] [ 86.394714][ T5857] dump_stack_lvl+0x189/0x250 [ 86.394740][ T5857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.394762][ T5857] ? __pfx__printk+0x10/0x10 [ 86.394779][ T5857] ? print_lock_name+0xde/0x100 [ 86.394795][ T5857] print_circular_bug+0x2ee/0x310 [ 86.394811][ T5857] check_noncircular+0x134/0x160 [ 86.394837][ T5857] validate_chain+0xb9b/0x2140 [ 86.394863][ T5857] ? up_write+0x1c4/0x420 [ 86.394881][ T5857] __lock_acquire+0xab9/0xd20 [ 86.394903][ T5857] ? ntfs_file_mmap_prepare+0x599/0x770 [ 86.394929][ T5857] lock_acquire+0x120/0x360 [ 86.394946][ T5857] ? ntfs_file_mmap_prepare+0x599/0x770 [ 86.394964][ T5857] down_write+0x96/0x1f0 [ 86.394980][ T5857] ? ntfs_file_mmap_prepare+0x599/0x770 [ 86.394992][ T5857] ? __pfx_down_write+0x10/0x10 [ 86.395008][ T5857] ? vms_clear_ptes+0x42c/0x540 [ 86.395029][ T5857] ntfs_file_mmap_prepare+0x599/0x770 [ 86.395042][ T5857] ? __pfx_vms_clear_ptes+0x10/0x10 [ 86.395063][ T5857] ? __pfx_ntfs_file_mmap_prepare+0x10/0x10 [ 86.395077][ T5857] ? mas_find+0x9ba/0xbc0 [ 86.395101][ T5857] mmap_region+0xb4a/0x2080 [ 86.395124][ T5857] ? process_measurement+0x15b6/0x1a40 [ 86.395140][ T5857] ? __pfx_mmap_region+0x10/0x10 [ 86.395161][ T5857] ? __pfx___mutex_lock+0x10/0x10 [ 86.395177][ T5857] ? rcu_is_watching+0x15/0xb0 [ 86.395197][ T5857] ? process_measurement+0x15c3/0x1a40 [ 86.395226][ T5857] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 86.395251][ T5857] ? cap_mmap_addr+0xb0/0x100 [ 86.395269][ T5857] ? bpf_lsm_mmap_addr+0x9/0x20 [ 86.395288][ T5857] ? security_mmap_addr+0x71/0x270 [ 86.395305][ T5857] ? shmem_mapping+0xd/0x50 [ 86.395320][ T5857] ? memfd_check_seals_mmap+0xc5/0x200 [ 86.395338][ T5857] do_mmap+0xc45/0x10d0 [ 86.395361][ T5857] ? __pfx_do_mmap+0x10/0x10 [ 86.395378][ T5857] ? down_write_killable+0x178/0x230 [ 86.395394][ T5857] ? end_current_label_crit_section+0x152/0x180 [ 86.395416][ T5857] ? __pfx_down_write_killable+0x10/0x10 [ 86.395434][ T5857] vm_mmap_pgoff+0x31b/0x4c0 [ 86.395454][ T5857] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 86.395472][ T5857] ? __fget_files+0x2a/0x420 [ 86.395487][ T5857] ? __fget_files+0x3a0/0x420 [ 86.395500][ T5857] ? __fget_files+0x2a/0x420 [ 86.395514][ T5857] ksys_mmap_pgoff+0x51f/0x760 [ 86.395535][ T5857] do_syscall_64+0xfa/0x3b0 [ 86.395549][ T5857] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.395561][ T5857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.395575][ T5857] ? clear_bhb_loop+0x60/0xb0 [ 86.395590][ T5857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.395603][ T5857] RIP: 0033:0x7f34a2b93559 [ 86.395620][ T5857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.395636][ T5857] RSP: 002b:00007ffdb6460a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [pid 5862] munmap(0x7f349a600000, 138412032 [pid 5860] <... munmap resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] close(5 [pid 5859] <... open resumed>) = 5 [pid 5859] truncate("./file1", 16784380 [pid 5862] <... munmap resumed>) = 0 [pid 5859] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5859] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5859] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5862] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5859] <... mmap resumed>) = 0x200000001000 [pid 5862] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5859] exit_group(0) = ? [ 86.395650][ T5857] RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007f34a2b93559 [ 86.395660][ T5857] RDX: 000000000000000e RSI: 0000000000001000 RDI: 0000200000001000 [ 86.395669][ T5857] RBP: 00002000000000c0 R08: 0000000000000005 R09: 0000000000000000 [ 86.395682][ T5857] R10: 0000000000000011 R11: 0000000000000246 R12: 0031656c69662f2e [ 86.395691][ T5857] R13: 0000200000000040 R14: 431bde82d7b634db R15: 00007ffdb6460ab0 [ 86.395707][ T5857] executing program [pid 5862] close(5 [pid 5860] <... close resumed>) = 0 [pid 5859] +++ exited with 0 +++ [pid 5860] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5860] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5860] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ [pid 5857] <... mmap resumed>) = 0x200000001000 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- [pid 5837] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5837] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5837] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./2/file1") = 0 [pid 5837] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./2/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./2") = 0 [pid 5837] mkdir("./3", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5837] close(3 [pid 5857] exit_group(0) = ? [pid 5857] +++ exited with 0 +++ [pid 5837] <... close resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5867 ./strace-static-x86_64: Process 5867 attached [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5867] set_robust_list(0x55555857c660, 24) = 0 [pid 5867] chdir("./3") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3 [pid 5858] <... open resumed>) = 5 [pid 5867] <... close resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5858] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5858] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5858] <... mmap resumed>) = 0x200000001000 [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ [pid 5862] <... close resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5862] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5867] <... write resumed>) = 2097152 [pid 5867] munmap(0x7f349a600000, 138412032 [pid 5841] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] <... munmap resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, [pid 5841] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(3, "", [pid 5862] <... open resumed>) = 5 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5862] truncate("./file1", 16784380 [pid 5841] newfstatat(3, "", [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5862] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 176 [pid 5862] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] getdents64(3, [pid 5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] <... openat resumed>) = 4 [pid 5862] <... mmap resumed>) = 0x200000001000 [pid 5862] exit_group(0) = ? [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] <... umount2 resumed>) = 0 [pid 5862] +++ exited with 0 +++ [pid 5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("\x2e\x2f\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] unlink("./2/binderfs") = 0 [pid 5838] <... openat resumed>) = 3 [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5838] newfstatat(3, "", [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(3, [pid 5841] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] rmdir("./2" [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... rmdir resumed>) = 0 [pid 5838] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] mkdir("./3", 0777 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", [pid 5840] <... mkdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] getdents64(4, [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5867] <... ioctl resumed>) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file1", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5841] close(4) = 0 [pid 5841] rmdir("./2/file1") = 0 [pid 5841] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = 0 [pid 5841] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] newfstatat(AT_FDCWD, "./2/file1", [pid 5841] unlink("./2/binderfs" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5839] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] close(3 [pid 5839] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5839] newfstatat(4, "", [pid 5838] <... umount2 resumed>) = 0 [pid 5841] rmdir("./2" [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5839] getdents64(4, [pid 5841] mkdir("./3", 0777 [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] close(4) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5839] rmdir("./2/file1" [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5839] <... rmdir resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5839] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] close(3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 86.949874][ T5867] loop0: detected capacity change from 0 to 4096 [ 86.972182][ T5867] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5839] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] unlink("./2/binderfs" [pid 5838] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... unlink resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./2/file1", [pid 5839] getdents64(3, [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3 [pid 5838] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] rmdir("./2") = 0 [pid 5839] mkdir("./3", 0777 [pid 5838] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... mkdir resumed>) = 0 [pid 5838] <... openat resumed>) = 4 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5838] newfstatat(4, "", [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5838] getdents64(4, [pid 5839] close(3 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./2/file1") = 0 [pid 5838] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./2/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./2") = 0 [pid 5838] mkdir("./3", 0777 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5868 attached ) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5867] <... mount resumed>) = 0 [pid 5838] close(3 [pid 5841] <... close resumed>) = 0 [pid 5868] set_robust_list(0x55555857c660, 24 [pid 5867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5868 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5867] chdir("./file1" [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5869 [pid 5868] chdir("./3" [pid 5867] <... chdir resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5869 attached [pid 5869] set_robust_list(0x55555857c660, 24) = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] open("./file1", O_RDONLY|O_DIRECT [pid 5868] <... prctl resumed>) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5867] <... open resumed>) = 4 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] chdir("./3" [pid 5868] <... openat resumed>) = 3 [pid 5869] <... chdir resumed>) = 0 executing program [pid 5868] write(3, "1000", 4 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] preadv2(4, [pid 5839] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5869] <... prctl resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... write resumed>) = 4 [pid 5868] close(3 [pid 5869] setpgid(0, 0 [pid 5868] <... close resumed>) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... setpgid resumed>) = 0 [pid 5867] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5868] <... symlink resumed>) = 0 [pid 5867] memfd_create("syzkaller", 0 [pid 5868] write(1, "executing program\n", 18 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... write resumed>) = 18 [pid 5867] <... memfd_create resumed>) = 5 [pid 5868] memfd_create("syzkaller", 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5869] <... openat resumed>) = 3 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5870 ./strace-static-x86_64: Process 5871 attached [pid 5869] write(3, "1000", 4 [pid 5868] <... memfd_create resumed>) = 3 [pid 5871] set_robust_list(0x55555857c660, 24 [pid 5869] <... write resumed>) = 4 [pid 5870] set_robust_list(0x55555857c660, 24 [pid 5869] close(3 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5871 [pid 5871] chdir("./3" [pid 5870] chdir("./3" [pid 5868] <... mmap resumed>) = 0x7f349a600000 [pid 5869] <... close resumed>) = 0 [pid 5870] <... chdir resumed>) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... chdir resumed>) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... symlink resumed>) = 0 [pid 5871] <... prctl resumed>) = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 5871] setpgid(0, 0 [pid 5870] setpgid(0, 0 [pid 5869] write(1, "executing program\n", 18 [pid 5870] <... setpgid resumed>) = 0 [pid 5871] <... setpgid resumed>) = 0 [pid 5869] <... write resumed>) = 18 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] memfd_create("syzkaller", 0 [pid 5871] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 3 [pid 5870] write(3, "1000", 4 [pid 5871] write(3, "1000", 4 [pid 5869] <... memfd_create resumed>) = 3 [pid 5870] <... write resumed>) = 4 [pid 5871] <... write resumed>) = 4 executing program [pid 5871] close(3 [pid 5870] close(3 [pid 5871] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] symlink("/dev/binderfs", "./binderfs" [pid 5870] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... mmap resumed>) = 0x7f349a600000 [pid 5871] <... symlink resumed>) = 0 [pid 5870] <... symlink resumed>) = 0 [pid 5871] write(1, "executing program\n", 18 [pid 5867] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... write resumed>) = 18 [pid 5870] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] memfd_create("syzkaller", 0 [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... memfd_create resumed>) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5867] <... write resumed>) = 2097152 [pid 5867] munmap(0x7f349a600000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... write resumed>) = 2097152 [pid 5867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5867] close(5 [pid 5868] munmap(0x7f349a600000, 138412032) = 0 [pid 5867] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5867] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5867] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5870] <... write resumed>) = 2097152 [pid 5867] <... openat resumed>) = 6 [pid 5867] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5870] munmap(0x7f349a600000, 138412032 [pid 5869] <... write resumed>) = 2097152 [pid 5867] <... mmap resumed>) = 0x200000001000 [pid 5867] exit_group(0) = ? [pid 5869] munmap(0x7f349a600000, 138412032 [pid 5867] +++ exited with 0 +++ [pid 5871] <... write resumed>) = 2097152 [pid 5870] <... munmap resumed>) = 0 [pid 5869] <... munmap resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5871] munmap(0x7f349a600000, 138412032 [ 87.192720][ T5868] loop3: detected capacity change from 0 to 4096 [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] close(3 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5871] <... munmap resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5869] <... openat resumed>) = 4 [pid 5868] <... close resumed>) = 0 [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5868] close(4 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... close resumed>) = 0 [pid 5837] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] mkdir("./file1", 0777 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... openat resumed>) = 4 [pid 5868] <... mkdir resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5868] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5837] <... openat resumed>) = 3 [pid 5871] <... ioctl resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5837] newfstatat(3, "", [pid 5871] close(3) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(4 [pid 5837] getdents64(3, [pid 5871] <... close resumed>) = 0 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5871] mkdir("./file1", 0777 [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5837] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] mkdir("./file1", 0777) = 0 [pid 5869] close(3 [pid 5871] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5869] <... close resumed>) = 0 [pid 5870] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5869] close(4) = 0 [pid 5869] mkdir("./file1", 0777) = 0 [ 87.235232][ T5870] loop2: detected capacity change from 0 to 4096 [ 87.243943][ T5871] loop1: detected capacity change from 0 to 4096 [ 87.244307][ T5868] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 87.260134][ T5869] loop4: detected capacity change from 0 to 4096 [ 87.271577][ T5871] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5869] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,") = 0 [pid 5869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./file1") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5837] <... umount2 resumed>) = 0 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] open("./file1", O_RDONLY|O_DIRECT [pid 5837] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] <... open resumed>) = 4 [pid 5837] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] preadv2(4, [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5837] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, [pid 5869] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5869] memfd_create("syzkaller", 0) = 5 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] getdents64(4, [pid 5868] <... mount resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5870] <... mount resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] chdir("./file1" [pid 5871] <... mount resumed>) = 0 [pid 5868] <... chdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5870] <... openat resumed>) = 3 [pid 5868] open("./file1", O_RDONLY|O_DIRECT [pid 5870] chdir("./file1" [pid 5868] <... open resumed>) = 4 [pid 5837] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [ 87.271616][ T5870] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 87.290541][ T5869] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5870] <... chdir resumed>) = 0 [pid 5868] preadv2(4, [pid 5837] close(4 [pid 5871] <... openat resumed>) = 3 [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5869] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] <... close resumed>) = 0 [pid 5871] chdir("./file1" [pid 5870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] rmdir("./3/file1") = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] open("./file1", O_RDONLY|O_DIRECT [pid 5870] open("./file1", O_RDONLY|O_DIRECT [pid 5837] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./3/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./3" [pid 5871] <... open resumed>) = 4 [pid 5870] <... open resumed>) = 4 [pid 5837] <... rmdir resumed>) = 0 [pid 5837] mkdir("./4", 0777 [pid 5871] preadv2(4, [pid 5837] <... mkdir resumed>) = 0 [pid 5871] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5870] preadv2(4, [pid 5871] memfd_create("syzkaller", 0 [pid 5870] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] <... memfd_create resumed>) = 5 [pid 5870] memfd_create("syzkaller", 0 [pid 5837] <... openat resumed>) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... memfd_create resumed>) = 5 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5871] <... mmap resumed>) = 0x7f349a600000 [pid 5837] <... ioctl resumed>) = 0 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] close(3 [pid 5870] <... mmap resumed>) = 0x7f349a600000 [pid 5868] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5868] memfd_create("syzkaller", 0) = 5 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... close resumed>) = 0 [pid 5868] <... mmap resumed>) = 0x7f349a600000 [pid 5869] <... write resumed>) = 2097152 [pid 5871] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5872 ./strace-static-x86_64: Process 5872 attached [pid 5869] munmap(0x7f349a600000, 138412032 [pid 5872] set_robust_list(0x55555857c660, 24) = 0 [pid 5872] chdir("./4") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... munmap resumed>) = 0 [pid 5872] setpgid(0, 0 [pid 5869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5872] <... setpgid resumed>) = 0 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] close(5 [pid 5872] <... openat resumed>) = 3 [pid 5871] <... write resumed>) = 2097152 [pid 5868] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... close resumed>) = 0 [pid 5872] <... symlink resumed>) = 0 [pid 5869] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5871] munmap(0x7f349a600000, 138412032) = 0 [pid 5870] <... write resumed>) = 2097152 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] <... open resumed>) = 5 [pid 5868] <... write resumed>) = 2097152 [pid 5869] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5869] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5869] exit_group(0) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] munmap(0x7f349a600000, 138412032 [pid 5871] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] munmap(0x7f349a600000, 138412032 [pid 5868] <... munmap resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] <... munmap resumed>) = 0 [pid 5871] close(5 [pid 5868] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", [pid 5868] close(5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5870] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] close(5 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... close resumed>) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./3/file1") = 0 [pid 5841] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5871] <... close resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] unlink("./3/binderfs" [pid 5868] <... close resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5868] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5870] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] rmdir("./3") = 0 [pid 5841] mkdir("./4", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... open resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5871] truncate("./file1", 16784380 [pid 5870] <... open resumed>) = 5 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5868] <... open resumed>) = 5 [pid 5870] truncate("./file1", 16784380 [pid 5871] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... ioctl resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5868] truncate("./file1", 16784380 [pid 5871] <... openat resumed>) = 6 [pid 5870] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] close(3 [pid 5871] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5871] <... mmap resumed>) = 0x200000001000 [pid 5870] <... openat resumed>) = 6 [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ [pid 5870] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5870] exit_group(0) = ? [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] +++ exited with 0 +++ [pid 5868] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5841] <... close resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... openat resumed>) = 3 [pid 5868] <... mmap resumed>) = 0x200000001000 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] newfstatat(3, "", [pid 5838] <... umount2 resumed>) = 0 [pid 5868] exit_group(0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... exit_group resumed>) = ? [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4 [pid 5872] <... write resumed>) = 2097152 [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./3/file1"./strace-static-x86_64: Process 5874 attached [pid 5872] munmap(0x7f349a600000, 138412032 [pid 5868] +++ exited with 0 +++ [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5874 [pid 5838] <... rmdir resumed>) = 0 [pid 5874] set_robust_list(0x55555857c660, 24 [pid 5872] <... munmap resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5874] <... set_robust_list resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] chdir("./4") = 0 [pid 5840] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... prctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] setpgid(0, 0 [pid 5840] <... openat resumed>) = 3 [pid 5838] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5874] <... setpgid resumed>) = 0 [pid 5840] newfstatat(3, "", [pid 5839] <... umount2 resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] unlink("./3/binderfs" [pid 5872] ioctl(4, LOOP_SET_FD, 3 [pid 5839] newfstatat(AT_FDCWD, "./3/file1", [pid 5838] <... unlink resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5839] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] rmdir("./3" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... rmdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] mkdir("./4", 0777 [pid 5874] <... openat resumed>) = 3 [pid 5838] <... mkdir resumed>) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./3/file1") = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] write(3, "1000", 4 [pid 5838] <... openat resumed>) = 3 [pid 5874] <... write resumed>) = 4 [pid 5839] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5839] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5838] <... close resumed>) = 0 [pid 5874] close(3 [pid 5872] <... ioctl resumed>) = 0 [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] close(3 [pid 5839] unlink("./3/binderfs" [pid 5872] <... close resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5872] close(4 [pid 5839] getdents64(3, [pid 5874] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] newfstatat(AT_FDCWD, "./3/file1", [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5872] mkdir("./file1", 0777 [pid 5839] close(3 [pid 5874] <... symlink resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... close resumed>) = 0 [pid 5872] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] rmdir("./3"executing program [pid 5874] write(1, "executing program\n", 18 [pid 5840] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... rmdir resumed>) = 0 [pid 5874] <... write resumed>) = 18 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] mkdir("./4", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] memfd_create("syzkaller", 0 [pid 5840] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5875 attached [pid 5874] <... memfd_create resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 5839] <... openat resumed>) = 3 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5875 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] newfstatat(4, "", [pid 5875] set_robust_list(0x55555857c660, 24 [pid 5874] <... mmap resumed>) = 0x7f349a600000 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] chdir("./4" [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5875] <... chdir resumed>) = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] rmdir("./3/file1" [pid 5875] setpgid(0, 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5875] <... setpgid resumed>) = 0 [pid 5840] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... openat resumed>) = 3 [pid 5840] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./3/binderfs" [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs" [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5875] <... symlink resumed>) = 0 [pid 5840] <... close resumed>) = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0 [pid 5840] rmdir("./3" [pid 5875] <... memfd_create resumed>) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] <... rmdir resumed>) = 0 [ 87.617971][ T5872] loop0: detected capacity change from 0 to 4096 [ 87.651381][ T5872] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5840] mkdir("./4", 0777) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5875] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] set_robust_list(0x55555857c660, 24 [pid 5874] <... write resumed>) = 2097152 [pid 5872] <... mount resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] munmap(0x7f349a600000, 138412032 [pid 5872] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5876] chdir("./4" [pid 5872] <... openat resumed>) = 3 [pid 5872] chdir("./file1") = 0 [pid 5874] <... munmap resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5876] <... chdir resumed>) = 0 [pid 5872] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] open("./file1", O_RDONLY|O_DIRECT [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5877 [pid 5876] <... prctl resumed>) = 0 [pid 5876] setpgid(0, 0 [pid 5874] <... openat resumed>) = 4 [pid 5872] <... open resumed>) = 4 executing program [pid 5876] <... setpgid resumed>) = 0 [pid 5874] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5877 attached [pid 5872] preadv2(4, [pid 5877] set_robust_list(0x55555857c660, 24) = 0 [pid 5877] chdir("./4") = 0 [pid 5872] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] memfd_create("syzkaller", 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... memfd_create resumed>) = 5 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5877] <... openat resumed>) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18) = 18 [pid 5877] memfd_create("syzkaller", 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5877] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5876] <... openat resumed>) = 3 [pid 5874] <... ioctl resumed>) = 0 [pid 5876] write(3, "1000", 4 [pid 5874] close(3 [pid 5876] <... write resumed>) = 4 [pid 5874] <... close resumed>) = 0 [pid 5876] close(3 [pid 5874] close(4 [pid 5876] <... close resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5874] mkdir("./file1", 0777 [pid 5876] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... mkdir resumed>) = 0 executing program [pid 5876] <... symlink resumed>) = 0 [pid 5874] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5875] <... write resumed>) = 2097152 [pid 5877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5875] munmap(0x7f349a600000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 87.777656][ T5874] loop4: detected capacity change from 0 to 4096 [ 87.800619][ T5874] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5874] <... mount resumed>) = 0 [pid 5875] ioctl(4, LOOP_SET_FD, 3 [pid 5874] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./file1") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5874] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5874] memfd_create("syzkaller", 0) = 5 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5872] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5877] <... write resumed>) = 2097152 [pid 5876] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5877] munmap(0x7f349a600000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5875] <... ioctl resumed>) = 0 [pid 5872] <... write resumed>) = 2097152 [pid 5875] close(3 [pid 5877] <... openat resumed>) = 4 [pid 5875] <... close resumed>) = 0 [pid 5875] close(4) = 0 [ 87.852250][ T5875] loop1: detected capacity change from 0 to 4096 [pid 5877] ioctl(4, LOOP_SET_FD, 3 [pid 5876] <... write resumed>) = 2097152 [pid 5875] mkdir("./file1", 0777 [pid 5874] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] munmap(0x7f349a600000, 138412032 [pid 5875] <... mkdir resumed>) = 0 [pid 5872] <... munmap resumed>) = 0 [pid 5875] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5876] munmap(0x7f349a600000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] <... openat resumed>) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5872] close(5 [pid 5877] <... ioctl resumed>) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file1", 0777) = 0 [ 87.901102][ T5875] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 87.913720][ T5877] loop3: detected capacity change from 0 to 4096 [ 87.925351][ T5876] loop2: detected capacity change from 0 to 4096 [pid 5877] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5876] <... ioctl resumed>) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5874] <... write resumed>) = 2097152 [pid 5872] <... close resumed>) = 0 [pid 5876] mkdir("./file1", 0777 [pid 5874] munmap(0x7f349a600000, 138412032) = 0 [pid 5876] <... mkdir resumed>) = 0 [pid 5872] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5876] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5874] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] close(5 [pid 5875] <... mount resumed>) = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file1") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5874] <... close resumed>) = 0 [pid 5872] <... open resumed>) = 5 [pid 5872] truncate("./file1", 16784380 [pid 5875] preadv2(4, [pid 5872] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5874] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5875] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5875] memfd_create("syzkaller", 0) = 5 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5872] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5872] exit_group(0) = ? [pid 5872] +++ exited with 0 +++ [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5874] <... open resumed>) = 5 [pid 5874] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5874] <... openat resumed>) = 6 [pid 5874] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5837] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... mmap resumed>) = 0x200000001000 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] exit_group(0 [pid 5837] <... openat resumed>) = 3 [pid 5874] <... exit_group resumed>) = ? [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 87.947432][ T5877] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 87.965867][ T5876] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5841] newfstatat(3, "", [pid 5877] <... mount resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file1") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5877] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5877] memfd_create("syzkaller", 0) = 5 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5876] <... mount resumed>) = 0 [pid 5877] <... mmap resumed>) = 0x7f349a600000 [pid 5876] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file1" [pid 5837] <... umount2 resumed>) = 0 [pid 5876] <... chdir resumed>) = 0 [pid 5837] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... umount2 resumed>) = 0 [pid 5837] newfstatat(AT_FDCWD, "./4/file1", [pid 5876] <... open resumed>) = 4 [pid 5876] preadv2(4, [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5876] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5876] memfd_create("syzkaller", 0 [pid 5837] <... openat resumed>) = 4 [pid 5876] <... memfd_create resumed>) = 5 [pid 5841] newfstatat(AT_FDCWD, "./4/file1", [pid 5837] newfstatat(4, "", [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5876] <... mmap resumed>) = 0x7f349a600000 [pid 5841] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] getdents64(4, [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] getdents64(4, [pid 5877] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5875] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... openat resumed>) = 4 [pid 5837] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5837] close(4 [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5837] rmdir("./4/file1" [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] <... rmdir resumed>) = 0 [pid 5875] <... write resumed>) = 2097152 [pid 5841] close(4 [pid 5837] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] <... write resumed>) = 2097152 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] munmap(0x7f349a600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 5837] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5876] <... write resumed>) = 2097152 [pid 5877] <... munmap resumed>) = 0 [pid 5875] munmap(0x7f349a600000, 138412032 [pid 5841] rmdir("./4/file1" [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5876] munmap(0x7f349a600000, 138412032 [pid 5875] <... munmap resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5837] unlink("./4/binderfs" [pid 5877] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5876] <... munmap resumed>) = 0 [pid 5837] <... unlink resumed>) = 0 [pid 5877] close(5 [pid 5841] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] getdents64(3, [pid 5876] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5875] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5875] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5837] close(3 [pid 5876] close(5 [pid 5875] close(5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] <... close resumed>) = 0 [pid 5841] unlink("./4/binderfs") = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./4") = 0 [pid 5841] mkdir("./5", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5837] rmdir("./4") = 0 [pid 5837] mkdir("./5", 0777 [pid 5876] <... close resumed>) = 0 [pid 5875] <... close resumed>) = 0 [pid 5837] <... mkdir resumed>) = 0 [pid 5877] <... close resumed>) = 0 [pid 5876] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5875] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5877] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5837] <... openat resumed>) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5837] close(3 [pid 5841] <... close resumed>) = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5837] <... close resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5878 [pid 5878] set_robust_list(0x55555857c660, 24) = 0 [pid 5878] chdir("./5") = 0 [pid 5876] <... open resumed>) = 5 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5877] <... open resumed>) = 5 [pid 5876] truncate("./file1", 16784380 [pid 5878] <... prctl resumed>) = 0 [pid 5877] truncate("./file1", 16784380 [pid 5878] setpgid(0, 0 [pid 5876] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5877] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5875] <... open resumed>) = 5 [pid 5877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5875] truncate("./file1", 16784380 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5877] <... openat resumed>) = 6 [pid 5876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5878] <... setpgid resumed>) = 0 [pid 5877] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5876] <... openat resumed>) = 6 [pid 5875] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5876] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000./strace-static-x86_64: Process 5879 attached [pid 5878] <... openat resumed>) = 3 [pid 5877] <... mmap resumed>) = 0x200000001000 [pid 5876] <... mmap resumed>) = 0x200000001000 [pid 5878] write(3, "1000", 4 [pid 5876] exit_group(0 [pid 5875] <... openat resumed>) = 6 [pid 5879] set_robust_list(0x55555857c660, 24 [pid 5878] <... write resumed>) = 4 [pid 5877] exit_group(0 [pid 5876] <... exit_group resumed>) = ? [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5878] close(3 [pid 5877] <... exit_group resumed>) = ? [pid 5875] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5878] <... close resumed>) = 0 [pid 5879] chdir("./5" [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5877] +++ exited with 0 +++ [pid 5875] <... mmap resumed>) = 0x200000001000 [pid 5879] <... chdir resumed>) = 0 [pid 5878] <... symlink resumed>) = 0 [pid 5876] +++ exited with 0 +++ [pid 5875] exit_group(0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- executing program [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] write(1, "executing program\n", 18 [pid 5875] <... exit_group resumed>) = ? [pid 5879] <... prctl resumed>) = 0 [pid 5878] <... write resumed>) = 18 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5879] setpgid(0, 0 [pid 5840] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... setpgid resumed>) = 0 [pid 5878] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5875] +++ exited with 0 +++ [pid 5840] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5879] write(3, "1000", 4 [pid 5840] newfstatat(3, "", [pid 5839] newfstatat(3, "", [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5879] <... write resumed>) = 4 [pid 5878] <... memfd_create resumed>) = 3 [pid 5879] close(3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5879] <... close resumed>) = 0 [pid 5878] <... mmap resumed>) = 0x7f349a600000 [pid 5840] getdents64(3, [pid 5839] getdents64(3, [pid 5838] <... restart_syscall resumed>) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5838] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... symlink resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 executing program [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] <... umount2 resumed>) = 0 [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] memfd_create("syzkaller", 0 [pid 5838] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5878] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] <... umount2 resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 4 [pid 5839] newfstatat(AT_FDCWD, "./4/file1", [pid 5838] newfstatat(4, "", [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(4, [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, [pid 5839] getdents64(4, [pid 5838] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./4/file1") = 0 [pid 5838] close(4 [pid 5839] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5838] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] rmdir("./4/file1" [pid 5839] unlink("./4/binderfs") = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./4") = 0 [pid 5839] mkdir("./5", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5838] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./4/binderfs") = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5838] getdents64(3, [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5878] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] newfstatat(AT_FDCWD, "./4/file1", [pid 5838] close(3) = 0 [pid 5838] rmdir("./4") = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... close resumed>) = 0 [pid 5840] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] mkdir("./5", 0777 [pid 5840] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5838] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5880 attached [pid 5879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] munmap(0x7f349a600000, 138412032 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5880 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] getdents64(4, [pid 5880] set_robust_list(0x55555857c660, 24 [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5880] chdir("./5") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] <... munmap resumed>) = 0 [pid 5840] getdents64(4, [pid 5838] <... openat resumed>) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs" [pid 5879] <... write resumed>) = 2097152 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5840] close(4 [pid 5838] <... ioctl resumed>) = 0 executing program [pid 5880] <... symlink resumed>) = 0 [pid 5879] munmap(0x7f349a600000, 138412032 [pid 5840] <... close resumed>) = 0 [pid 5838] close(3 [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] memfd_create("syzkaller", 0 [pid 5879] <... munmap resumed>) = 0 [pid 5878] <... openat resumed>) = 4 [pid 5840] rmdir("./4/file1" [pid 5880] <... memfd_create resumed>) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... close resumed>) = 0 [pid 5880] <... mmap resumed>) = 0x7f349a600000 [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5878] <... ioctl resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5881] set_robust_list(0x55555857c660, 24 [pid 5879] <... openat resumed>) = 4 [pid 5878] close(3 [pid 5840] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] <... set_robust_list resumed>) = 0 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5878] <... close resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5881 [pid 5881] chdir("./5" [pid 5878] close(4 [pid 5881] <... chdir resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] mkdir("./file1", 0777 [pid 5881] <... prctl resumed>) = 0 [pid 5878] <... mkdir resumed>) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5878] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... ioctl resumed>) = 0 [pid 5840] unlink("./4/binderfs" [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] close(3 [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, [pid 5879] <... close resumed>) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5879] close(4 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5879] <... close resumed>) = 0 [pid 5840] close(3executing program [pid 5881] write(3, "1000", 4 [pid 5879] mkdir("./file1", 0777 [pid 5840] <... close resumed>) = 0 [pid 5881] <... write resumed>) = 4 [pid 5881] close(3) = 0 [pid 5840] rmdir("./4" [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] <... mkdir resumed>) = 0 [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] memfd_create("syzkaller", 0 [ 88.336005][ T5878] loop4: detected capacity change from 0 to 4096 [ 88.346730][ T5879] loop0: detected capacity change from 0 to 4096 [ 88.363090][ T5878] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5879] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... rmdir resumed>) = 0 [pid 5881] <... memfd_create resumed>) = 3 [pid 5840] mkdir("./5", 0777 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5882 ./strace-static-x86_64: Process 5882 attached [ 88.381682][ T5879] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5882] set_robust_list(0x55555857c660, 24) = 0 [pid 5882] chdir("./5") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3 [pid 5880] <... write resumed>) = 2097152 [pid 5882] <... close resumed>) = 0 [pid 5878] <... mount resumed>) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5882] <... symlink resumed>) = 0 [pid 5878] <... openat resumed>) = 3 [pid 5878] chdir("./file1") = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] open("./file1", O_RDONLY|O_DIRECTexecuting program [pid 5882] write(1, "executing program\n", 18 [pid 5881] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] munmap(0x7f349a600000, 138412032 [pid 5882] <... write resumed>) = 18 [pid 5880] <... munmap resumed>) = 0 [pid 5878] <... open resumed>) = 4 [pid 5878] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5878] memfd_create("syzkaller", 0) = 5 [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5880] <... openat resumed>) = 4 [pid 5878] <... mmap resumed>) = 0x7f349a600000 [pid 5882] memfd_create("syzkaller", 0 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5882] <... memfd_create resumed>) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5879] <... mount resumed>) = 0 [pid 5879] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] <... write resumed>) = 2097152 [pid 5880] <... ioctl resumed>) = 0 [pid 5879] chdir("./file1") = 0 [pid 5881] munmap(0x7f349a600000, 138412032) = 0 [pid 5880] close(3 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5878] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5880] <... close resumed>) = 0 [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 88.465595][ T5880] loop2: detected capacity change from 0 to 4096 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5880] close(4 [pid 5879] open("./file1", O_RDONLY|O_DIRECT [pid 5882] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] <... close resumed>) = 0 [pid 5880] mkdir("./file1", 0777) = 0 [pid 5879] <... open resumed>) = 4 [pid 5879] preadv2(4, [pid 5880] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5881] <... ioctl resumed>) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file1", 0777) = 0 [pid 5881] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5879] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5879] memfd_create("syzkaller", 0) = 5 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5878] <... write resumed>) = 2097152 [pid 5878] munmap(0x7f349a600000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] close(5 [pid 5882] <... write resumed>) = 2097152 [pid 5882] munmap(0x7f349a600000, 138412032) = 0 [ 88.507452][ T5881] loop1: detected capacity change from 0 to 4096 [ 88.522964][ T5880] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 88.532074][ T5881] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5882] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3 [pid 5878] <... close resumed>) = 0 [pid 5878] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5879] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5881] <... mount resumed>) = 0 [pid 5881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file1") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] open("./file1", O_RDONLY|O_DIRECT [pid 5882] <... ioctl resumed>) = 0 [pid 5880] <... mount resumed>) = 0 [pid 5878] <... open resumed>) = 5 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] close(3 [pid 5881] <... open resumed>) = 4 [pid 5880] chdir("./file1" [pid 5879] <... write resumed>) = 2097152 [pid 5878] truncate("./file1", 16784380 [pid 5882] <... close resumed>) = 0 [pid 5880] <... chdir resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5879] munmap(0x7f349a600000, 138412032 [pid 5882] close(4) = 0 [pid 5881] preadv2(4, [pid 5878] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5882] mkdir("./file1", 0777) = 0 [pid 5879] <... munmap resumed>) = 0 [pid 5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5878] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5878] exit_group(0) = ? [pid 5882] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5881] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5880] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5878] +++ exited with 0 +++ [ 88.597133][ T5882] loop3: detected capacity change from 0 to 4096 [pid 5881] memfd_create("syzkaller", 0) = 5 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5880] open("./file1", O_RDONLY|O_DIRECT [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5879] close(5 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5880] <... open resumed>) = 4 [pid 5879] <... close resumed>) = 0 [pid 5880] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5880] memfd_create("syzkaller", 0 [pid 5841] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] <... memfd_create resumed>) = 5 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5841] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5881] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [ 88.650160][ T5882] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5882] <... mount resumed>) = 0 [pid 5879] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5879] <... open resumed>) = 5 [pid 5882] <... openat resumed>) = 3 [pid 5882] chdir("./file1" [pid 5880] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5879] truncate("./file1", 16784380 [pid 5841] <... umount2 resumed>) = 0 [pid 5882] <... chdir resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] open("./file1", O_RDONLY|O_DIRECT [pid 5879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... openat resumed>) = 6 [pid 5841] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] <... mmap resumed>) = 0x200000001000 [pid 5841] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] <... open resumed>) = 4 [pid 5882] preadv2(4, [pid 5879] exit_group(0 [pid 5841] <... openat resumed>) = 4 [pid 5879] <... exit_group resumed>) = ? [pid 5841] newfstatat(4, "", [pid 5881] <... write resumed>) = 2097152 [pid 5882] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5879] +++ exited with 0 +++ [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, [pid 5882] memfd_create("syzkaller", 0 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5882] <... memfd_create resumed>) = 5 [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] munmap(0x7f349a600000, 138412032 [pid 5841] getdents64(4, [pid 5881] <... munmap resumed>) = 0 [pid 5882] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5880] <... write resumed>) = 2097152 [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./5/file1") = 0 [pid 5841] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./5/binderfs" [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5880] munmap(0x7f349a600000, 138412032 [pid 5841] <... unlink resumed>) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./5") = 0 [pid 5841] mkdir("./6", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5837] <... umount2 resumed>) = 0 [pid 5881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5881] close(5 [pid 5880] <... munmap resumed>) = 0 [pid 5837] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./5/file1", [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] <... close resumed>) = 0 [pid 5837] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5880] close(5 [pid 5837] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5837] newfstatat(4, "", [pid 5841] <... close resumed>) = 0 [pid 5882] <... write resumed>) = 2097152 [pid 5882] munmap(0x7f349a600000, 138412032 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x55555857c650) = 5883 [pid 5883] set_robust_list(0x55555857c660, 24) = 0 [pid 5883] chdir("./6") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] <... munmap resumed>) = 0 [pid 5883] <... prctl resumed>) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] close(5 [pid 5883] write(3, "1000", 4 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] <... write resumed>) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] memfd_create("syzkaller", 0executing program ) = 3 [pid 5880] <... close resumed>) = 0 [pid 5837] getdents64(4, [pid 5881] <... open resumed>) = 5 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5881] truncate("./file1", 16784380 [pid 5883] <... mmap resumed>) = 0x7f349a600000 [pid 5881] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5881] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5881] exit_group(0) = ? [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5881] +++ exited with 0 +++ [pid 5880] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [ 88.816431][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 88.816449][ T30] audit: type=1804 audit(1750594914.445:57): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.SduaD7/5/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5837] close(4) = 0 [pid 5837] rmdir("./5/file1") = 0 [pid 5837] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./5/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./5") = 0 [pid 5837] mkdir("./6", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5837] close(3 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5838] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", [pid 5880] <... open resumed>) = 5 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5880] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5880] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5880] exit_group(0) = ? [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5882] <... open resumed>) = 5 [pid 5838] <... umount2 resumed>) = 0 [pid 5882] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5838] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5838] newfstatat(AT_FDCWD, "./5/file1", [pid 5882] <... mmap resumed>) = 0x200000001000 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] exit_group(0 [pid 5838] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... exit_group resumed>) = ? [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", [pid 5882] +++ exited with 0 +++ [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] <... close resumed>) = 0 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5838] getdents64(4, [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5838] rmdir("./5/file1") = 0 [pid 5838] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5840] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5838] unlink("./5/binderfs" [pid 5840] newfstatat(3, "", [pid 5838] <... unlink resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, [pid 5840] getdents64(3, [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] close(3 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... close resumed>) = 0 [pid 5838] rmdir("./5") = 0 [pid 5838] mkdir("./6", 0777) = 0 [ 88.863153][ T30] audit: type=1804 audit(1750594914.495:58): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.IxtiFh/5/file1/file1" dev="loop2" ino=30 res=1 errno=0 [ 88.892572][ T30] audit: type=1804 audit(1750594914.525:59): pid=5882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.s9h7xo/5/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5883] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5884 attached [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5884 [pid 5884] set_robust_list(0x55555857c660, 24 [pid 5883] munmap(0x7f349a600000, 138412032 [pid 5838] <... openat resumed>) = 3 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5884] chdir("./6" [pid 5883] <... munmap resumed>) = 0 [pid 5880] +++ exited with 0 +++ [pid 5840] <... umount2 resumed>) = 0 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5884] <... chdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... prctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] setpgid(0, 0 [pid 5840] <... openat resumed>) = 4 [pid 5884] <... setpgid resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./5/file1") = 0 [pid 5840] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./5/binderfs" [pid 5884] <... openat resumed>) = 3 [pid 5840] <... unlink resumed>) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5884] write(3, "1000", 4 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./5" [pid 5884] <... write resumed>) = 4 [pid 5883] <... openat resumed>) = 4 [pid 5840] <... rmdir resumed>) = 0 [pid 5884] close(3 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5840] mkdir("./6", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3) = 0 [pid 5884] <... close resumed>) = 0 [pid 5839] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... symlink resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program ) = 3 [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5884] memfd_create("syzkaller", 0 [pid 5839] newfstatat(3, "", [pid 5883] <... ioctl resumed>) = 0 [pid 5883] close(3 [pid 5884] <... memfd_create resumed>) = 3 [pid 5883] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x55555857c660, 24) = 0 [pid 5885] chdir("./6") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5883] close(4 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] getdents64(3, [pid 5884] <... mmap resumed>) = 0x7f349a600000 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] memfd_create("syzkaller", 0 [pid 5883] <... close resumed>) = 0 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] mkdir("./file1", 0777 [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5883] <... mkdir resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5886 [pid 5883] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta,"./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x55555857c660, 24) = 0 [ 88.980227][ T5883] loop4: detected capacity change from 0 to 4096 [pid 5886] chdir("./6") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18executing program ) = 18 [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5839] <... umount2 resumed>) = 0 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./5/file1", [pid 5885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./5/file1") = 0 [pid 5839] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./5/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./5") = 0 [pid 5839] mkdir("./6", 0777) = 0 [ 89.023231][ T5883] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5884] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] <... write resumed>) = 2097152 [pid 5839] <... close resumed>) = 0 [pid 5885] munmap(0x7f349a600000, 138412032) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5885] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5887 attached [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5887 [pid 5887] set_robust_list(0x55555857c660, 24) = 0 [pid 5887] chdir("./6") = 0 [pid 5886] <... write resumed>) = 2097152 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5884] <... write resumed>) = 2097152 [pid 5886] munmap(0x7f349a600000, 138412032) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5883] <... mount resumed>) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5887] <... openat resumed>) = 3 [pid 5887] write(3, "1000", 4 [pid 5884] munmap(0x7f349a600000, 138412032 [pid 5883] <... openat resumed>) = 3 [pid 5887] <... write resumed>) = 4 [pid 5883] chdir("./file1" [pid 5887] close(3 [pid 5886] <... openat resumed>) = 4 [pid 5883] <... chdir resumed>) = 0 [pid 5887] <... close resumed>) = 0 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5887] symlink("/dev/binderfs", "./binderfs" [pid 5884] <... munmap resumed>) = 0 [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5883] open("./file1", O_RDONLY|O_DIRECT [pid 5887] <... symlink resumed>) = 0 [pid 5887] write(1, "executing program\n", 18 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5887] <... write resumed>) = 18 [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3 [pid 5883] <... open resumed>) = 4 [pid 5885] <... close resumed>) = 0 [pid 5885] close(4) = 0 [pid 5887] memfd_create("syzkaller", 0 [pid 5885] mkdir("./file1", 0777 [pid 5884] <... openat resumed>) = 4 [pid 5883] preadv2(4, [pid 5885] <... mkdir resumed>) = 0 [ 89.117557][ T5885] loop1: detected capacity change from 0 to 4096 [ 89.133857][ T5886] loop3: detected capacity change from 0 to 4096 [pid 5885] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5887] <... memfd_create resumed>) = 3 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] <... ioctl resumed>) = 0 [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] mkdir("./file1", 0777) = 0 [pid 5886] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5883] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5887] <... mmap resumed>) = 0x7f349a600000 [pid 5883] memfd_create("syzkaller", 0 [pid 5884] <... ioctl resumed>) = 0 [pid 5883] <... memfd_create resumed>) = 5 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file1", 0777) = 0 [pid 5887] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 89.149063][ T30] audit: type=1800 audit(1750594914.775:60): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 89.152933][ T5885] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 89.182691][ T5884] loop0: detected capacity change from 0 to 4096 [ 89.191560][ T5886] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5884] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5887] <... write resumed>) = 2097152 [pid 5886] <... mount resumed>) = 0 [pid 5885] <... mount resumed>) = 0 [pid 5887] munmap(0x7f349a600000, 138412032 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5885] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5884] <... mount resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5886] <... openat resumed>) = 3 [pid 5885] <... openat resumed>) = 3 [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5886] chdir("./file1" [pid 5885] chdir("./file1" [pid 5884] <... openat resumed>) = 3 [pid 5886] <... chdir resumed>) = 0 [pid 5885] <... chdir resumed>) = 0 [pid 5884] chdir("./file1" [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5885] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 89.228946][ T5884] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] <... chdir resumed>) = 0 [pid 5886] open("./file1", O_RDONLY|O_DIRECT [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5886] <... open resumed>) = 4 [pid 5885] open("./file1", O_RDONLY|O_DIRECT [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5884] open("./file1", O_RDONLY|O_DIRECT [pid 5886] memfd_create("syzkaller", 0 [pid 5885] <... open resumed>) = 4 [pid 5886] <... memfd_create resumed>) = 5 [pid 5885] preadv2(4, [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5884] <... open resumed>) = 4 [pid 5886] <... mmap resumed>) = 0x7f349a600000 [pid 5883] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5884] preadv2(4, [pid 5885] memfd_create("syzkaller", 0 [pid 5884] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5885] <... memfd_create resumed>) = 5 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5887] <... openat resumed>) = 4 [pid 5884] memfd_create("syzkaller", 0) = 5 [ 89.292850][ T30] audit: type=1800 audit(1750594914.925:61): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop3" ino=30 res=0 errno=0 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5884] <... mmap resumed>) = 0x7f349a600000 [pid 5883] <... write resumed>) = 2097152 [pid 5887] <... ioctl resumed>) = 0 [pid 5886] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5885] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5887] close(3) = 0 [pid 5883] munmap(0x7f349a600000, 138412032 [pid 5887] close(4 [pid 5883] <... munmap resumed>) = 0 [pid 5887] <... close resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5887] mkdir("./file1", 0777 [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5887] <... mkdir resumed>) = 0 [pid 5883] close(5 [pid 5887] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 89.335907][ T5887] loop2: detected capacity change from 0 to 4096 [ 89.342395][ T30] audit: type=1800 audit(1750594914.925:62): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop1" ino=30 res=0 errno=0 [pid 5884] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5886] <... write resumed>) = 2097152 [pid 5883] <... close resumed>) = 0 [pid 5883] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5886] munmap(0x7f349a600000, 138412032 [pid 5885] <... write resumed>) = 2097152 [pid 5885] munmap(0x7f349a600000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] <... open resumed>) = 5 [pid 5885] close(5 [pid 5883] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5883] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5883] exit_group(0) = ? [pid 5884] <... write resumed>) = 2097152 [pid 5883] +++ exited with 0 +++ [pid 5884] munmap(0x7f349a600000, 138412032 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 89.399961][ T5887] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 89.426210][ T30] audit: type=1800 audit(1750594914.925:63): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5841] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5885] <... close resumed>) = 0 [pid 5885] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5886] <... munmap resumed>) = 0 [pid 5884] <... munmap resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] close(5) = 0 [pid 5885] <... open resumed>) = 5 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 89.486148][ T30] audit: type=1804 audit(1750594915.055:64): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.tq1PXa/6/file1/file1" dev="loop4" ino=30 res=1 errno=0 [ 89.510925][ T30] audit: type=1804 audit(1750594915.115:65): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.SduaD7/6/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5885] truncate("./file1", 16784380 [pid 5887] <... mount resumed>) = 0 [pid 5886] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5885] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... umount2 resumed>) = 0 [pid 5887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5884] close(5 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] <... openat resumed>) = 3 [pid 5885] <... openat resumed>) = 6 [pid 5884] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] chdir("./file1" [pid 5885] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5884] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] newfstatat(AT_FDCWD, "./6/file1", [pid 5887] <... chdir resumed>) = 0 [pid 5885] <... mmap resumed>) = 0x200000001000 [pid 5884] <... open resumed>) = 5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5885] exit_group(0 [pid 5884] truncate("./file1", 16784380 [pid 5841] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... exit_group resumed>) = ? [pid 5884] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] open("./file1", O_RDONLY|O_DIRECT [pid 5885] +++ exited with 0 +++ [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5887] <... open resumed>) = 4 [pid 5884] <... openat resumed>) = 6 [pid 5841] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=8 /* 0.08 s */} --- [pid 5887] preadv2(4, [pid 5884] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... openat resumed>) = 4 [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5887] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5884] <... mmap resumed>) = 0x200000001000 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5887] memfd_create("syzkaller", 0 [pid 5884] exit_group(0 [ 89.573902][ T30] audit: type=1804 audit(1750594915.205:66): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.s9h7xo/6/file1/file1" dev="loop3" ino=30 res=1 errno=0 [pid 5841] newfstatat(4, "", [pid 5887] <... memfd_create resumed>) = 5 [pid 5884] <... exit_group resumed>) = ? [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] +++ exited with 0 +++ [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] <... open resumed>) = 5 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] <... mmap resumed>) = 0x7f349a600000 [pid 5886] truncate("./file1", 16784380 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5886] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5886] <... openat resumed>) = 6 [pid 5886] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5837] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] exit_group(0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... exit_group resumed>) = ? [pid 5837] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5886] +++ exited with 0 +++ [pid 5838] <... openat resumed>) = 3 [pid 5837] <... openat resumed>) = 3 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5838] newfstatat(3, "", [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5837] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... openat resumed>) = 4 [pid 5838] getdents64(3, [pid 5837] newfstatat(4, "", [pid 5840] <... restart_syscall resumed>) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, [pid 5840] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] close(4) = 0 [pid 5837] rmdir("./6/file1" [pid 5841] getdents64(4, [pid 5840] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... umount2 resumed>) = 0 [pid 5837] <... rmdir resumed>) = 0 [pid 5838] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./6/file1", [pid 5840] <... openat resumed>) = 3 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] newfstatat(3, "", [pid 5838] <... openat resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] newfstatat(4, "", [pid 5841] getdents64(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] getdents64(3, [pid 5838] getdents64(4, [pid 5841] close(4 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... close resumed>) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./6/file1") = 0 [pid 5838] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./6/binderfs" [pid 5841] rmdir("./6/file1" [pid 5838] <... unlink resumed>) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./6") = 0 [pid 5838] mkdir("./7", 0777 [pid 5837] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... mkdir resumed>) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5838] <... openat resumed>) = 3 [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5837] unlink("./6/binderfs" [pid 5838] <... ioctl resumed>) = 0 [pid 5837] <... unlink resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5838] close(3 [pid 5841] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./6/file1", [pid 5841] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] getdents64(3, [pid 5841] unlink("./6/binderfs" [pid 5840] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5837] close(3 [pid 5841] getdents64(3, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... close resumed>) = 0 [pid 5837] rmdir("./6") = 0 [pid 5837] mkdir("./7", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5838] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = 4 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5841] close(3 [pid 5837] <... ioctl resumed>) = 0 [pid 5837] close(3 [pid 5840] newfstatat(4, "", [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./6" [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5841] <... rmdir resumed>) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] mkdir("./7", 0777 [pid 5888] set_robust_list(0x55555857c660, 24) = 0 [pid 5888] chdir("./7" [pid 5841] <... mkdir resumed>) = 0 [pid 5840] getdents64(4, [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5888] <... chdir resumed>) = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0executing program [pid 5841] <... openat resumed>) = 3 [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5888] <... setpgid resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5840] close(4 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5888] <... openat resumed>) = 3 [pid 5841] close(3 [pid 5840] rmdir("./6/file1" [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] write(1, "executing program\n", 18) = 18 [pid 5888] memfd_create("syzkaller", 0 [pid 5841] <... close resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5840] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5888] <... memfd_create resumed>) = 3 [pid 5840] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./6/binderfs"./strace-static-x86_64: Process 5889 attached [pid 5887] <... write resumed>) = 2097152 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] <... unlink resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5889 [pid 5840] getdents64(3, [pid 5889] set_robust_list(0x55555857c660, 24) = 0 [pid 5889] chdir("./7" [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5889] <... chdir resumed>) = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program ./strace-static-x86_64: Process 5890 attached [pid 5889] setpgid(0, 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5890 [pid 5840] close(3 [pid 5889] <... setpgid resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] rmdir("./6" [pid 5890] set_robust_list(0x55555857c660, 24 [pid 5889] <... openat resumed>) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5889] close(3) = 0 [pid 5890] chdir("./7" [pid 5840] mkdir("./7", 0777 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] write(1, "executing program\n", 18 [pid 5840] <... mkdir resumed>) = 0 [pid 5890] <... chdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5889] <... write resumed>) = 18 [pid 5889] memfd_create("syzkaller", 0 [pid 5840] <... openat resumed>) = 3 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5890] <... prctl resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5840] close(3 [pid 5890] setpgid(0, 0) = 0 [pid 5889] <... memfd_create resumed>) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5887] munmap(0x7f349a600000, 138412032 [pid 5890] write(3, "1000", 4 [pid 5840] <... close resumed>) = 0 [pid 5890] <... write resumed>) = 4 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5890] close(3 [pid 5887] <... munmap resumed>) = 0 [pid 5890] <... close resumed>) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5891 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5890] <... symlink resumed>) = 0 [pid 5887] close(5./strace-static-x86_64: Process 5891 attached [pid 5889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] set_robust_list(0x55555857c660, 24) = 0 [pid 5891] chdir("./7") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(1, "executing program\n", 18 [pid 5887] <... close resumed>) = 0 executing program executing program [pid 5890] <... write resumed>) = 18 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] memfd_create("syzkaller", 0 [pid 5891] <... memfd_create resumed>) = 3 [pid 5890] <... memfd_create resumed>) = 3 [pid 5888] <... write resumed>) = 2097152 [pid 5887] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5888] munmap(0x7f349a600000, 138412032) = 0 [pid 5889] <... write resumed>) = 2097152 [pid 5887] <... open resumed>) = 5 [pid 5888] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5887] truncate("./file1", 16784380 [pid 5888] <... openat resumed>) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3 [pid 5887] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5890] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5889] munmap(0x7f349a600000, 138412032 [pid 5887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5887] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5889] <... munmap resumed>) = 0 [pid 5887] <... mmap resumed>) = 0x200000001000 [pid 5887] exit_group(0) = ? [pid 5888] <... ioctl resumed>) = 0 [ 89.814671][ T5888] loop1: detected capacity change from 0 to 4096 [ 89.849814][ T5888] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 89.857177][ T5889] loop0: detected capacity change from 0 to 4096 [pid 5891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5890] <... write resumed>) = 2097152 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5887] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5889] <... openat resumed>) = 4 [pid 5839] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] close(3 [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5888] <... close resumed>) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file1", 0777) = 0 [pid 5888] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5890] munmap(0x7f349a600000, 138412032 [pid 5891] <... write resumed>) = 2097152 [pid 5890] <... munmap resumed>) = 0 [pid 5889] <... ioctl resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5891] munmap(0x7f349a600000, 138412032 [pid 5890] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5889] close(3 [pid 5890] <... openat resumed>) = 4 [pid 5889] <... close resumed>) = 0 [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", [pid 5890] ioctl(4, LOOP_SET_FD, 3 [pid 5889] close(4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./6/file1") = 0 [pid 5839] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5891] <... munmap resumed>) = 0 [pid 5890] <... ioctl resumed>) = 0 [pid 5889] <... close resumed>) = 0 [pid 5889] mkdir("./file1", 0777) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5889] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] unlink("./6/binderfs" [pid 5890] close(3 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./6") = 0 [pid 5839] mkdir("./7", 0777) = 0 [pid 5891] <... openat resumed>) = 4 [pid 5890] <... close resumed>) = 0 [pid 5891] ioctl(4, LOOP_SET_FD, 3 [pid 5890] close(4 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5888] <... mount resumed>) = 0 [pid 5890] <... close resumed>) = 0 [pid 5890] mkdir("./file1", 0777 [pid 5888] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5890] <... mkdir resumed>) = 0 [pid 5888] <... openat resumed>) = 3 [pid 5888] chdir("./file1" [pid 5890] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5888] <... chdir resumed>) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 89.879056][ T5890] loop4: detected capacity change from 0 to 4096 [ 89.899111][ T5889] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 89.910425][ T5891] loop3: detected capacity change from 0 to 4096 [pid 5891] <... ioctl resumed>) = 0 [pid 5888] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5888] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5888] memfd_create("syzkaller", 0) = 5 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5891] close(3 [pid 5839] <... close resumed>) = 0 [pid 5891] <... close resumed>) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file1", 0777) = 0 [pid 5891] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5892 ./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x55555857c660, 24) = 0 [pid 5892] chdir("./7") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] write(1, "executing program\n", 18executing program ) = 18 [pid 5892] memfd_create("syzkaller", 0) = 3 [ 89.930911][ T5890] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 89.960935][ T5891] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5888] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5890] <... mount resumed>) = 0 [pid 5889] <... mount resumed>) = 0 [pid 5889] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5890] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5889] <... openat resumed>) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5890] <... openat resumed>) = 3 [pid 5889] chdir("./file1" [pid 5890] chdir("./file1") = 0 [pid 5889] <... chdir resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5890] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5890] open("./file1", O_RDONLY|O_DIRECT [pid 5889] open("./file1", O_RDONLY|O_DIRECT [pid 5890] <... open resumed>) = 4 [pid 5890] preadv2(4, [pid 5889] <... open resumed>) = 4 [pid 5890] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] preadv2(4, [pid 5890] <... memfd_create resumed>) = 5 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5890] <... mmap resumed>) = 0x7f349a600000 [pid 5889] memfd_create("syzkaller", 0) = 5 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5888] <... write resumed>) = 2097152 [pid 5892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] <... mount resumed>) = 0 [pid 5888] munmap(0x7f349a600000, 138412032 [pid 5891] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file1") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] open("./file1", O_RDONLY|O_DIRECT [pid 5888] <... munmap resumed>) = 0 [pid 5891] <... open resumed>) = 4 [pid 5890] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] preadv2(4, [pid 5888] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5888] close(5 [pid 5891] memfd_create("syzkaller", 0 [pid 5888] <... close resumed>) = 0 [pid 5892] <... write resumed>) = 2097152 [pid 5889] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] <... memfd_create resumed>) = 5 [pid 5890] <... write resumed>) = 2097152 [pid 5888] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5890] munmap(0x7f349a600000, 138412032 [pid 5892] munmap(0x7f349a600000, 138412032) = 0 [pid 5890] <... munmap resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5890] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5890] close(5 [pid 5888] <... open resumed>) = 5 [pid 5888] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5888] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5888] exit_group(0) = ? [pid 5890] <... close resumed>) = 0 [pid 5888] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5890] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5889] <... write resumed>) = 2097152 [pid 5892] <... ioctl resumed>) = 0 [pid 5891] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5890] <... open resumed>) = 5 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5890] truncate("./file1", 16784380 [pid 5892] close(3 [pid 5890] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5892] <... close resumed>) = 0 [pid 5890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5889] munmap(0x7f349a600000, 138412032 [pid 5838] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... openat resumed>) = 6 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5838] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5890] <... mmap resumed>) = 0x200000001000 [pid 5838] <... openat resumed>) = 3 [pid 5892] close(4 [pid 5890] exit_group(0 [pid 5838] newfstatat(3, "", [pid 5892] <... close resumed>) = 0 [pid 5890] <... exit_group resumed>) = ? [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] mkdir("./file1", 0777) = 0 [pid 5890] +++ exited with 0 +++ [pid 5889] <... munmap resumed>) = 0 [pid 5838] getdents64(3, [pid 5892] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [ 90.123645][ T5892] loop2: detected capacity change from 0 to 4096 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5891] <... write resumed>) = 2097152 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... umount2 resumed>) = 0 [pid 5889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] close(5 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = 0 [pid 5892] <... mount resumed>) = 0 [pid 5891] munmap(0x7f349a600000, 138412032 [pid 5889] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./7/file1", [pid 5838] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./7/file1", [pid 5841] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5891] <... munmap resumed>) = 0 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5889] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./7/file1") = 0 [pid 5838] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./7/binderfs") = 0 [pid 5838] getdents64(3, [pid 5841] <... openat resumed>) = 4 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] newfstatat(4, "", [pid 5838] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... close resumed>) = 0 [pid 5841] getdents64(4, [pid 5838] rmdir("./7" [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... rmdir resumed>) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5838] mkdir("./8", 0777 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./7/file1") = 0 [pid 5838] <... mkdir resumed>) = 0 [ 90.166681][ T5892] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5841] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... openat resumed>) = 3 [pid 5892] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5892] <... openat resumed>) = 3 [pid 5891] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5889] <... open resumed>) = 5 [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5892] chdir("./file1" [pid 5891] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5889] truncate("./file1", 16784380 [pid 5841] unlink("./7/binderfs" [pid 5838] close(3 [pid 5892] <... chdir resumed>) = 0 [pid 5891] close(5 [pid 5889] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... unlink resumed>) = 0 [pid 5889] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5889] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] getdents64(3, [pid 5892] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./7") = 0 [pid 5841] mkdir("./8", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5889] exit_group(0) = ? [pid 5838] <... close resumed>) = 0 [pid 5892] <... open resumed>) = 4 [pid 5891] <... close resumed>) = 0 [pid 5889] +++ exited with 0 +++ [pid 5841] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x55555857c650) = 5893 [pid 5893] set_robust_list(0x55555857c660, 24) = 0 [pid 5893] chdir("./8") = 0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5893] setpgid(0, 0 [pid 5892] preadv2(4, ./strace-static-x86_64: Process 5894 attached [pid 5893] <... setpgid resumed>) = 0 [pid 5892] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5891] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5892] memfd_create("syzkaller", 0 [pid 5894] set_robust_list(0x55555857c660, 24 [pid 5893] <... openat resumed>) = 3 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5892] <... memfd_create resumed>) = 5 [pid 5891] <... open resumed>) = 5 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] truncate("./file1", 16784380 [pid 5893] write(3, "1000", 4) = 4 [pid 5894] chdir("./8" [pid 5893] close(3 [pid 5891] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5894 [pid 5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5893] <... close resumed>) = 0 [pid 5892] <... mmap resumed>) = 0x7f349a600000 [pid 5891] <... openat resumed>) = 6 [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5891] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5893] <... symlink resumed>) = 0 [pid 5894] <... chdir resumed>) = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5891] <... mmap resumed>) = 0x200000001000 [pid 5894] <... prctl resumed>) = 0 [pid 5891] exit_group(0 [pid 5894] setpgid(0, 0 [pid 5893] write(1, "executing program\n", 18 [pid 5891] <... exit_group resumed>) = ? [pid 5894] <... setpgid resumed>) = 0 executing program [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] <... write resumed>) = 18 [pid 5894] <... openat resumed>) = 3 [pid 5893] memfd_create("syzkaller", 0 [pid 5891] +++ exited with 0 +++ [pid 5894] write(3, "1000", 4) = 4 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5894] close(3 [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5894] <... close resumed>) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] write(1, "executing program\n", 18executing program ) = 18 [pid 5893] <... memfd_create resumed>) = 3 [pid 5837] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5894] memfd_create("syzkaller", 0 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5894] <... memfd_create resumed>) = 3 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] <... openat resumed>) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... umount2 resumed>) = 0 [pid 5837] getdents64(3, [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] newfstatat(AT_FDCWD, "./7/file1", [pid 5837] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./7/file1") = 0 [pid 5840] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./7/binderfs") = 0 [pid 5840] getdents64(3, [pid 5837] <... umount2 resumed>) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./7") = 0 [pid 5837] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] mkdir("./8", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5893] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5837] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5892] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... ioctl resumed>) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(3 [pid 5894] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5837] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] <... close resumed>) = 0 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] <... write resumed>) = 2097152 [pid 5892] <... write resumed>) = 2097152 [pid 5837] close(4 [pid 5892] munmap(0x7f349a600000, 138412032 [pid 5837] <... close resumed>) = 0 [pid 5893] munmap(0x7f349a600000, 138412032./strace-static-x86_64: Process 5895 attached [pid 5892] <... munmap resumed>) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5895 [pid 5837] rmdir("./7/file1" [pid 5895] set_robust_list(0x55555857c660, 24 [pid 5837] <... rmdir resumed>) = 0 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... write resumed>) = 2097152 [pid 5893] <... munmap resumed>) = 0 [pid 5837] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] chdir("./8" [pid 5894] munmap(0x7f349a600000, 138412032 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5895] <... chdir resumed>) = 0 [pid 5893] <... openat resumed>) = 4 [pid 5837] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./7/binderfs" [pid 5895] <... prctl resumed>) = 0 [pid 5895] setpgid(0, 0 [pid 5837] <... unlink resumed>) = 0 [pid 5895] <... setpgid resumed>) = 0 [pid 5837] getdents64(3, [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5895] <... openat resumed>) = 3 [pid 5837] close(3) = 0 [pid 5895] write(3, "1000", 4 [pid 5893] <... ioctl resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5837] rmdir("./7" [pid 5895] <... write resumed>) = 4 [pid 5893] close(3 [pid 5837] <... rmdir resumed>) = 0 [pid 5895] close(3 [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] <... close resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5837] mkdir("./8", 0777 [pid 5895] symlink("/dev/binderfs", "./binderfs" [pid 5894] <... munmap resumed>) = 0 [pid 5892] close(5 [pid 5893] close(4 [pid 5837] <... mkdir resumed>) = 0 [pid 5895] <... symlink resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5893] mkdir("./file1", 0777) = 0 [pid 5893] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," executing program [pid 5895] write(1, "executing program\n", 18 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5895] <... write resumed>) = 18 [pid 5895] memfd_create("syzkaller", 0 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5892] <... close resumed>) = 0 [pid 5837] <... openat resumed>) = 3 [pid 5895] <... memfd_create resumed>) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5894] <... openat resumed>) = 4 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5894] ioctl(4, LOOP_SET_FD, 3 [pid 5837] <... ioctl resumed>) = 0 [pid 5837] close(3 [pid 5894] <... ioctl resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5895] <... mmap resumed>) = 0x7f349a600000 [pid 5892] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5892] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5892] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5894] close(3 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5894] <... close resumed>) = 0 ./strace-static-x86_64: Process 5896 attached [pid 5894] close(4 [pid 5892] exit_group(0 [pid 5896] set_robust_list(0x55555857c660, 24 [pid 5894] <... close resumed>) = 0 [pid 5892] <... exit_group resumed>) = ? [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5896 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5896] chdir("./8" [pid 5894] mkdir("./file1", 0777 [pid 5896] <... chdir resumed>) = 0 [pid 5894] <... mkdir resumed>) = 0 [ 90.399135][ T5893] loop1: detected capacity change from 0 to 4096 [ 90.419928][ T5893] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 90.430117][ T5894] loop4: detected capacity change from 0 to 4096 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5894] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5896] <... prctl resumed>) = 0 [pid 5896] setpgid(0, 0 [pid 5892] +++ exited with 0 +++ [pid 5896] <... setpgid resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5896] <... write resumed>) = 4 [pid 5839] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs" [pid 5893] <... mount resumed>) = 0 [pid 5896] <... symlink resumed>) = 0 [pid 5895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] <... umount2 resumed>) = 0 executing program [pid 5896] write(1, "executing program\n", 18) = 18 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] getdents64(4, [pid 5896] memfd_create("syzkaller", 0) = 3 [pid 5893] <... openat resumed>) = 3 [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5893] chdir("./file1" [pid 5839] getdents64(4, [pid 5893] <... chdir resumed>) = 0 [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] close(4 [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 5893] open("./file1", O_RDONLY|O_DIRECT [pid 5839] rmdir("./7/file1" [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./7/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./7") = 0 [pid 5839] mkdir("./8", 0777 [pid 5893] <... open resumed>) = 4 [pid 5839] <... mkdir resumed>) = 0 [ 90.471095][ T5894] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5893] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5893] memfd_create("syzkaller", 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5893] <... memfd_create resumed>) = 5 [pid 5839] <... openat resumed>) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5893] <... mmap resumed>) = 0x7f349a600000 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5894] <... mount resumed>) = 0 [pid 5894] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] <... write resumed>) = 2097152 [pid 5894] chdir("./file1" [pid 5896] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] munmap(0x7f349a600000, 138412032 [pid 5894] <... chdir resumed>) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5895] <... munmap resumed>) = 0 [pid 5894] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5894] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5895] <... openat resumed>) = 4 [pid 5894] preadv2(4, [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5894] memfd_create("syzkaller", 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5897 ./strace-static-x86_64: Process 5897 attached [pid 5895] <... ioctl resumed>) = 0 [pid 5894] <... memfd_create resumed>) = 5 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] set_robust_list(0x55555857c660, 24 [pid 5894] <... mmap resumed>) = 0x7f349a600000 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5897] chdir("./8") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5897] setpgid(0, 0 [pid 5895] close(3 [pid 5897] <... setpgid resumed>) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5895] <... close resumed>) = 0 [pid 5895] close(4) = 0 [pid 5897] <... openat resumed>) = 3 [pid 5895] mkdir("./file1", 0777 [pid 5897] write(3, "1000", 4 [pid 5895] <... mkdir resumed>) = 0 [pid 5897] <... write resumed>) = 4 [pid 5896] <... write resumed>) = 2097152 [ 90.580401][ T5895] loop3: detected capacity change from 0 to 4096 [pid 5897] close(3 [pid 5896] munmap(0x7f349a600000, 138412032 [pid 5897] <... close resumed>) = 0 [pid 5895] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5897] symlink("/dev/binderfs", "./binderfs" [pid 5896] <... munmap resumed>) = 0 [pid 5897] <... symlink resumed>) = 0 [pid 5897] write(1, "executing program\n", 18executing program ) = 18 [pid 5897] memfd_create("syzkaller", 0 [pid 5894] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5897] <... memfd_create resumed>) = 3 [pid 5896] <... openat resumed>) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5893] <... write resumed>) = 2097152 [pid 5893] munmap(0x7f349a600000, 138412032) = 0 [pid 5896] <... ioctl resumed>) = 0 [pid 5894] <... write resumed>) = 2097152 [pid 5893] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] close(3 [pid 5894] munmap(0x7f349a600000, 138412032 [pid 5896] <... close resumed>) = 0 [pid 5894] <... munmap resumed>) = 0 [pid 5893] close(5 [pid 5897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5896] close(4) = 0 [pid 5896] mkdir("./file1", 0777) = 0 [ 90.625349][ T5895] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 90.645851][ T5896] loop0: detected capacity change from 0 to 4096 [pid 5896] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5895] <... mount resumed>) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5894] close(5 [pid 5895] <... openat resumed>) = 3 [pid 5895] chdir("./file1" [pid 5893] <... close resumed>) = 0 [pid 5893] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5895] <... chdir resumed>) = 0 [pid 5894] <... close resumed>) = 0 [pid 5893] <... open resumed>) = 5 [pid 5897] <... write resumed>) = 2097152 [pid 5895] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] open("./file1", O_RDONLY|O_DIRECT [pid 5893] truncate("./file1", 16784380 [pid 5897] munmap(0x7f349a600000, 138412032 [pid 5895] <... open resumed>) = 4 [pid 5893] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5895] preadv2(4, [pid 5893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5893] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5895] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5893] <... mmap resumed>) = 0x200000001000 [pid 5894] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5895] memfd_create("syzkaller", 0) = 5 [pid 5893] exit_group(0 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5893] <... exit_group resumed>) = ? [pid 5895] <... mmap resumed>) = 0x7f349a600000 [pid 5894] <... open resumed>) = 5 [pid 5894] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5894] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5893] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=6 /* 0.06 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5897] <... munmap resumed>) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... restart_syscall resumed>) = 0 [pid 5897] <... openat resumed>) = 4 [ 90.691955][ T5896] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5897] ioctl(4, LOOP_SET_FD, 3 [pid 5894] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5838] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... mount resumed>) = 0 [pid 5896] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5896] chdir("./file1") = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] open("./file1", O_RDONLY|O_DIRECT [pid 5894] <... mmap resumed>) = 0x200000001000 [pid 5894] exit_group(0 [pid 5896] <... open resumed>) = 4 [pid 5896] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5894] <... exit_group resumed>) = ? [pid 5896] memfd_create("syzkaller", 0) = 5 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5894] +++ exited with 0 +++ [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5841] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... ioctl resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file1", 0777) = 0 [pid 5895] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... umount2 resumed>) = 0 [pid 5838] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./8/file1", [pid 5838] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5838] <... openat resumed>) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./8/file1") = 0 [pid 5838] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./8/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./8") = 0 [pid 5838] mkdir("./9", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [ 90.737588][ T5897] loop2: detected capacity change from 0 to 4096 [pid 5838] close(3 [pid 5841] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5895] <... write resumed>) = 2097152 [pid 5841] <... openat resumed>) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5895] munmap(0x7f349a600000, 138412032 [pid 5841] close(4) = 0 [pid 5838] <... close resumed>) = 0 [pid 5896] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5895] <... munmap resumed>) = 0 [pid 5841] rmdir("./8/file1" [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... rmdir resumed>) = 0 [pid 5841] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5895] close(5 [pid 5841] unlink("./8/binderfs") = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5898 [pid 5841] getdents64(3, ./strace-static-x86_64: Process 5898 attached 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5898] set_robust_list(0x55555857c660, 24) = 0 [pid 5898] chdir("./9") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0 [pid 5841] close(3 [pid 5898] <... setpgid resumed>) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] <... close resumed>) = 0 [ 90.784702][ T5897] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5898] <... openat resumed>) = 3 [pid 5841] rmdir("./8") = 0 [pid 5898] write(3, "1000", 4) = 4 [pid 5841] mkdir("./9", 0777 [pid 5898] close(3 [pid 5895] <... close resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5898] <... close resumed>) = 0 [pid 5895] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] <... open resumed>) = 5 [pid 5841] <... openat resumed>) = 3 executing program [pid 5898] write(1, "executing program\n", 18 [pid 5895] truncate("./file1", 16784380 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5898] <... write resumed>) = 18 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5841] <... ioctl resumed>) = 0 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] close(3 [pid 5898] <... mmap resumed>) = 0x7f349a600000 [pid 5897] <... mount resumed>) = 0 [pid 5896] <... write resumed>) = 2097152 [pid 5895] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file1") = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5896] munmap(0x7f349a600000, 138412032 [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] <... openat resumed>) = 6 [pid 5897] open("./file1", O_RDONLY|O_DIRECT [pid 5896] <... munmap resumed>) = 0 [pid 5897] <... open resumed>) = 4 [pid 5895] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5841] <... close resumed>) = 0 [pid 5895] <... mmap resumed>) = 0x200000001000 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] close(5 [pid 5897] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5897] memfd_create("syzkaller", 0 [pid 5895] exit_group(0 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5897] <... memfd_create resumed>) = 5 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5895] <... exit_group resumed>) = ? [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5899 ./strace-static-x86_64: Process 5899 attached [pid 5899] set_robust_list(0x55555857c660, 24) = 0 [pid 5899] chdir("./9") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0 [pid 5895] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5899] <... setpgid resumed>) = 0 [pid 5898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] memfd_create("syzkaller", 0 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5896] <... close resumed>) = 0 [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... memfd_create resumed>) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5898] <... write resumed>) = 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 5896] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] munmap(0x7f349a600000, 138412032 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] <... munmap resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5896] <... open resumed>) = 5 [pid 5898] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5896] truncate("./file1", 16784380 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... openat resumed>) = 4 [pid 5896] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] newfstatat(4, "", [pid 5896] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5896] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5896] exit_group(0) = ? [pid 5896] +++ exited with 0 +++ [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5840] getdents64(4, [pid 5897] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5840] getdents64(4, [pid 5837] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(4) = 0 [pid 5837] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] <... ioctl resumed>) = 0 [pid 5897] <... write resumed>) = 2097152 [pid 5840] rmdir("./8/file1" [pid 5837] <... openat resumed>) = 3 [pid 5840] <... rmdir resumed>) = 0 [pid 5837] newfstatat(3, "", [pid 5840] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] getdents64(3, [pid 5840] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5898] close(3 [pid 5897] munmap(0x7f349a600000, 138412032 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./8/binderfs" [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5898] <... close resumed>) = 0 [pid 5897] <... munmap resumed>) = 0 [pid 5840] <... unlink resumed>) = 0 [pid 5837] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, [pid 5898] close(4) = 0 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5898] mkdir("./file1", 0777 [pid 5840] close(3 [pid 5898] <... mkdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5898] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] rmdir("./8" [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 90.945061][ T5898] loop1: detected capacity change from 0 to 4096 [pid 5897] close(5 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./9", 0777 [pid 5897] <... close resumed>) = 0 [pid 5840] <... mkdir resumed>) = 0 [pid 5837] <... umount2 resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5837] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... openat resumed>) = 3 [pid 5837] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5837] <... openat resumed>) = 4 [pid 5840] <... ioctl resumed>) = 0 [pid 5837] newfstatat(4, "", [pid 5840] close(3 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, [pid 5897] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./8/file1" [pid 5899] <... write resumed>) = 2097152 [pid 5897] <... open resumed>) = 5 [pid 5837] <... rmdir resumed>) = 0 [pid 5897] truncate("./file1", 16784380 [pid 5837] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5897] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5899] munmap(0x7f349a600000, 138412032 [pid 5897] <... mmap resumed>) = 0x200000001000 [pid 5897] exit_group(0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] <... exit_group resumed>) = ? [pid 5837] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5897] +++ exited with 0 +++ [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 5837] unlink("./8/binderfs" [pid 5839] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] <... unlink resumed>) = 0 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... munmap resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3 [pid 5899] <... openat resumed>) = 4 [pid 5837] <... close resumed>) = 0 [ 90.988987][ T5898] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5837] rmdir("./8" [pid 5899] <... ioctl resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5837] <... rmdir resumed>) = 0 [pid 5899] close(3 [pid 5898] <... mount resumed>) = 0 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached [pid 5899] <... close resumed>) = 0 [pid 5898] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] mkdir("./9", 0777 [pid 5900] set_robust_list(0x55555857c660, 24 [pid 5899] close(4 [pid 5898] <... openat resumed>) = 3 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5900 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] <... close resumed>) = 0 [pid 5898] chdir("./file1" [pid 5900] chdir("./9" [pid 5899] mkdir("./file1", 0777 [pid 5898] <... chdir resumed>) = 0 [pid 5837] <... mkdir resumed>) = 0 [pid 5899] <... mkdir resumed>) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5900] <... chdir resumed>) = 0 [pid 5899] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... openat resumed>) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5898] open("./file1", O_RDONLY|O_DIRECT [pid 5900] <... prctl resumed>) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] memfd_create("syzkaller", 0 [pid 5837] <... ioctl resumed>) = 0 [pid 5900] <... memfd_create resumed>) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5839] newfstatat(AT_FDCWD, "./8/file1", [pid 5837] close(3 [pid 5898] <... open resumed>) = 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5898] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5898] memfd_create("syzkaller", 0) = 5 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5839] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4./strace-static-x86_64: Process 5901 attached ) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5901 [pid 5839] rmdir("./8/file1" [pid 5901] set_robust_list(0x55555857c660, 24 [pid 5839] <... rmdir resumed>) = 0 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5839] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] chdir("./9" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 91.039120][ T5899] loop4: detected capacity change from 0 to 4096 [ 91.063332][ T5899] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5901] <... chdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5901] <... prctl resumed>) = 0 [pid 5839] unlink("./8/binderfs" [pid 5901] setpgid(0, 0 [pid 5839] <... unlink resumed>) = 0 [pid 5901] <... setpgid resumed>) = 0 [pid 5839] getdents64(3, [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./8" [pid 5901] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5901] write(3, "1000", 4 [pid 5839] mkdir("./9", 0777 [pid 5901] <... write resumed>) = 4 [pid 5901] close(3 [pid 5899] <... mount resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5901] <... close resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5901] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... openat resumed>) = 3 [pid 5901] <... symlink resumed>) = 0 [pid 5839] ioctl(3, LOOP_CLR_FDexecuting program [pid 5901] write(1, "executing program\n", 18 [pid 5899] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... ioctl resumed>) = 0 [pid 5901] <... write resumed>) = 18 [pid 5899] <... openat resumed>) = 3 [pid 5839] close(3 [pid 5901] memfd_create("syzkaller", 0 [pid 5899] chdir("./file1") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] open("./file1", O_RDONLY|O_DIRECT [pid 5901] <... memfd_create resumed>) = 3 [pid 5900] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5898] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5899] <... open resumed>) = 4 [pid 5899] preadv2(4, [pid 5839] <... close resumed>) = 0 [pid 5899] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5899] memfd_create("syzkaller", 0) = 5 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached , child_tidptr=0x55555857c650) = 5902 [pid 5902] set_robust_list(0x55555857c660, 24 [pid 5901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] <... write resumed>) = 2097152 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5898] <... write resumed>) = 2097152 [pid 5902] chdir("./9" [pid 5898] munmap(0x7f349a600000, 138412032 [pid 5902] <... chdir resumed>) = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5900] munmap(0x7f349a600000, 138412032 [pid 5902] <... prctl resumed>) = 0 [pid 5900] <... munmap resumed>) = 0 [pid 5899] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] <... munmap resumed>) = 0 [pid 5902] setpgid(0, 0 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5902] <... setpgid resumed>) = 0 [pid 5900] <... openat resumed>) = 4 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5902] <... openat resumed>) = 3 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5902] write(3, "1000", 4 [pid 5898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5902] <... write resumed>) = 4 [pid 5898] close(5 [pid 5902] close(3 [pid 5901] <... write resumed>) = 2097152 executing program [pid 5902] <... close resumed>) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] write(1, "executing program\n", 18) = 18 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5901] munmap(0x7f349a600000, 138412032) = 0 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5900] <... ioctl resumed>) = 0 [pid 5898] <... close resumed>) = 0 [pid 5902] <... mmap resumed>) = 0x7f349a600000 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5900] close(3) = 0 [pid 5900] close(4) = 0 [pid 5900] mkdir("./file1", 0777) = 0 [pid 5899] <... write resumed>) = 2097152 [pid 5900] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5899] munmap(0x7f349a600000, 138412032 [pid 5898] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5901] <... ioctl resumed>) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file1", 0777) = 0 [ 91.214164][ T5900] loop3: detected capacity change from 0 to 4096 [ 91.243378][ T5901] loop0: detected capacity change from 0 to 4096 [ 91.253816][ T5900] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5901] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5902] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5899] <... munmap resumed>) = 0 [pid 5898] <... open resumed>) = 5 [pid 5898] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5898] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5898] exit_group(0) = ? [pid 5898] +++ exited with 0 +++ [pid 5899] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] close(5 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5899] <... close resumed>) = 0 [pid 5838] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5902] <... write resumed>) = 2097152 [pid 5901] <... mount resumed>) = 0 [pid 5900] <... mount resumed>) = 0 [pid 5899] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./9/file1") = 0 [pid 5838] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5900] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5899] <... open resumed>) = 5 [pid 5838] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5901] <... openat resumed>) = 3 [pid 5900] <... openat resumed>) = 3 [pid 5899] truncate("./file1", 16784380 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 91.271699][ T5901] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5900] chdir("./file1" [pid 5899] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] unlink("./9/binderfs" [pid 5901] chdir("./file1" [pid 5900] <... chdir resumed>) = 0 [pid 5899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5838] <... unlink resumed>) = 0 [pid 5901] <... chdir resumed>) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5899] <... openat resumed>) = 6 [pid 5902] munmap(0x7f349a600000, 138412032 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5900] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5899] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5838] getdents64(3, [pid 5901] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5899] <... mmap resumed>) = 0x200000001000 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./9" [pid 5899] exit_group(0 [pid 5838] <... rmdir resumed>) = 0 [pid 5902] <... munmap resumed>) = 0 [pid 5901] open("./file1", O_RDONLY|O_DIRECT [pid 5900] open("./file1", O_RDONLY|O_DIRECT [pid 5899] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5902] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5838] mkdir("./10", 0777) = 0 [pid 5901] <... open resumed>) = 4 [pid 5902] <... openat resumed>) = 4 [pid 5900] <... open resumed>) = 4 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5901] preadv2(4, [pid 5900] preadv2(4, [pid 5841] <... restart_syscall resumed>) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5841] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] memfd_create("syzkaller", 0 [pid 5841] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] <... memfd_create resumed>) = 5 [pid 5841] <... openat resumed>) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] newfstatat(3, "", [pid 5900] <... mmap resumed>) = 0x7f349a600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] <... ioctl resumed>) = 0 [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] close(3 [pid 5901] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5901] memfd_create("syzkaller", 0) = 5 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5841] <... umount2 resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5902] <... ioctl resumed>) = 0 [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./file1", 0777./strace-static-x86_64: Process 5903 attached ) = 0 [pid 5903] set_robust_list(0x55555857c660, 24 [pid 5841] newfstatat(AT_FDCWD, "./9/file1", [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5903 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5903] chdir("./10" [pid 5841] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... chdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5902] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5841] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] <... prctl resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [ 91.355262][ T5902] loop2: detected capacity change from 0 to 4096 [pid 5903] setpgid(0, 0 [pid 5841] newfstatat(4, "", [pid 5903] <... setpgid resumed>) = 0 [pid 5901] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5903] <... openat resumed>) = 3 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5903] write(3, "1000", 4 [pid 5841] close(4 [pid 5903] <... write resumed>) = 4 [pid 5841] <... close resumed>) = 0 executing program [pid 5903] close(3 [pid 5841] rmdir("./9/file1" [pid 5903] <... close resumed>) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5903] write(1, "executing program\n", 18 [pid 5841] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... write resumed>) = 18 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] memfd_create("syzkaller", 0 [pid 5841] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./9/binderfs") = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./9") = 0 [pid 5841] mkdir("./10", 0777 [pid 5903] <... memfd_create resumed>) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5903] <... mmap resumed>) = 0x7f349a600000 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5900] <... write resumed>) = 2097152 [ 91.406987][ T5902] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5841] close(3 [pid 5900] munmap(0x7f349a600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 5901] <... write resumed>) = 2097152 [pid 5900] <... munmap resumed>) = 0 [pid 5901] munmap(0x7f349a600000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] close(5 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] close(5./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x55555857c660, 24) = 0 [pid 5904] chdir("./10" [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5904 [pid 5904] <... chdir resumed>) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0 [pid 5903] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5904] <... setpgid resumed>) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3executing program ) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18) = 18 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5900] <... close resumed>) = 0 [pid 5901] <... close resumed>) = 0 [pid 5900] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5902] <... mount resumed>) = 0 [pid 5901] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5902] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file1") = 0 [pid 5900] <... open resumed>) = 5 [pid 5902] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5900] truncate("./file1", 16784380 [pid 5902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5902] open("./file1", O_RDONLY|O_DIRECT [pid 5900] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5900] exit_group(0 [pid 5904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5903] <... write resumed>) = 2097152 [pid 5902] <... open resumed>) = 4 [pid 5901] <... open resumed>) = 5 [pid 5903] munmap(0x7f349a600000, 138412032 [pid 5902] preadv2(4, [pid 5901] truncate("./file1", 16784380 [pid 5900] <... exit_group resumed>) = ? [pid 5903] <... munmap resumed>) = 0 [pid 5902] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5902] memfd_create("syzkaller", 0) = 5 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5900] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5840] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5901] <... openat resumed>) = 6 [pid 5840] <... openat resumed>) = 3 [pid 5901] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5903] <... openat resumed>) = 4 [pid 5840] newfstatat(3, "", [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5901] <... mmap resumed>) = 0x200000001000 [pid 5901] exit_group(0 [pid 5840] getdents64(3, [pid 5903] <... ioctl resumed>) = 0 [pid 5901] <... exit_group resumed>) = ? [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5903] close(3 [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... close resumed>) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file1", 0777) = 0 [pid 5903] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5904] <... write resumed>) = 2097152 [pid 5901] +++ exited with 0 +++ [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=4 /* 0.04 s */} --- [pid 5840] <... umount2 resumed>) = 0 [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5904] munmap(0x7f349a600000, 138412032 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./9/file1") = 0 [pid 5840] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... restart_syscall resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./9/binderfs") = 0 [pid 5837] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] close(3 [pid 5837] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./9") = 0 [pid 5837] <... openat resumed>) = 3 [pid 5840] mkdir("./10", 0777) = 0 [pid 5837] newfstatat(3, "", [pid 5904] <... munmap resumed>) = 0 [pid 5903] <... mount resumed>) = 0 [pid 5902] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... openat resumed>) = 3 [pid 5837] getdents64(3, [pid 5904] <... openat resumed>) = 4 [pid 5903] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5903] chdir("./file1" [pid 5840] <... ioctl resumed>) = 0 [pid 5903] <... chdir resumed>) = 0 [ 91.561347][ T5903] loop1: detected capacity change from 0 to 4096 [ 91.573648][ T5903] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5840] close(3 [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5837] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] open("./file1", O_RDONLY|O_DIRECT [pid 5837] <... umount2 resumed>) = 0 [pid 5903] <... open resumed>) = 4 [pid 5903] preadv2(4, [pid 5840] <... close resumed>) = 0 [pid 5903] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5903] memfd_create("syzkaller", 0) = 5 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... mmap resumed>) = 0x7f349a600000 [pid 5904] <... ioctl resumed>) = 0 [pid 5904] close(3 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] <... close resumed>) = 0 [pid 5904] close(4) = 0 [pid 5902] <... write resumed>) = 2097152 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] newfstatat(AT_FDCWD, "./9/file1", [pid 5904] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 5905 attached [pid 5904] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5902] munmap(0x7f349a600000, 138412032 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5902] <... munmap resumed>) = 0 [pid 5837] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] set_robust_list(0x55555857c660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5905 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5905] <... set_robust_list resumed>) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5837] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] chdir("./10" [pid 5902] close(5 [pid 5837] <... openat resumed>) = 4 [pid 5837] newfstatat(4, "", [pid 5902] <... close resumed>) = 0 [pid 5905] <... chdir resumed>) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5905] setpgid(0, 0 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5905] <... setpgid resumed>) = 0 [pid 5837] close(4) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] rmdir("./9/file1") = 0 [pid 5905] <... openat resumed>) = 3 [ 91.626179][ T5904] loop4: detected capacity change from 0 to 4096 [ 91.662729][ T5904] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5837] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5905] write(3, "1000", 4 [pid 5837] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5905] <... write resumed>) = 4 [pid 5904] <... mount resumed>) = 0 [pid 5903] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5902] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5905] close(3 [pid 5904] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... close resumed>) = 0 [pid 5904] <... openat resumed>) = 3 [pid 5837] unlink("./9/binderfs" [pid 5905] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5837] <... unlink resumed>) = 0 [pid 5837] getdents64(3, [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5904] chdir("./file1" [pid 5837] close(3 [pid 5904] <... chdir resumed>) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5905] memfd_create("syzkaller", 0 [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] <... close resumed>) = 0 [pid 5905] <... memfd_create resumed>) = 3 [pid 5904] open("./file1", O_RDONLY|O_DIRECT [pid 5837] rmdir("./9" [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5902] <... open resumed>) = 5 [pid 5837] <... rmdir resumed>) = 0 [pid 5905] <... mmap resumed>) = 0x7f349a600000 [pid 5904] <... open resumed>) = 4 [pid 5902] truncate("./file1", 16784380 [pid 5837] mkdir("./10", 0777 [pid 5904] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5902] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5837] <... mkdir resumed>) = 0 [pid 5904] memfd_create("syzkaller", 0) = 5 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5837] <... openat resumed>) = 3 [pid 5902] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5903] <... write resumed>) = 2097152 [pid 5902] <... mmap resumed>) = 0x200000001000 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5902] exit_group(0 [pid 5837] <... ioctl resumed>) = 0 [pid 5902] <... exit_group resumed>) = ? [pid 5837] close(3 [pid 5904] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5905] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5903] munmap(0x7f349a600000, 138412032 [pid 5902] +++ exited with 0 +++ [pid 5837] <... close resumed>) = 0 [pid 5903] <... munmap resumed>) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5903] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5906 attached ) = -1 EBUSY (Device or resource busy) [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5906 [pid 5903] close(5 [pid 5906] set_robust_list(0x55555857c660, 24 [pid 5839] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... set_robust_list resumed>) = 0 [pid 5906] chdir("./10") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5904] <... write resumed>) = 2097152 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] munmap(0x7f349a600000, 138412032 [pid 5906] memfd_create("syzkaller", 0 [pid 5904] <... munmap resumed>) = 0 [pid 5906] <... memfd_create resumed>) = 3 [pid 5905] <... write resumed>) = 2097152 [pid 5903] <... close resumed>) = 0 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5903] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5906] <... mmap resumed>) = 0x7f349a600000 [pid 5905] munmap(0x7f349a600000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5903] <... open resumed>) = 5 [pid 5839] <... umount2 resumed>) = 0 [pid 5904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] truncate("./file1", 16784380 [pid 5904] close(5 [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 91.806062][ T891] cfg80211: failed to load regulatory.db [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] newfstatat(AT_FDCWD, "./9/file1", [pid 5903] <... openat resumed>) = 6 [pid 5903] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5903] <... mmap resumed>) = 0x200000001000 [pid 5905] <... openat resumed>) = 4 [pid 5903] exit_group(0 [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... exit_group resumed>) = ? [pid 5904] <... close resumed>) = 0 [pid 5903] +++ exited with 0 +++ [pid 5839] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5839] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5904] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", [pid 5838] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] getdents64(4, [pid 5838] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... openat resumed>) = 3 [pid 5839] getdents64(4, [pid 5838] newfstatat(3, "", [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] close(4 [pid 5838] getdents64(3, [pid 5839] <... close resumed>) = 0 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] rmdir("./9/file1" [pid 5838] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] <... ioctl resumed>) = 0 [pid 5904] <... open resumed>) = 5 [pid 5839] <... rmdir resumed>) = 0 [pid 5905] close(3) = 0 [pid 5904] truncate("./file1", 16784380 [pid 5839] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] close(4) = 0 [pid 5904] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5905] mkdir("./file1", 0777 [pid 5904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5905] <... mkdir resumed>) = 0 [pid 5904] <... openat resumed>) = 6 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5904] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5839] unlink("./9/binderfs" [pid 5904] <... mmap resumed>) = 0x200000001000 [pid 5839] <... unlink resumed>) = 0 [pid 5904] exit_group(0 [pid 5839] getdents64(3, [pid 5904] <... exit_group resumed>) = ? [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5905] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5904] +++ exited with 0 +++ [pid 5839] close(3 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5839] <... close resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5839] rmdir("./9") = 0 [pid 5839] mkdir("./10", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5906] <... write resumed>) = 2097152 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5906] munmap(0x7f349a600000, 138412032) = 0 [pid 5841] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... openat resumed>) = 3 [ 91.852220][ T5905] loop3: detected capacity change from 0 to 4096 [ 91.881531][ T5905] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5841] newfstatat(3, "", [pid 5906] <... ioctl resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] close(3 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5908 ./strace-static-x86_64: Process 5908 attached [pid 5908] set_robust_list(0x55555857c660, 24) = 0 [pid 5906] <... close resumed>) = 0 [pid 5906] close(4 [pid 5908] chdir("./10" [pid 5906] <... close resumed>) = 0 [pid 5908] <... chdir resumed>) = 0 [pid 5906] mkdir("./file1", 0777 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5906] <... mkdir resumed>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5908] <... openat resumed>) = 3 [pid 5908] write(3, "1000", 4) = 4 [ 91.900925][ T5906] loop0: detected capacity change from 0 to 4096 [pid 5908] close(3executing program ) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18) = 18 [pid 5908] memfd_create("syzkaller", 0 [pid 5906] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5838] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... umount2 resumed>) = 0 [pid 5838] newfstatat(AT_FDCWD, "./10/file1", [pid 5908] <... memfd_create resumed>) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... mount resumed>) = 0 [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5905] <... openat resumed>) = 3 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5905] chdir("./file1" [pid 5841] newfstatat(AT_FDCWD, "./10/file1", [pid 5838] <... openat resumed>) = 4 [pid 5905] <... chdir resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(4, [pid 5905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] getdents64(4, [pid 5905] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5841] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5905] preadv2(4, [pid 5841] <... openat resumed>) = 4 [pid 5838] close(4) = 0 [pid 5905] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] newfstatat(4, "", [pid 5838] rmdir("./10/file1" [pid 5905] memfd_create("syzkaller", 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5905] <... memfd_create resumed>) = 5 [pid 5838] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] getdents64(4, [pid 5838] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... mmap resumed>) = 0x7f349a600000 [pid 5841] close(4 [pid 5838] unlink("./10/binderfs" [pid 5841] <... close resumed>) = 0 [pid 5838] <... unlink resumed>) = 0 [pid 5838] getdents64(3, [pid 5841] rmdir("./10/file1") = 0 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3 [pid 5841] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... close resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] rmdir("./10") = 0 [pid 5838] mkdir("./11", 0777) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [ 91.945943][ T5906] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5841] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./10/binderfs") = 0 [pid 5841] getdents64(3, [pid 5838] close(3 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5908] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] rmdir("./10") = 0 [pid 5906] <... mount resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file1") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] mkdir("./11", 0777 [pid 5906] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... mkdir resumed>) = 0 [pid 5906] <... open resumed>) = 4 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5906] preadv2(4, [pid 5905] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] <... close resumed>) = 0 [pid 5906] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5906] memfd_create("syzkaller", 0 [pid 5841] <... openat resumed>) = 3 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached [pid 5908] <... write resumed>) = 2097152 [pid 5906] <... memfd_create resumed>) = 5 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5909 [pid 5909] set_robust_list(0x55555857c660, 24) = 0 [pid 5909] chdir("./11" [pid 5841] close(3 [pid 5909] <... chdir resumed>) = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5909] write(1, "executing program\n", 18) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5908] munmap(0x7f349a600000, 138412032 [pid 5841] <... close resumed>) = 0 [pid 5906] <... mmap resumed>) = 0x7f349a600000 [pid 5908] <... munmap resumed>) = 0 [pid 5909] <... mmap resumed>) = 0x7f349a600000 [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5905] <... write resumed>) = 2097152 [pid 5908] <... openat resumed>) = 4 [pid 5905] munmap(0x7f349a600000, 138412032 [pid 5908] ioctl(4, LOOP_SET_FD, 3 [pid 5905] <... munmap resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5908] <... ioctl resumed>) = 0 [pid 5908] close(3) = 0 ./strace-static-x86_64: Process 5910 attached [pid 5908] close(4 [pid 5910] set_robust_list(0x55555857c660, 24) = 0 [pid 5910] chdir("./11" [pid 5909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5908] <... close resumed>) = 0 [pid 5906] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5905] close(5 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5910 [pid 5908] mkdir("./file1", 0777 [pid 5910] <... chdir resumed>) = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] <... close resumed>) = 0 [pid 5908] <... mkdir resumed>) = 0 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5910] write(1, "executing program\n", 18) = 18 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [ 92.104745][ T5908] loop2: detected capacity change from 0 to 4096 [pid 5908] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5905] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5906] <... write resumed>) = 2097152 [pid 5905] <... open resumed>) = 5 [pid 5905] truncate("./file1", 16784380 [pid 5910] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5909] <... write resumed>) = 2097152 [pid 5906] munmap(0x7f349a600000, 138412032 [pid 5905] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5909] munmap(0x7f349a600000, 138412032 [pid 5905] <... openat resumed>) = 6 [pid 5906] <... munmap resumed>) = 0 [ 92.152248][ T5908] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5909] <... munmap resumed>) = 0 [pid 5910] <... write resumed>) = 2097152 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5905] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5909] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] <... openat resumed>) = 4 [pid 5906] close(5 [pid 5905] <... mmap resumed>) = 0x200000001000 [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5908] <... mount resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5905] exit_group(0 [pid 5908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5906] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5905] <... exit_group resumed>) = ? [pid 5908] <... openat resumed>) = 3 [pid 5910] munmap(0x7f349a600000, 138412032 [pid 5908] chdir("./file1" [pid 5905] +++ exited with 0 +++ [pid 5910] <... munmap resumed>) = 0 [pid 5909] <... ioctl resumed>) = 0 [pid 5908] <... chdir resumed>) = 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5909] close(3 [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5909] <... close resumed>) = 0 [pid 5908] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] close(4 [pid 5908] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] <... close resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5909] mkdir("./file1", 0777 [pid 5840] <... openat resumed>) = 3 [pid 5840] newfstatat(3, "", [pid 5909] <... mkdir resumed>) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5906] <... open resumed>) = 5 [pid 5840] getdents64(3, [pid 5908] <... open resumed>) = 4 [pid 5906] truncate("./file1", 16784380 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] preadv2(4, [pid 5906] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5840] <... umount2 resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... openat resumed>) = 6 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./10/file1", [pid 5908] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5906] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5908] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5906] <... mmap resumed>) = 0x200000001000 [pid 5840] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5910] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5908] <... memfd_create resumed>) = 5 [pid 5906] exit_group(0 [pid 5840] <... openat resumed>) = 4 [pid 5910] <... openat resumed>) = 4 [pid 5840] newfstatat(4, "", [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5906] <... exit_group resumed>) = ? [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 92.215167][ T5909] loop1: detected capacity change from 0 to 4096 [ 92.239108][ T5909] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5840] getdents64(4, [pid 5908] <... mmap resumed>) = 0x7f349a600000 [pid 5906] +++ exited with 0 +++ [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5837] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] getdents64(4, [pid 5837] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] close(4) = 0 [pid 5840] rmdir("./10/file1") = 0 [pid 5840] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./10/binderfs") = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./10") = 0 [pid 5840] mkdir("./11", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5910] <... ioctl resumed>) = 0 [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file1", 0777) = 0 [ 92.259542][ T5910] loop4: detected capacity change from 0 to 4096 [pid 5910] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5837] <... umount2 resumed>) = 0 [pid 5837] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5908] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5837] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] <... mount resumed>) = 0 [pid 5837] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] <... openat resumed>) = 3 [pid 5909] chdir("./file1") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] open("./file1", O_RDONLY|O_DIRECT [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5911 attached [pid 5909] <... open resumed>) = 4 [pid 5837] <... openat resumed>) = 4 [pid 5911] set_robust_list(0x55555857c660, 24) = 0 [pid 5911] chdir("./11" [pid 5909] preadv2(4, [pid 5911] <... chdir resumed>) = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5911 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5837] newfstatat(4, "", [pid 5909] memfd_create("syzkaller", 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] <... memfd_create resumed>) = 5 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5911] write(1, "executing program\n", 18) = 18 [pid 5911] memfd_create("syzkaller", 0 [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, [pid 5911] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./10/file1") = 0 [pid 5837] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 92.308195][ T5910] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5837] unlink("./10/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./10") = 0 [pid 5837] mkdir("./11", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5910] <... mount resumed>) = 0 [pid 5837] <... openat resumed>) = 3 [pid 5909] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5910] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] <... ioctl resumed>) = 0 [pid 5910] <... openat resumed>) = 3 [pid 5910] chdir("./file1") = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] close(3 [pid 5910] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5910] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5910] memfd_create("syzkaller", 0) = 5 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5908] <... write resumed>) = 2097152 [pid 5908] munmap(0x7f349a600000, 138412032 [pid 5837] <... close resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached [pid 5908] <... munmap resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5912 [pid 5912] set_robust_list(0x55555857c660, 24 [pid 5909] <... write resumed>) = 2097152 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] <... write resumed>) = 2097152 [pid 5910] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5908] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] chdir("./11" [pid 5908] close(5 [pid 5909] munmap(0x7f349a600000, 138412032 [pid 5911] munmap(0x7f349a600000, 138412032) = 0 [pid 5909] <... munmap resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5909] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5912] <... chdir resumed>) = 0 [pid 5909] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0 [pid 5909] close(5 [pid 5912] <... setpgid resumed>) = 0 [pid 5908] <... close resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5909] <... close resumed>) = 0 [pid 5908] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5911] <... ioctl resumed>) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file1", 0777 [pid 5912] <... openat resumed>) = 3 [pid 5911] <... mkdir resumed>) = 0 [pid 5911] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5912] write(3, "1000", 4 [pid 5910] <... write resumed>) = 2097152 [pid 5912] <... write resumed>) = 4 [pid 5909] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5910] munmap(0x7f349a600000, 138412032 [pid 5912] close(3 [pid 5908] <... open resumed>) = 5 [pid 5912] <... close resumed>) = 0 [pid 5908] truncate("./file1", 16784380 [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5908] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5909] <... open resumed>) = 5 [pid 5909] truncate("./file1", 16784380 [pid 5908] <... openat resumed>) = 6 [pid 5908] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5909] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5908] <... mmap resumed>) = 0x200000001000 [pid 5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5909] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5909] exit_group(0) = ? [pid 5912] <... symlink resumed>) = 0 [pid 5910] <... munmap resumed>) = 0 [pid 5909] +++ exited with 0 +++ [pid 5908] exit_group(0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>executing program ) = 0 [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5910] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5908] <... exit_group resumed>) = ? [pid 5911] <... mount resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] chdir("./file1") = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... openat resumed>) = 3 [pid 5911] open("./file1", O_RDONLY|O_DIRECT [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5912] memfd_create("syzkaller", 0 [pid 5838] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... memfd_create resumed>) = 3 [pid 5911] <... open resumed>) = 4 [pid 5910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5908] +++ exited with 0 +++ [pid 5838] <... umount2 resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5911] preadv2(4, [pid 5912] <... mmap resumed>) = 0x7f349a600000 [pid 5910] close(5 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5911] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5838] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] newfstatat(AT_FDCWD, "./11/file1", [pid 5839] <... openat resumed>) = 3 [pid 5839] newfstatat(3, "", [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5911] memfd_create("syzkaller", 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] getdents64(3, [pid 5911] <... memfd_create resumed>) = 5 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 92.463912][ T5911] loop3: detected capacity change from 0 to 4096 [ 92.487479][ T5911] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5838] newfstatat(4, "", [pid 5911] <... mmap resumed>) = 0x7f349a600000 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5910] <... close resumed>) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./11/file1") = 0 [pid 5838] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./11/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5910] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] rmdir("./11" [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... rmdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] mkdir("./12", 0777 [pid 5839] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] <... mkdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5910] <... open resumed>) = 5 [pid 5839] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... close resumed>) = 0 [pid 5910] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5839] <... openat resumed>) = 4 [pid 5910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5839] newfstatat(4, "", [pid 5910] <... openat resumed>) = 6 [pid 5910] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5911] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] <... mmap resumed>) = 0x200000001000 [pid 5910] exit_group(0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5910] <... exit_group resumed>) = ? [pid 5839] getdents64(4, [pid 5912] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5910] +++ exited with 0 +++ [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./10/file1") = 0 [pid 5839] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./10/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./10"./strace-static-x86_64: Process 5913 attached ) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5913 [pid 5839] mkdir("./11", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5913] set_robust_list(0x55555857c660, 24 [pid 5912] <... write resumed>) = 2097152 [pid 5911] <... write resumed>) = 2097152 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5912] munmap(0x7f349a600000, 138412032 [pid 5911] munmap(0x7f349a600000, 138412032 [pid 5841] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] chdir("./12" [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] <... chdir resumed>) = 0 [pid 5912] <... munmap resumed>) = 0 [pid 5911] <... munmap resumed>) = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5913] setpgid(0, 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5913] <... setpgid resumed>) = 0 [pid 5911] close(5 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5912] <... openat resumed>) = 4 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5913] <... openat resumed>) = 3 [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5841] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./11/file1" [pid 5913] write(3, "1000", 4 [pid 5841] <... rmdir resumed>) = 0 [pid 5913] <... write resumed>) = 4 [pid 5911] <... close resumed>) = 0 [pid 5913] close(3 [pid 5841] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5841] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5913] <... close resumed>) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs" [pid 5841] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./11/binderfs" [pid 5913] <... symlink resumed>) = 0 [pid 5841] <... unlink resumed>) = 0 [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5841] getdents64(3, [pid 5913] memfd_create("syzkaller", 0 [pid 5912] <... ioctl resumed>) = 0 [pid 5911] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... close resumed>) = 0 [pid 5913] <... memfd_create resumed>) = 3 [pid 5912] close(3 [pid 5841] close(3) = 0 [pid 5841] rmdir("./11" [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] <... close resumed>) = 0 [pid 5841] <... rmdir resumed>) = 0 [pid 5913] <... mmap resumed>) = 0x7f349a600000 [pid 5841] mkdir("./12", 0777 [pid 5912] close(4 [pid 5841] <... mkdir resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached [pid 5912] <... close resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5912] mkdir("./file1", 0777 [pid 5914] set_robust_list(0x55555857c660, 24 [pid 5841] <... openat resumed>) = 3 [pid 5912] <... mkdir resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5914 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5914] chdir("./11" [pid 5912] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5911] <... open resumed>) = 5 [pid 5841] <... ioctl resumed>) = 0 [pid 5914] <... chdir resumed>) = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] close(3 [pid 5914] <... prctl resumed>) = 0 [pid 5911] truncate("./file1", 16784380 [pid 5913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5911] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5911] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5841] <... close resumed>) = 0 [pid 5911] exit_group(0 executing program [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] write(1, "executing program\n", 18 [pid 5911] <... exit_group resumed>) = ? [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5915 ./strace-static-x86_64: Process 5915 attached [pid 5914] <... write resumed>) = 18 [pid 5913] <... write resumed>) = 2097152 [pid 5911] +++ exited with 0 +++ [pid 5915] set_robust_list(0x55555857c660, 24 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5915] <... set_robust_list resumed>) = 0 [pid 5915] chdir("./12" [pid 5914] memfd_create("syzkaller", 0 [pid 5915] <... chdir resumed>) = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5840] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5915] <... prctl resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] setpgid(0, 0 [pid 5914] <... memfd_create resumed>) = 3 [pid 5840] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] <... setpgid resumed>) = 0 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] <... openat resumed>) = 3 [ 92.655822][ T5912] loop0: detected capacity change from 0 to 4096 [ 92.695549][ T5912] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5915] <... openat resumed>) = 3 [pid 5840] getdents64(3, [pid 5915] write(3, "1000", 4) = 4 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5915] close(3) = 0 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18) = 18 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5913] munmap(0x7f349a600000, 138412032 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5913] <... munmap resumed>) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3 [pid 5914] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... umount2 resumed>) = 0 [pid 5913] <... ioctl resumed>) = 0 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] close(3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5913] <... close resumed>) = 0 [pid 5840] newfstatat(AT_FDCWD, "./11/file1", [pid 5913] close(4) = 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5913] mkdir("./file1", 0777 [pid 5840] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] <... mkdir resumed>) = 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5913] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... openat resumed>) = 4 [pid 5914] <... write resumed>) = 2097152 [pid 5913] <... mount resumed>) = 0 [pid 5912] <... mount resumed>) = 0 [pid 5840] newfstatat(4, "", [pid 5912] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] munmap(0x7f349a600000, 138412032 [pid 5913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5912] <... openat resumed>) = 3 [pid 5840] getdents64(4, [pid 5914] <... munmap resumed>) = 0 [pid 5913] <... openat resumed>) = 3 [pid 5912] chdir("./file1" [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5913] chdir("./file1" [pid 5912] <... chdir resumed>) = 0 [ 92.754661][ T5913] loop1: detected capacity change from 0 to 4096 [ 92.789862][ T5913] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5840] getdents64(4, [pid 5913] <... chdir resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5913] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5912] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] close(4 [pid 5912] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./11/file1") = 0 [pid 5912] <... open resumed>) = 4 [pid 5840] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] preadv2(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5913] open("./file1", O_RDONLY|O_DIRECT [pid 5840] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5914] <... openat resumed>) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5913] <... open resumed>) = 4 [pid 5912] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5913] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5912] memfd_create("syzkaller", 0 [pid 5840] unlink("./11/binderfs" [pid 5913] memfd_create("syzkaller", 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5913] <... memfd_create resumed>) = 5 [pid 5912] <... memfd_create resumed>) = 5 [pid 5840] <... unlink resumed>) = 0 [pid 5915] <... write resumed>) = 2097152 [pid 5914] mkdir("./file1", 0777 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] getdents64(3, [pid 5915] munmap(0x7f349a600000, 138412032 [pid 5914] <... mkdir resumed>) = 0 [pid 5913] <... mmap resumed>) = 0x7f349a600000 [pid 5912] <... mmap resumed>) = 0x7f349a600000 [pid 5914] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5915] <... munmap resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./11") = 0 [pid 5840] mkdir("./12", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [pid 5840] close(3 [pid 5914] <... mount resumed>) = 0 [pid 5914] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5914] <... openat resumed>) = 3 [pid 5914] chdir("./file1" [pid 5915] ioctl(4, LOOP_SET_FD, 3 [pid 5914] <... chdir resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... close resumed>) = 0 [ 92.853077][ T5914] loop2: detected capacity change from 0 to 4096 [ 92.888399][ T5914] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5914] <... open resumed>) = 4 [pid 5912] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5914] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5914] memfd_create("syzkaller", 0) = 5 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 ./strace-static-x86_64: Process 5916 attached [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5916 [pid 5916] set_robust_list(0x55555857c660, 24 [pid 5915] <... ioctl resumed>) = 0 [pid 5913] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5915] close(3 [pid 5916] chdir("./12" [pid 5915] <... close resumed>) = 0 [pid 5916] <... chdir resumed>) = 0 [pid 5915] close(4) = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5915] mkdir("./file1", 0777 [pid 5912] <... write resumed>) = 2097152 [pid 5916] <... prctl resumed>) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5915] <... mkdir resumed>) = 0 [pid 5916] <... openat resumed>) = 3 [pid 5915] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [ 92.931745][ T5915] loop4: detected capacity change from 0 to 4096 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] munmap(0x7f349a600000, 138412032 [pid 5914] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5912] <... munmap resumed>) = 0 [pid 5916] write(1, "executing program\n", 18 [pid 5913] <... write resumed>) = 2097152 executing program [pid 5916] <... write resumed>) = 18 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] close(5 [pid 5916] memfd_create("syzkaller", 0 [pid 5913] munmap(0x7f349a600000, 138412032) = 0 [pid 5916] <... memfd_create resumed>) = 3 [ 92.982195][ T5915] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5912] <... close resumed>) = 0 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5915] <... mount resumed>) = 0 [pid 5914] <... write resumed>) = 2097152 [pid 5913] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5916] <... mmap resumed>) = 0x7f349a600000 [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5915] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5914] munmap(0x7f349a600000, 138412032 [pid 5915] <... openat resumed>) = 3 [pid 5914] <... munmap resumed>) = 0 [pid 5915] chdir("./file1" [pid 5914] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5913] close(5 [pid 5912] <... open resumed>) = 5 [pid 5915] <... chdir resumed>) = 0 [pid 5914] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] truncate("./file1", 16784380 [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5914] close(5 [pid 5912] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5915] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5913] <... close resumed>) = 0 [pid 5915] open("./file1", O_RDONLY|O_DIRECT [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5915] <... open resumed>) = 4 [pid 5912] <... openat resumed>) = 6 [pid 5915] preadv2(4, [pid 5916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5913] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5912] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5915] memfd_create("syzkaller", 0 [pid 5912] <... mmap resumed>) = 0x200000001000 [pid 5915] <... memfd_create resumed>) = 5 [pid 5912] exit_group(0 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] <... exit_group resumed>) = ? [pid 5912] +++ exited with 0 +++ [pid 5913] <... open resumed>) = 5 [pid 5913] truncate("./file1", 16784380 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5913] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5837] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5837] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(3, [pid 5915] <... mmap resumed>) = 0x7f349a600000 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5913] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5913] exit_group(0) = ? [pid 5913] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5838] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", [pid 5837] <... umount2 resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] getdents64(3, [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] newfstatat(AT_FDCWD, "./11/file1", [pid 5838] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5837] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5914] <... close resumed>) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./11/file1" [pid 5914] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5837] <... rmdir resumed>) = 0 [pid 5914] truncate("./file1", 16784380 [pid 5837] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5914] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5914] exit_group(0) = ? [pid 5914] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5839] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5915] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] getdents64(3, [pid 5838] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] unlink("./11/binderfs" [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... unlink resumed>) = 0 [pid 5837] getdents64(3, [pid 5838] newfstatat(AT_FDCWD, "./12/file1", [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5916] <... write resumed>) = 2097152 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] close(3 [pid 5838] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5916] munmap(0x7f349a600000, 138412032 [pid 5838] <... openat resumed>) = 4 [pid 5837] <... close resumed>) = 0 [pid 5916] <... munmap resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] newfstatat(4, "", [pid 5837] rmdir("./11" [pid 5916] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... rmdir resumed>) = 0 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5837] mkdir("./12", 0777 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./12/file1") = 0 [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... mkdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5839] newfstatat(AT_FDCWD, "./11/file1", [pid 5838] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./12/binderfs" [pid 5839] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... unlink resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] getdents64(3, [pid 5839] <... openat resumed>) = 4 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] newfstatat(4, "", [pid 5838] close(3 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] <... close resumed>) = 0 [pid 5839] getdents64(4, [pid 5838] rmdir("./12" [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] <... rmdir resumed>) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./11/file1" [pid 5837] <... openat resumed>) = 3 [pid 5839] <... rmdir resumed>) = 0 [pid 5838] mkdir("./13", 0777 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5915] <... write resumed>) = 2097152 [pid 5839] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5838] <... mkdir resumed>) = 0 [pid 5837] close(3 [pid 5915] munmap(0x7f349a600000, 138412032 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5839] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5838] <... close resumed>) = 0 [pid 5916] <... ioctl resumed>) = 0 [pid 5915] <... munmap resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] <... close resumed>) = 0 [pid 5916] close(3 [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5916] <... close resumed>) = 0 [pid 5916] close(4 [pid 5915] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] unlink("./11/binderfs" [pid 5916] <... close resumed>) = 0 [pid 5915] close(5 [pid 5916] mkdir("./file1", 0777 [pid 5839] <... unlink resumed>) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./11") = 0 [pid 5839] mkdir("./12", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [ 93.159825][ T5916] loop3: detected capacity change from 0 to 4096 [pid 5839] close(3 [pid 5916] <... mkdir resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached [pid 5916] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5915] <... close resumed>) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached [pid 5917] set_robust_list(0x55555857c660, 24 [pid 5915] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... close resumed>) = 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5917 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5918 [pid 5917] chdir("./12" [pid 5918] set_robust_list(0x55555857c660, 24 [pid 5917] <... chdir resumed>) = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] <... set_robust_list resumed>) = 0 [pid 5918] chdir("./13" [pid 5917] <... prctl resumed>) = 0 [pid 5918] <... chdir resumed>) = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5917] setpgid(0, 0 [pid 5918] close(3 [pid 5917] <... setpgid resumed>) = 0 [pid 5918] <... close resumed>) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs" [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5915] <... open resumed>) = 5 [pid 5918] <... symlink resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached [pid 5917] <... openat resumed>) = 3 [pid 5915] truncate("./file1", 16784380executing program [pid 5918] write(1, "executing program\n", 18 [pid 5917] write(3, "1000", 4 [pid 5915] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5918] <... write resumed>) = 18 [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5919] set_robust_list(0x55555857c660, 24 [pid 5918] memfd_create("syzkaller", 0 [pid 5917] <... write resumed>) = 4 [pid 5915] <... openat resumed>) = 6 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5917] close(3 [pid 5915] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5917] <... close resumed>) = 0 [pid 5919] chdir("./12" [pid 5917] symlink("/dev/binderfs", "./binderfs" [pid 5915] exit_group(0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5919 [pid 5919] <... chdir resumed>) = 0 [pid 5915] <... exit_group resumed>) = ? [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] <... memfd_create resumed>) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5919] <... prctl resumed>) = 0 [pid 5915] +++ exited with 0 +++ [pid 5919] setpgid(0, 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5919] <... setpgid resumed>) = 0 [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4 [pid 5841] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5919] <... write resumed>) = 4 [pid 5919] close(3) = 0 [ 93.229120][ T5916] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5919] symlink("/dev/binderfs", "./binderfs" [pid 5916] <... mount resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./file1") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... symlink resumed>) = 0 [pid 5917] <... symlink resumed>) = 0 [pid 5916] <... open resumed>) = 4 [pid 5919] write(1, "executing program\n", 18 [pid 5916] preadv2(4, [pid 5917] write(1, "executing program\n", 18executing program [pid 5919] <... write resumed>) = 18 executing program [pid 5919] memfd_create("syzkaller", 0 [pid 5917] <... write resumed>) = 18 [pid 5916] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5919] <... memfd_create resumed>) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5917] memfd_create("syzkaller", 0 [pid 5916] memfd_create("syzkaller", 0) = 5 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5917] <... memfd_create resumed>) = 3 [pid 5916] <... mmap resumed>) = 0x7f349a600000 [pid 5918] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./12/file1") = 0 [pid 5841] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./12/binderfs") = 0 [pid 5918] <... write resumed>) = 2097152 [pid 5841] getdents64(3, [pid 5919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5918] munmap(0x7f349a600000, 138412032 [pid 5917] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5916] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5918] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5841] rmdir("./12") = 0 [pid 5841] mkdir("./13", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5916] <... write resumed>) = 2097152 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3 [pid 5916] munmap(0x7f349a600000, 138412032 [pid 5917] <... write resumed>) = 2097152 [pid 5917] munmap(0x7f349a600000, 138412032 [pid 5919] <... write resumed>) = 2097152 [pid 5918] <... ioctl resumed>) = 0 [pid 5917] <... munmap resumed>) = 0 [pid 5916] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5919] munmap(0x7f349a600000, 138412032 [pid 5918] close(3 [pid 5919] <... munmap resumed>) = 0 [pid 5918] <... close resumed>) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./file1", 0777) = 0 [pid 5918] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5916] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached [pid 5919] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5917] <... openat resumed>) = 4 [pid 5920] set_robust_list(0x55555857c660, 24 [pid 5919] <... openat resumed>) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3 [pid 5916] close(5 [ 93.399629][ T5918] loop1: detected capacity change from 0 to 4096 [ 93.427787][ T5918] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 93.440735][ T5919] loop2: detected capacity change from 0 to 4096 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file1", 0777) = 0 [pid 5919] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5920] <... set_robust_list resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5920 [pid 5920] chdir("./13" [pid 5917] <... ioctl resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5917] close(3 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0 [pid 5917] <... close resumed>) = 0 [pid 5920] <... setpgid resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5917] close(4 [pid 5920] <... openat resumed>) = 3 [pid 5917] <... close resumed>) = 0 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3 [pid 5917] mkdir("./file1", 0777 [pid 5916] <... close resumed>) = 0 [pid 5920] <... close resumed>) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5917] <... mkdir resumed>) = 0 [pid 5916] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5920] <... symlink resumed>) = 0 executing program [pid 5920] write(1, "executing program\n", 18) = 18 [pid 5920] memfd_create("syzkaller", 0 [pid 5917] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5916] <... open resumed>) = 5 [pid 5916] truncate("./file1", 16784380 [pid 5920] <... memfd_create resumed>) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5916] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5920] <... mmap resumed>) = 0x7f349a600000 [pid 5916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5916] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5916] exit_group(0) = ? [pid 5918] <... mount resumed>) = 0 [pid 5916] +++ exited with 0 +++ [pid 5918] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5918] <... openat resumed>) = 3 [pid 5918] chdir("./file1") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5920] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5918] <... open resumed>) = 4 [pid 5840] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.448696][ T5917] loop0: detected capacity change from 0 to 4096 [ 93.458050][ T5919] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 93.480492][ T5917] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5840] newfstatat(3, "", [pid 5918] preadv2(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5918] memfd_create("syzkaller", 0) = 5 [pid 5919] <... mount resumed>) = 0 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file1") = 0 [pid 5920] <... write resumed>) = 2097152 [pid 5919] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5920] munmap(0x7f349a600000, 138412032 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5918] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5920] <... munmap resumed>) = 0 [pid 5919] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... umount2 resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] <... open resumed>) = 4 [pid 5840] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] preadv2(4, [pid 5917] <... mount resumed>) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5917] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] newfstatat(4, "", [pid 5917] <... openat resumed>) = 3 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5917] chdir("./file1" [pid 5840] getdents64(4, [pid 5917] <... chdir resumed>) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5919] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5919] memfd_create("syzkaller", 0 [pid 5917] open("./file1", O_RDONLY|O_DIRECT [pid 5840] getdents64(4, [pid 5919] <... memfd_create resumed>) = 5 [pid 5917] <... open resumed>) = 4 [pid 5840] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4 [pid 5917] preadv2(4, [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./12/file1" [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] <... rmdir resumed>) = 0 [pid 5917] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... ioctl resumed>) = 0 [pid 5918] <... write resumed>) = 2097152 [pid 5917] memfd_create("syzkaller", 0 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5917] <... memfd_create resumed>) = 5 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./12/binderfs" [pid 5920] close(3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... unlink resumed>) = 0 [pid 5920] <... close resumed>) = 0 [pid 5917] <... mmap resumed>) = 0x7f349a600000 [pid 5840] getdents64(3, [pid 5920] close(4 [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3 [pid 5920] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./12" [pid 5920] mkdir("./file1", 0777) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] mkdir("./13", 0777 [pid 5920] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... mkdir resumed>) = 0 [ 93.579921][ T5920] loop4: detected capacity change from 0 to 4096 [pid 5919] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5918] munmap(0x7f349a600000, 138412032 [pid 5840] <... ioctl resumed>) = 0 [pid 5918] <... munmap resumed>) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] close(5 [pid 5840] close(3 [pid 5918] <... close resumed>) = 0 [pid 5917] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5919] <... write resumed>) = 2097152 [pid 5918] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5919] munmap(0x7f349a600000, 138412032./strace-static-x86_64: Process 5921 attached ) = 0 [pid 5921] set_robust_list(0x55555857c660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5921 [pid 5918] <... open resumed>) = 5 [pid 5918] truncate("./file1", 16784380 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5918] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5918] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5921] chdir("./13" [pid 5918] <... mmap resumed>) = 0x200000001000 [pid 5921] <... chdir resumed>) = 0 [pid 5918] exit_group(0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] <... exit_group resumed>) = ? [pid 5921] <... prctl resumed>) = 0 [pid 5921] setpgid(0, 0 [pid 5918] +++ exited with 0 +++ [pid 5921] <... setpgid resumed>) = 0 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [ 93.624215][ T5920] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5919] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... restart_syscall resumed>) = 0 [pid 5921] <... openat resumed>) = 3 [pid 5921] write(3, "1000", 4 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] <... write resumed>) = 4 [pid 5919] close(5 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] close(3 [pid 5838] getdents64(3, [pid 5921] <... close resumed>) = 0 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5921] symlink("/dev/binderfs", "./binderfs" [pid 5838] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] <... symlink resumed>) = 0 [pid 5921] write(1, "executing program\n", 18executing program ) = 18 [pid 5921] memfd_create("syzkaller", 0 [pid 5838] <... umount2 resumed>) = 0 [pid 5921] <... memfd_create resumed>) = 3 [pid 5920] <... mount resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5920] <... openat resumed>) = 3 [pid 5920] chdir("./file1") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] open("./file1", O_RDONLY|O_DIRECT [pid 5917] <... write resumed>) = 2097152 [pid 5838] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... open resumed>) = 4 [pid 5919] <... close resumed>) = 0 [pid 5920] preadv2(4, [pid 5919] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5917] munmap(0x7f349a600000, 138412032) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5838] newfstatat(AT_FDCWD, "./13/file1", [pid 5920] memfd_create("syzkaller", 0) = 5 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5919] <... open resumed>) = 5 [pid 5838] <... openat resumed>) = 4 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5838] newfstatat(4, "", [pid 5917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5919] truncate("./file1", 16784380 [pid 5917] close(5 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5921] <... write resumed>) = 2097152 [pid 5919] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] getdents64(4, [pid 5919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5921] munmap(0x7f349a600000, 138412032 [pid 5920] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5919] <... openat resumed>) = 6 [pid 5838] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5919] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5838] close(4 [pid 5919] exit_group(0) = ? [pid 5838] <... close resumed>) = 0 [pid 5921] <... munmap resumed>) = 0 [pid 5919] +++ exited with 0 +++ [pid 5838] rmdir("./13/file1" [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5921] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] <... rmdir resumed>) = 0 [pid 5838] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] <... openat resumed>) = 4 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... close resumed>) = 0 [pid 5921] <... ioctl resumed>) = 0 [pid 5920] <... write resumed>) = 2097152 [pid 5838] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5921] close(3 [pid 5920] munmap(0x7f349a600000, 138412032 [pid 5839] <... umount2 resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5921] <... close resumed>) = 0 [pid 5838] unlink("./13/binderfs" [pid 5917] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5921] close(4 [pid 5838] <... unlink resumed>) = 0 [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] <... close resumed>) = 0 [pid 5920] <... munmap resumed>) = 0 [pid 5917] <... open resumed>) = 5 [pid 5838] getdents64(3, [pid 5917] truncate("./file1", 16784380 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5921] mkdir("./file1", 0777 [pid 5920] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3) = 0 [pid 5920] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] rmdir("./13" [pid 5921] <... mkdir resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./12/file1", [pid 5838] <... rmdir resumed>) = 0 [ 93.770279][ T5921] loop3: detected capacity change from 0 to 4096 [pid 5920] close(5 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] mkdir("./14", 0777) = 0 [pid 5917] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5917] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5921] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5917] <... mmap resumed>) = 0x200000001000 [pid 5917] exit_group(0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5917] <... exit_group resumed>) = ? [pid 5838] <... openat resumed>) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5917] +++ exited with 0 +++ [pid 5839] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./12/file1") = 0 [pid 5839] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5920] <... close resumed>) = 0 [pid 5839] unlink("./12/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./12" [pid 5920] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5839] <... rmdir resumed>) = 0 [pid 5839] mkdir("./13", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5922 ./strace-static-x86_64: Process 5922 attached [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3 [pid 5837] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] set_robust_list(0x55555857c660, 24executing program ) = 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5922] chdir("./14" [pid 5839] <... close resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] <... open resumed>) = 5 [pid 5920] truncate("./file1", 16784380 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5923 ./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x55555857c660, 24) = 0 [pid 5923] chdir("./13") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] <... openat resumed>) = 3 [pid 5920] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5922] <... chdir resumed>) = 0 [pid 5920] <... openat resumed>) = 6 [pid 5837] newfstatat(3, "", [pid 5920] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5920] exit_group(0) = ? [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5920] +++ exited with 0 +++ [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5922] <... prctl resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 5837] getdents64(3, [pid 5922] setpgid(0, 0) = 0 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] <... openat resumed>) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [ 93.810632][ T5921] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 93.825574][ T30] kauditd_printk_skb: 66 callbacks suppressed [ 93.825587][ T30] audit: type=1804 audit(1750594919.455:133): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.tq1PXa/13/file1/file1" dev="loop4" ino=30 res=1 errno=0 [pid 5922] write(1, "executing program\n", 18executing program ) = 18 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5841] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] <... umount2 resumed>) = 0 [pid 5837] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] <... openat resumed>) = 3 [pid 5837] <... openat resumed>) = 4 [pid 5837] newfstatat(4, "", [pid 5841] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(3, [pid 5837] getdents64(4, [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./12/file1") = 0 [pid 5841] <... umount2 resumed>) = 0 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./13/file1") = 0 [pid 5841] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./13/binderfs") = 0 [pid 5837] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] unlink("./12/binderfs") = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./13") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./12" [pid 5841] mkdir("./14", 0777 [pid 5837] <... rmdir resumed>) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5837] mkdir("./13", 0777) = 0 [pid 5923] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] <... mount resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5921] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5841] ioctl(3, LOOP_CLR_FD [pid 5837] <... openat resumed>) = 3 [pid 5841] <... ioctl resumed>) = 0 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5841] close(3 [pid 5837] <... ioctl resumed>) = 0 [pid 5921] chdir("./file1" [pid 5837] close(3 [pid 5921] <... chdir resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] <... write resumed>) = 2097152 [pid 5922] <... write resumed>) = 2097152 [pid 5921] open("./file1", O_RDONLY|O_DIRECT [pid 5841] <... close resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555857c650) = 5924 [pid 5922] munmap(0x7f349a600000, 138412032 [pid 5921] <... open resumed>) = 4 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5921] preadv2(4, ./strace-static-x86_64: Process 5924 attached [pid 5923] munmap(0x7f349a600000, 138412032./strace-static-x86_64: Process 5925 attached ) = 0 [pid 5921] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5925] set_robust_list(0x55555857c660, 24 [pid 5924] set_robust_list(0x55555857c660, 24 [pid 5921] memfd_create("syzkaller", 0 [pid 5925] <... set_robust_list resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5925 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5925] chdir("./14" [pid 5924] chdir("./13" [pid 5921] <... memfd_create resumed>) = 5 [pid 5925] <... chdir resumed>) = 0 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] <... chdir resumed>) = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] setpgid(0, 0) = 0 [pid 5924] <... prctl resumed>) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5925] <... openat resumed>) = 3 [pid 5924] <... openat resumed>) = 3 [pid 5921] <... mmap resumed>) = 0x7f349a600000 [pid 5925] write(3, "1000", 4) = 4 [pid 5923] <... openat resumed>) = 4 [pid 5925] close(3 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5925] <... close resumed>) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs" [pid 5922] <... munmap resumed>) = 0 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3 [pid 5925] <... symlink resumed>) = 0 [pid 5924] <... close resumed>) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 executing program executing program [pid 5925] write(1, "executing program\n", 18 [pid 5924] write(1, "executing program\n", 18 [pid 5925] <... write resumed>) = 18 [pid 5924] <... write resumed>) = 18 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5925] memfd_create("syzkaller", 0 [pid 5922] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5925] <... memfd_create resumed>) = 3 [pid 5922] <... openat resumed>) = 4 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [pid 5923] <... ioctl resumed>) = 0 [ 93.990360][ T30] audit: type=1800 audit(1750594919.625:134): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 94.017952][ T5923] loop2: detected capacity change from 0 to 4096 [pid 5923] close(3) = 0 [pid 5923] close(4) = 0 [pid 5923] mkdir("./file1", 0777) = 0 [pid 5923] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5925] <... mmap resumed>) = 0x7f349a600000 [pid 5921] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5922] <... ioctl resumed>) = 0 [pid 5922] close(3) = 0 [pid 5922] close(4) = 0 [pid 5923] <... mount resumed>) = 0 [pid 5922] mkdir("./file1", 0777 [pid 5923] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] <... mkdir resumed>) = 0 [pid 5923] chdir("./file1") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5922] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] open("./file1", O_RDONLY|O_DIRECT) = 4 [ 94.036761][ T5922] loop1: detected capacity change from 0 to 4096 [ 94.048457][ T5923] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5923] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5923] memfd_create("syzkaller", 0) = 5 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5924] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] <... write resumed>) = 2097152 [pid 5921] munmap(0x7f349a600000, 138412032) = 0 [pid 5924] <... write resumed>) = 2097152 [pid 5923] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.076724][ T30] audit: type=1800 audit(1750594919.705:135): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop2" ino=30 res=0 errno=0 [ 94.098099][ T5922] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5924] munmap(0x7f349a600000, 138412032 [pid 5925] <... write resumed>) = 2097152 [pid 5924] <... munmap resumed>) = 0 [pid 5925] munmap(0x7f349a600000, 138412032 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5923] <... write resumed>) = 2097152 [pid 5921] close(5 [pid 5925] <... munmap resumed>) = 0 [pid 5924] <... openat resumed>) = 4 [pid 5922] <... mount resumed>) = 0 [pid 5924] ioctl(4, LOOP_SET_FD, 3 [pid 5921] <... close resumed>) = 0 [pid 5923] munmap(0x7f349a600000, 138412032 [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5923] <... munmap resumed>) = 0 [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5921] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5925] <... openat resumed>) = 4 [pid 5924] <... ioctl resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 94.173825][ T5924] loop0: detected capacity change from 0 to 4096 [ 94.198323][ T5925] loop4: detected capacity change from 0 to 4096 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5925] <... ioctl resumed>) = 0 [pid 5922] <... openat resumed>) = 3 [pid 5921] <... open resumed>) = 5 [pid 5925] close(3 [pid 5924] close(3 [pid 5922] chdir("./file1" [pid 5921] truncate("./file1", 16784380 [pid 5925] <... close resumed>) = 0 [pid 5924] <... close resumed>) = 0 [pid 5922] <... chdir resumed>) = 0 [pid 5925] close(4 [pid 5924] close(4 [pid 5922] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5921] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5925] <... close resumed>) = 0 [pid 5924] <... close resumed>) = 0 [pid 5925] mkdir("./file1", 0777 [pid 5924] mkdir("./file1", 0777 [pid 5925] <... mkdir resumed>) = 0 [pid 5924] <... mkdir resumed>) = 0 [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5925] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5924] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5923] close(5 [pid 5922] open("./file1", O_RDONLY|O_DIRECT [pid 5921] <... openat resumed>) = 6 [pid 5922] <... open resumed>) = 4 [pid 5921] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5923] <... close resumed>) = 0 [pid 5923] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5922] preadv2(4, [pid 5921] <... mmap resumed>) = 0x200000001000 [pid 5923] <... open resumed>) = 5 [pid 5923] truncate("./file1", 16784380 [pid 5922] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5921] exit_group(0 [pid 5923] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5921] <... exit_group resumed>) = ? [pid 5923] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5922] memfd_create("syzkaller", 0 [pid 5923] <... openat resumed>) = 6 [pid 5923] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5922] <... memfd_create resumed>) = 5 [pid 5921] +++ exited with 0 +++ [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...> [pid 5923] exit_group(0) = ? [pid 5840] <... restart_syscall resumed>) = 0 [pid 5840] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- [ 94.205141][ T30] audit: type=1804 audit(1750594919.835:136): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.s9h7xo/13/file1/file1" dev="loop3" ino=30 res=1 errno=0 [ 94.239297][ T5924] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 94.250143][ T5925] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5922] <... mmap resumed>) = 0x7f349a600000 [pid 5839] <... restart_syscall resumed>) = 0 [pid 5839] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... umount2 resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./13/file1") = 0 [pid 5840] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] unlink("./13/binderfs") = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./13") = 0 [pid 5840] mkdir("./14", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD) = 0 [ 94.274697][ T30] audit: type=1800 audit(1750594919.865:137): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 94.298574][ T30] audit: type=1804 audit(1750594919.895:138): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.IxtiFh/13/file1/file1" dev="loop2" ino=30 res=1 errno=0 [pid 5840] close(3 [pid 5922] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] <... close resumed>) = 0 [pid 5925] <... mount resumed>) = 0 [pid 5839] newfstatat(AT_FDCWD, "./13/file1", [pid 5925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5926 attached [pid 5925] <... openat resumed>) = 3 [pid 5839] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] chdir("./file1" [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5926 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] set_robust_list(0x55555857c660, 24 [pid 5925] <... chdir resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5926] <... set_robust_list resumed>) = 0 [pid 5925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... openat resumed>) = 4 [pid 5925] open("./file1", O_RDONLY|O_DIRECT [pid 5926] chdir("./14" [pid 5839] newfstatat(4, "", [pid 5925] <... open resumed>) = 4 [pid 5926] <... chdir resumed>) = 0 [pid 5925] preadv2(4, [pid 5924] <... mount resumed>) = 0 [pid 5922] <... write resumed>) = 2097152 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5926] <... prctl resumed>) = 0 [pid 5839] close(4 [pid 5926] setpgid(0, 0 [pid 5839] <... close resumed>) = 0 [pid 5926] <... setpgid resumed>) = 0 [pid 5922] munmap(0x7f349a600000, 138412032 [pid 5839] rmdir("./13/file1" [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5922] <... munmap resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5926] <... openat resumed>) = 3 [pid 5839] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./13/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./13") = 0 [pid 5839] mkdir("./14", 0777) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5926] write(3, "1000", 4 [pid 5924] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5922] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5926] <... write resumed>) = 4 [pid 5925] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5924] <... openat resumed>) = 3 [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... close resumed>) = 0 [pid 5926] close(3 [pid 5925] memfd_create("syzkaller", 0 [pid 5924] chdir("./file1" [pid 5922] close(5 [pid 5926] <... close resumed>) = 0 [pid 5925] <... memfd_create resumed>) = 5 [pid 5924] <... chdir resumed>) = 0 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5925] <... mmap resumed>) = 0x7f349a600000 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 5927 attached [pid 5925] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 94.405829][ T30] audit: type=1800 audit(1750594920.035:139): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop4" ino=30 res=0 errno=0 [pid 5924] open("./file1", O_RDONLY|O_DIRECT [pid 5927] set_robust_list(0x55555857c660, 24 [pid 5926] symlink("/dev/binderfs", "./binderfs" [pid 5924] <... open resumed>) = 4 [pid 5922] <... close resumed>) = 0 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5927 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5924] preadv2(4, [pid 5922] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5927] chdir("./14") = 0 [pid 5924] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5926] <... symlink resumed>) = 0 [pid 5924] memfd_create("syzkaller", 0 [pid 5927] <... prctl resumed>) = 0 executing program [pid 5927] setpgid(0, 0 [pid 5926] write(1, "executing program\n", 18 [pid 5924] <... memfd_create resumed>) = 5 [pid 5927] <... setpgid resumed>) = 0 [pid 5922] <... open resumed>) = 5 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5926] <... write resumed>) = 18 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] truncate("./file1", 16784380 [pid 5927] <... openat resumed>) = 3 [pid 5926] memfd_create("syzkaller", 0 [pid 5924] <... mmap resumed>) = 0x7f349a600000 [pid 5922] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5927] write(3, "1000", 4 [pid 5922] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5927] <... write resumed>) = 4 [pid 5927] close(3 [pid 5922] <... openat resumed>) = 6 [pid 5927] <... close resumed>) = 0 [pid 5922] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5927] symlink("/dev/binderfs", "./binderfs" [pid 5922] <... mmap resumed>) = 0x200000001000 [pid 5927] <... symlink resumed>) = 0 [pid 5926] <... memfd_create resumed>) = 3 [pid 5925] <... write resumed>) = 2097152 [pid 5922] exit_group(0 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [ 94.458197][ T30] audit: type=1800 audit(1750594920.085:140): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor743" name="file1" dev="loop0" ino=30 res=0 errno=0 [pid 5922] <... exit_group resumed>) = ? [pid 5924] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] write(1, "executing program\n", 18executing program [pid 5925] munmap(0x7f349a600000, 138412032 [pid 5922] +++ exited with 0 +++ [pid 5927] <... write resumed>) = 18 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5925] <... munmap resumed>) = 0 [pid 5838] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5927] memfd_create("syzkaller", 0 [pid 5926] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5927] <... memfd_create resumed>) = 3 [pid 5925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] <... write resumed>) = 2097152 [pid 5838] <... openat resumed>) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] close(5 [pid 5924] munmap(0x7f349a600000, 138412032 [pid 5838] newfstatat(3, "", [pid 5927] <... mmap resumed>) = 0x7f349a600000 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5924] <... munmap resumed>) = 0 [pid 5926] <... write resumed>) = 2097152 [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5838] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5926] munmap(0x7f349a600000, 138412032 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... openat resumed>) = 4 [pid 5926] <... munmap resumed>) = 0 [pid 5924] close(5 [pid 5838] newfstatat(4, "", [pid 5925] <... close resumed>) = 0 [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, [pid 5927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [ 94.492396][ T30] audit: type=1804 audit(1750594920.115:141): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.SduaD7/14/file1/file1" dev="loop1" ino=30 res=1 errno=0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./14/file1") = 0 [pid 5838] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./14/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./14") = 0 [pid 5838] mkdir("./15", 0777 [pid 5924] <... close resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5924] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5927] <... write resumed>) = 2097152 [pid 5926] <... openat resumed>) = 4 [pid 5925] <... open resumed>) = 5 [pid 5924] <... open resumed>) = 5 [pid 5838] <... openat resumed>) = 3 [pid 5927] munmap(0x7f349a600000, 138412032 [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5925] truncate("./file1", 16784380 [pid 5924] truncate("./file1", 16784380 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5925] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5924] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] close(3 [pid 5925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [ 94.560065][ T30] audit: type=1804 audit(1750594920.195:142): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor743" name="/root/syzkaller.tq1PXa/14/file1/file1" dev="loop4" ino=30 res=1 errno=0 [ 94.594410][ T5926] loop3: detected capacity change from 0 to 4096 [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5925] <... openat resumed>) = 6 [pid 5927] <... munmap resumed>) = 0 [pid 5926] <... ioctl resumed>) = 0 [pid 5924] <... openat resumed>) = 6 [pid 5838] <... close resumed>) = 0 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./file1", 0777 [pid 5924] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5926] <... mkdir resumed>) = 0 [pid 5924] <... mmap resumed>) = 0x200000001000 [pid 5926] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5925] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5924] exit_group(0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5927] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5925] exit_group(0 [pid 5924] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5928 attached [pid 5927] <... openat resumed>) = 4 [pid 5925] <... exit_group resumed>) = ? [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5925] +++ exited with 0 +++ [pid 5928] set_robust_list(0x55555857c660, 24) = 0 [pid 5928] chdir("./15") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5928] <... openat resumed>) = 3 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5928 [pid 5928] write(3, "1000", 4 [pid 5926] <... mount resumed>) = 0 [pid 5928] <... write resumed>) = 4 [pid 5926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5928] close(3 [pid 5924] +++ exited with 0 +++ [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5841] <... restart_syscall resumed>) = 0 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5841] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5928] <... close resumed>) = 0 [pid 5926] <... openat resumed>) = 3 [pid 5841] <... openat resumed>) = 3 [pid 5837] <... openat resumed>) = 3 [pid 5927] <... ioctl resumed>) = 0 [pid 5841] newfstatat(3, "", [pid 5837] newfstatat(3, "", [pid 5928] symlink("/dev/binderfs", "./binderfs" [pid 5927] close(3 [pid 5926] chdir("./file1" [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5928] <... symlink resumed>) = 0 [pid 5927] <... close resumed>) = 0 [pid 5926] <... chdir resumed>) = 0 executing program [pid 5841] getdents64(3, [pid 5837] getdents64(3, [pid 5928] write(1, "executing program\n", 18 [pid 5927] close(4 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5928] <... write resumed>) = 18 [pid 5927] <... close resumed>) = 0 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5927] mkdir("./file1", 0777 [pid 5928] memfd_create("syzkaller", 0 [pid 5927] <... mkdir resumed>) = 0 [pid 5926] open("./file1", O_RDONLY|O_DIRECT [pid 5927] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5926] <... open resumed>) = 4 [pid 5926] preadv2(4, [pid 5928] <... memfd_create resumed>) = 3 [pid 5926] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5841] <... umount2 resumed>) = 0 [pid 5926] memfd_create("syzkaller", 0 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... memfd_create resumed>) = 5 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] newfstatat(AT_FDCWD, "./14/file1", [pid 5928] <... mmap resumed>) = 0x7f349a600000 [pid 5926] <... mmap resumed>) = 0x7f349a600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5841] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4) = 0 [pid 5841] rmdir("./14/file1") = 0 [ 94.610930][ T5926] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 94.624223][ T5927] loop2: detected capacity change from 0 to 4096 [pid 5841] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] unlink("./14/binderfs") = 0 [pid 5841] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3) = 0 [pid 5841] rmdir("./14") = 0 [pid 5841] mkdir("./15", 0777) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5837] <... umount2 resumed>) = 0 [pid 5837] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5841] <... close resumed>) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5837] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5927] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached [pid 5927] <... openat resumed>) = 3 [pid 5929] set_robust_list(0x55555857c660, 24 [pid 5927] chdir("./file1" [pid 5929] <... set_robust_list resumed>) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5929 [pid 5929] chdir("./15" [pid 5927] <... chdir resumed>) = 0 [pid 5929] <... chdir resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5837] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] <... prctl resumed>) = 0 [pid 5927] open("./file1", O_RDONLY|O_DIRECT [pid 5929] setpgid(0, 0) = 0 [pid 5927] <... open resumed>) = 4 [pid 5837] <... openat resumed>) = 4 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5927] preadv2(4, [pid 5929] <... openat resumed>) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [ 94.671608][ T5927] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). executing program [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5927] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5837] newfstatat(4, "", [pid 5927] memfd_create("syzkaller", 0) = 5 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./13/file1") = 0 [pid 5837] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./13/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./13") = 0 [pid 5837] mkdir("./14", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD [pid 5929] memfd_create("syzkaller", 0 [pid 5837] <... ioctl resumed>) = 0 [pid 5837] close(3 [pid 5929] <... memfd_create resumed>) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5926] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5928] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] <... close resumed>) = 0 [pid 5928] <... write resumed>) = 2097152 [pid 5929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5928] munmap(0x7f349a600000, 138412032./strace-static-x86_64: Process 5930 attached ) = 0 [pid 5926] <... write resumed>) = 2097152 [pid 5930] set_robust_list(0x55555857c660, 24) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5930] chdir("./14" [pid 5928] <... openat resumed>) = 4 [pid 5930] <... chdir resumed>) = 0 [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5930 [pid 5930] <... setpgid resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5926] munmap(0x7f349a600000, 138412032 [pid 5930] <... openat resumed>) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5926] <... munmap resumed>) = 0 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5930] <... mmap resumed>) = 0x7f349a600000 [pid 5927] <... write resumed>) = 2097152 [pid 5928] <... ioctl resumed>) = 0 [pid 5928] close(3 [pid 5927] munmap(0x7f349a600000, 138412032 [pid 5928] <... close resumed>) = 0 [pid 5926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5928] close(4 [pid 5926] close(5 [pid 5928] <... close resumed>) = 0 [pid 5928] mkdir("./file1", 0777) = 0 [ 94.821501][ T5928] loop1: detected capacity change from 0 to 4096 [pid 5928] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5929] <... write resumed>) = 2097152 [pid 5927] <... munmap resumed>) = 0 [pid 5929] munmap(0x7f349a600000, 138412032 [pid 5927] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5929] <... munmap resumed>) = 0 [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5927] close(5 [pid 5929] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3 [pid 5926] <... close resumed>) = 0 [pid 5926] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5930] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5926] <... open resumed>) = 5 [pid 5926] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5926] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5926] exit_group(0) = ? [pid 5926] +++ exited with 0 +++ [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5840] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5840] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] <... ioctl resumed>) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file1", 0777 [pid 5927] <... close resumed>) = 0 [pid 5929] <... mkdir resumed>) = 0 [pid 5929] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5927] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... umount2 resumed>) = 0 [ 94.872231][ T5928] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 94.896788][ T5929] loop4: detected capacity change from 0 to 4096 [pid 5927] <... open resumed>) = 5 [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5840] newfstatat(AT_FDCWD, "./14/file1", [pid 5927] <... openat resumed>) = 6 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5927] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5840] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", [pid 5927] exit_group(0) = ? [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, [pid 5927] +++ exited with 0 +++ [pid 5840] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5840] close(4 [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./14/file1" [pid 5930] <... write resumed>) = 2097152 [pid 5840] <... rmdir resumed>) = 0 [pid 5840] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5930] munmap(0x7f349a600000, 138412032 [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5928] <... mount resumed>) = 0 [pid 5840] unlink("./14/binderfs" [pid 5839] <... restart_syscall resumed>) = 0 [pid 5928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] <... unlink resumed>) = 0 [pid 5928] chdir("./file1" [pid 5839] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] <... chdir resumed>) = 0 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5928] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5840] getdents64(3, [pid 5839] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5928] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5928] open("./file1", O_RDONLY|O_DIRECT [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... munmap resumed>) = 0 [pid 5928] <... open resumed>) = 4 [pid 5840] close(3 [pid 5928] preadv2(4, [pid 5840] <... close resumed>) = 0 [pid 5840] rmdir("./14" [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] <... rmdir resumed>) = 0 [ 94.946681][ T5929] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5930] ioctl(4, LOOP_SET_FD, 3 [pid 5928] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5840] mkdir("./15", 0777 [pid 5928] memfd_create("syzkaller", 0) = 5 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] <... mkdir resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5839] <... umount2 resumed>) = 0 [pid 5930] <... ioctl resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5930] close(3 [pid 5840] close(3 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... close resumed>) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./file1", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 94.997870][ T5930] loop0: detected capacity change from 0 to 4096 [pid 5839] newfstatat(AT_FDCWD, "./14/file1", [pid 5928] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] <... close resumed>) = 0 [pid 5839] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5839] <... openat resumed>) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5931 attached [pid 5839] getdents64(4, [pid 5931] set_robust_list(0x55555857c660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5931 [pid 5839] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5931] <... set_robust_list resumed>) = 0 [pid 5839] getdents64(4, [pid 5931] chdir("./15" [pid 5839] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5931] <... chdir resumed>) = 0 [pid 5839] close(4 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... close resumed>) = 0 [pid 5931] <... prctl resumed>) = 0 [pid 5839] rmdir("./14/file1" [pid 5931] setpgid(0, 0) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] <... openat resumed>) = 3 [pid 5839] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5931] write(3, "1000", 4 [pid 5839] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5931] <... write resumed>) = 4 executing program [pid 5931] close(3 [pid 5839] unlink("./14/binderfs" [pid 5931] <... close resumed>) = 0 [pid 5839] <... unlink resumed>) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs" [pid 5839] getdents64(3, [pid 5931] <... symlink resumed>) = 0 [pid 5839] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5931] write(1, "executing program\n", 18 [pid 5839] close(3 [pid 5931] <... write resumed>) = 18 [pid 5931] memfd_create("syzkaller", 0 [pid 5839] <... close resumed>) = 0 [ 95.041943][ T5930] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5839] rmdir("./14" [pid 5931] <... memfd_create resumed>) = 3 [pid 5929] <... mount resumed>) = 0 [pid 5839] <... rmdir resumed>) = 0 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] mkdir("./15", 0777 [pid 5929] <... openat resumed>) = 3 [pid 5929] chdir("./file1") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] <... mkdir resumed>) = 0 [pid 5929] open("./file1", O_RDONLY|O_DIRECT [pid 5928] <... write resumed>) = 2097152 [pid 5929] <... open resumed>) = 4 [pid 5928] munmap(0x7f349a600000, 138412032 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5929] preadv2(4, [pid 5928] <... munmap resumed>) = 0 [pid 5929] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5839] <... openat resumed>) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD [pid 5929] memfd_create("syzkaller", 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5929] <... memfd_create resumed>) = 5 [pid 5839] close(3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5928] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5928] close(5 [pid 5930] <... mount resumed>) = 0 [pid 5930] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file1") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] open("./file1", O_RDONLY|O_DIRECT [pid 5928] <... close resumed>) = 0 [pid 5930] <... open resumed>) = 4 [pid 5930] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5930] memfd_create("syzkaller", 0) = 5 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5931] <... write resumed>) = 2097152 [pid 5930] <... mmap resumed>) = 0x7f349a600000 [pid 5928] <... open resumed>) = 5 [pid 5839] <... close resumed>) = 0 [pid 5931] munmap(0x7f349a600000, 138412032 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5928] truncate("./file1", 16784380./strace-static-x86_64: Process 5932 attached [pid 5931] <... munmap resumed>) = 0 [pid 5928] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5932 [pid 5932] set_robust_list(0x55555857c660, 24 [pid 5931] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] <... openat resumed>) = 4 [pid 5932] chdir("./15" [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5928] <... openat resumed>) = 6 [pid 5932] <... chdir resumed>) = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5931] <... ioctl resumed>) = 0 [pid 5930] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5928] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5932] <... prctl resumed>) = 0 [pid 5931] close(3 [pid 5929] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5928] <... mmap resumed>) = 0x200000001000 [pid 5928] exit_group(0 [pid 5932] setpgid(0, 0 [pid 5928] <... exit_group resumed>) = ? [pid 5931] <... close resumed>) = 0 [pid 5932] <... setpgid resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5931] close(4 [pid 5928] +++ exited with 0 +++ [pid 5932] <... openat resumed>) = 3 [pid 5931] <... close resumed>) = 0 [pid 5932] write(3, "1000", 4 [pid 5931] mkdir("./file1", 0777 [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...> [pid 5932] <... write resumed>) = 4 [pid 5931] <... mkdir resumed>) = 0 [pid 5838] <... restart_syscall resumed>) = 0 [pid 5838] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5932] close(3 [pid 5931] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5929] <... write resumed>) = 2097152 [pid 5838] newfstatat(3, "", [pid 5932] <... close resumed>) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs" [pid 5838] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5932] <... symlink resumed>) = 0 [ 95.199132][ T5931] loop3: detected capacity change from 0 to 4096 [pid 5838] getdents64(3, executing program [pid 5930] <... write resumed>) = 2097152 [pid 5932] write(1, "executing program\n", 18 [pid 5929] munmap(0x7f349a600000, 138412032 [pid 5838] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5932] <... write resumed>) = 18 [pid 5930] munmap(0x7f349a600000, 138412032) = 0 [pid 5929] <... munmap resumed>) = 0 [pid 5932] memfd_create("syzkaller", 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] close(5) = 0 [pid 5932] <... memfd_create resumed>) = 3 [pid 5929] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5929] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] <... umount2 resumed>) = 0 [pid 5838] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5929] close(5 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./15/file1" [pid 5929] <... close resumed>) = 0 [pid 5838] <... rmdir resumed>) = 0 [pid 5838] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./15/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [ 95.250496][ T5931] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5838] rmdir("./15" [pid 5930] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5929] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] <... rmdir resumed>) = 0 [pid 5930] truncate("./file1", 16784380 [pid 5838] mkdir("./16", 0777 [pid 5930] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] <... mkdir resumed>) = 0 [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5930] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5929] <... open resumed>) = 5 [pid 5930] exit_group(0) = ? [pid 5931] <... mount resumed>) = 0 [pid 5930] +++ exited with 0 +++ [pid 5929] truncate("./file1", 16784380 [pid 5931] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5931] <... openat resumed>) = 3 [pid 5929] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5838] <... openat resumed>) = 3 [pid 5931] chdir("./file1" [pid 5929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5931] <... chdir resumed>) = 0 [pid 5838] ioctl(3, LOOP_CLR_FD [pid 5931] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5929] <... openat resumed>) = 6 [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3 [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5838] <... close resumed>) = 0 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5931] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5929] <... mmap resumed>) = 0x200000001000 [pid 5931] preadv2(4, [pid 5837] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5929] exit_group(0 [pid 5837] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5931] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5929] <... exit_group resumed>) = ? [pid 5837] <... openat resumed>) = 3 [pid 5931] memfd_create("syzkaller", 0 [pid 5837] newfstatat(3, "", [pid 5931] <... memfd_create resumed>) = 5 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5931] <... mmap resumed>) = 0x7f349a600000 [pid 5837] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] +++ exited with 0 +++ [pid 5837] <... umount2 resumed>) = 0 [pid 5841] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5837] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5841] restart_syscall(<... resuming interrupted clone ...> [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] <... restart_syscall resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5841] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(4, "", [pid 5841] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5841] newfstatat(3, "", [pid 5837] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5837] close(4) = 0 [pid 5837] rmdir("./14/file1") = 0 [pid 5837] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./14/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5837] close(3) = 0 [pid 5837] rmdir("./14") = 0 [pid 5837] mkdir("./15", 0777) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5837] close(3 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] <... close resumed>) = 0 [pid 5841] getdents64(3, [pid 5932] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./15/file1", [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5931] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5933 ./strace-static-x86_64: Process 5933 attached [pid 5933] set_robust_list(0x55555857c660, 24) = 0 [pid 5933] chdir("./16") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 5934 attached [pid 5933] memfd_create("syzkaller", 0 [pid 5934] set_robust_list(0x55555857c660, 24 [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5934 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] chdir("./15" [pid 5841] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... chdir resumed>) = 0 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5934] <... prctl resumed>) = 0 [pid 5934] setpgid(0, 0 [pid 5933] <... memfd_create resumed>) = 3 [pid 5841] <... openat resumed>) = 4 [pid 5934] <... setpgid resumed>) = 0 [pid 5841] newfstatat(4, "", [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5934] <... openat resumed>) = 3 [pid 5933] <... mmap resumed>) = 0x7f349a600000 [pid 5841] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5934] write(3, "1000", 4 [pid 5932] <... write resumed>) = 2097152 [pid 5931] <... write resumed>) = 2097152 [pid 5841] getdents64(4, [pid 5934] <... write resumed>) = 4 [pid 5841] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5934] close(3 [pid 5841] getdents64(4, [pid 5934] <... close resumed>) = 0 [pid 5932] munmap(0x7f349a600000, 138412032 [pid 5841] <... getdents64 resumed>0x555558585730 /* 0 entries */, 32768) = 0 [pid 5841] close(4 [pid 5934] symlink("/dev/binderfs", "./binderfs" [pid 5932] <... munmap resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5934] <... symlink resumed>) = 0 [pid 5841] rmdir("./15/file1"executing program [pid 5934] write(1, "executing program\n", 18 [pid 5931] munmap(0x7f349a600000, 138412032 [pid 5932] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... rmdir resumed>) = 0 [pid 5934] <... write resumed>) = 18 [pid 5932] <... openat resumed>) = 4 [pid 5934] memfd_create("syzkaller", 0 [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5934] <... memfd_create resumed>) = 3 [pid 5932] <... ioctl resumed>) = 0 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... mmap resumed>) = 0x7f349a600000 [pid 5841] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5841] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5932] close(3 [pid 5931] <... munmap resumed>) = 0 [pid 5841] unlink("./15/binderfs") = 0 [pid 5932] <... close resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] getdents64(3, [pid 5932] close(4 [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] <... getdents64 resumed>0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5841] close(3 [pid 5932] <... close resumed>) = 0 [pid 5841] <... close resumed>) = 0 [pid 5932] mkdir("./file1", 0777) = 0 [pid 5932] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5931] close(5 [pid 5841] rmdir("./15") = 0 [pid 5841] mkdir("./16", 0777 [pid 5933] <... write resumed>) = 2097152 [pid 5841] <... mkdir resumed>) = 0 [pid 5934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5841] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5841] ioctl(3, LOOP_CLR_FD) = 0 [pid 5841] close(3 [pid 5933] munmap(0x7f349a600000, 138412032) = 0 [pid 5931] <... close resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 95.418687][ T5932] loop2: detected capacity change from 0 to 4096 [ 95.455854][ T5932] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5934] <... write resumed>) = 2097152 [pid 5931] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5934] munmap(0x7f349a600000, 138412032) = 0 [pid 5933] <... ioctl resumed>) = 0 [pid 5931] <... open resumed>) = 5 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] truncate("./file1", 16784380 [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5931] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5841] <... close resumed>) = 0 [pid 5931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5841] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5933] close(3 [pid 5931] <... openat resumed>) = 6 [pid 5933] <... close resumed>) = 0 [pid 5931] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x55555857c660, 24 [pid 5933] close(4 [pid 5931] <... mmap resumed>) = 0x200000001000 [pid 5841] <... clone resumed>, child_tidptr=0x55555857c650) = 5935 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5935] chdir("./16" [pid 5933] <... close resumed>) = 0 [pid 5931] exit_group(0 [pid 5935] <... chdir resumed>) = 0 [pid 5931] <... exit_group resumed>) = ? [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] mkdir("./file1", 0777 [pid 5935] setpgid(0, 0 [pid 5933] <... mkdir resumed>) = 0 [pid 5935] <... setpgid resumed>) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5933] mount("/dev/loop1", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5935] <... openat resumed>) = 3 [pid 5931] +++ exited with 0 +++ [pid 5935] write(3, "1000", 4 [pid 5840] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5932] <... mount resumed>) = 0 [pid 5932] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file1") = 0 [pid 5935] <... write resumed>) = 4 [pid 5932] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5935] close(3) = 0 [pid 5932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5932] open("./file1", O_RDONLY|O_DIRECT [pid 5935] symlink("/dev/binderfs", "./binderfs" [pid 5932] <... open resumed>) = 4 [pid 5840] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5935] <... symlink resumed>) = 0 [pid 5932] preadv2(4, [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] write(1, "executing program\n", 18 [pid 5934] <... ioctl resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] <... write resumed>) = 18 [pid 5934] close(3 [pid 5935] memfd_create("syzkaller", 0 [pid 5932] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5934] <... close resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5934] close(4 [pid 5840] newfstatat(3, "", [pid 5934] <... close resumed>) = 0 [pid 5935] <... memfd_create resumed>) = 3 [pid 5934] mkdir("./file1", 0777 [pid 5932] memfd_create("syzkaller", 0 [pid 5840] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5934] <... mkdir resumed>) = 0 [pid 5932] <... memfd_create resumed>) = 5 [pid 5840] getdents64(3, [pid 5935] <... mmap resumed>) = 0x7f349a600000 [pid 5934] mount("/dev/loop0", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5840] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [ 95.494732][ T5933] loop1: detected capacity change from 0 to 4096 [ 95.517056][ T5934] loop0: detected capacity change from 0 to 4096 [ 95.530875][ T5933] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5840] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5840] close(4) = 0 [pid 5840] rmdir("./15/file1" [pid 5933] <... mount resumed>) = 0 [pid 5840] <... rmdir resumed>) = 0 [pid 5933] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5840] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] <... openat resumed>) = 3 [pid 5933] chdir("./file1") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] open("./file1", O_RDONLY|O_DIRECT [pid 5935] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5933] <... open resumed>) = 4 [pid 5840] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5840] newfstatat(AT_FDCWD, "./15/binderfs", [ 95.562812][ T5934] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [pid 5933] preadv2(4, [pid 5840] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] <... mount resumed>) = 0 [pid 5840] unlink("./15/binderfs" [pid 5934] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./file1") = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] open("./file1", O_RDONLY|O_DIRECT [pid 5840] <... unlink resumed>) = 0 [pid 5934] <... open resumed>) = 4 [pid 5933] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5932] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5934] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5933] memfd_create("syzkaller", 0 [pid 5934] memfd_create("syzkaller", 0 [pid 5933] <... memfd_create resumed>) = 5 [pid 5934] <... memfd_create resumed>) = 5 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5840] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [pid 5840] rmdir("./15") = 0 [pid 5935] <... write resumed>) = 2097152 [pid 5935] munmap(0x7f349a600000, 138412032 [pid 5932] <... write resumed>) = 2097152 [pid 5840] mkdir("./16", 0777) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5935] <... munmap resumed>) = 0 [pid 5934] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5933] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5932] munmap(0x7f349a600000, 138412032 [pid 5840] <... openat resumed>) = 3 [pid 5840] ioctl(3, LOOP_CLR_FD [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5932] <... munmap resumed>) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] close(3 [pid 5935] <... ioctl resumed>) = 0 [pid 5935] close(3) = 0 [pid 5935] close(4) = 0 [pid 5935] mkdir("./file1", 0777) = 0 [pid 5933] <... write resumed>) = 2097152 [pid 5932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... close resumed>) = 0 [pid 5932] close(5 [pid 5935] mount("/dev/loop4", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5932] <... close resumed>) = 0 [pid 5933] munmap(0x7f349a600000, 138412032 [ 95.678828][ T5935] loop4: detected capacity change from 0 to 4096 [pid 5840] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached [pid 5933] <... munmap resumed>) = 0 [pid 5932] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5840] <... clone resumed>, child_tidptr=0x55555857c650) = 5936 [pid 5936] set_robust_list(0x55555857c660, 24) = 0 [pid 5936] chdir("./16" [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5932] <... open resumed>) = 5 [pid 5936] <... chdir resumed>) = 0 [pid 5933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5933] close(5 [pid 5936] <... prctl resumed>) = 0 [pid 5934] <... write resumed>) = 2097152 [pid 5932] truncate("./file1", 16784380 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5934] munmap(0x7f349a600000, 138412032 [pid 5932] <... truncate resumed>) = -1 EFBIG (File too large) executing program [pid 5936] <... openat resumed>) = 3 [pid 5932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5936] write(3, "1000", 4) = 4 [pid 5932] <... openat resumed>) = 6 [pid 5936] close(3 [pid 5932] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5936] <... close resumed>) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] <... mmap resumed>) = 0x200000001000 [pid 5936] write(1, "executing program\n", 18) = 18 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5934] <... munmap resumed>) = 0 [pid 5933] <... close resumed>) = 0 [pid 5932] exit_group(0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5932] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5839] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [ 95.720056][ T5935] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [pid 5839] restart_syscall(<... resuming interrupted clone ...> [pid 5934] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5839] <... restart_syscall resumed>) = 0 [pid 5934] close(5 [pid 5839] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006) = 5 [pid 5933] truncate("./file1", 16784380) = -1 EFBIG (File too large) [pid 5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5933] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5933] exit_group(0) = ? [pid 5933] +++ exited with 0 +++ [pid 5838] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5838] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5838] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5838] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... close resumed>) = 0 [pid 5839] <... umount2 resumed>) = 0 [pid 5936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5934] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5838] <... umount2 resumed>) = 0 [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5839] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5839] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5839] close(4) = 0 [pid 5839] rmdir("./15/file1") = 0 [pid 5839] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] unlink("./15/binderfs") = 0 [pid 5839] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5839] close(3) = 0 [pid 5839] rmdir("./15") = 0 [pid 5838] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] mkdir("./16", 0777) = 0 [pid 5838] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5839] ioctl(3, LOOP_CLR_FD) = 0 [pid 5839] close(3 [pid 5838] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5838] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(4, 0x555558585730 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [pid 5838] close(4) = 0 [pid 5838] rmdir("./16/file1") = 0 [pid 5838] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5838] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] unlink("./16/binderfs") = 0 [pid 5838] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [pid 5838] rmdir("./16") = 0 [pid 5838] mkdir("./17", 0777) = 0 [pid 5934] <... open resumed>) = 5 [pid 5934] truncate("./file1", 16784380 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5838] ioctl(3, LOOP_CLR_FD) = 0 [pid 5838] close(3 [pid 5934] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 6 [pid 5934] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0) = 0x200000001000 [pid 5934] exit_group(0) = ? [pid 5934] +++ exited with 0 +++ [pid 5935] <... mount resumed>) = 0 [pid 5935] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5839] <... close resumed>) = 0 [pid 5837] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5935] <... openat resumed>) = 3 [pid 5837] restart_syscall(<... resuming interrupted clone ...> [pid 5935] chdir("./file1") = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5935] open("./file1", O_RDONLY|O_DIRECT) = 4 [pid 5839] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5935] preadv2(4, [{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5837] <... restart_syscall resumed>) = 0 [pid 5935] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5937 attached ) = 5 [pid 5837] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] <... mmap resumed>) = 0x7f349a600000 [pid 5837] <... openat resumed>) = 3 [pid 5837] newfstatat(3, "", [pid 5937] set_robust_list(0x55555857c660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55555857c650) = 5937 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5837] getdents64(3, [pid 5937] chdir("./16" [pid 5837] <... getdents64 resumed>0x55555857d6f0 /* 4 entries */, 32768) = 112 [pid 5937] <... chdir resumed>) = 0 [pid 5837] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] <... write resumed>) = 2097152 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5936] munmap(0x7f349a600000, 138412032 [pid 5937] <... prctl resumed>) = 0 [pid 5936] <... munmap resumed>) = 0 [pid 5837] <... umount2 resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5937] setpgid(0, 0 [pid 5936] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5837] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] <... setpgid resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5936] <... openat resumed>) = 4 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] <... openat resumed>) = 3 [pid 5837] newfstatat(AT_FDCWD, "./15/file1", [pid 5937] write(3, "1000", 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x55555857c660, 24 [pid 5838] <... clone resumed>, child_tidptr=0x55555857c650) = 5938 [pid 5938] <... set_robust_list resumed>) = 0 [pid 5937] <... write resumed>) = 4 [pid 5936] <... ioctl resumed>) = 0 [pid 5837] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] close(3 [pid 5936] close(3 [pid 5837] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] <... close resumed>) = 0 [pid 5936] <... close resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5937] symlink("/dev/binderfs", "./binderfs" [pid 5936] close(4executing program [pid 5938] chdir("./17" [pid 5937] <... symlink resumed>) = 0 [pid 5936] <... close resumed>) = 0 [pid 5837] <... openat resumed>) = 4 [pid 5937] write(1, "executing program\n", 18 [pid 5936] mkdir("./file1", 0777 [pid 5837] newfstatat(4, "", [pid 5937] <... write resumed>) = 18 [pid 5938] <... chdir resumed>) = 0 [pid 5937] memfd_create("syzkaller", 0 [pid 5936] <... mkdir resumed>) = 0 [pid 5837] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5937] <... memfd_create resumed>) = 3 [pid 5938] <... prctl resumed>) = 0 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5936] mount("/dev/loop3", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5837] getdents64(4, [pid 5938] setpgid(0, 0 [pid 5937] <... mmap resumed>) = 0x7f349a600000 [pid 5938] <... setpgid resumed>) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] <... getdents64 resumed>0x555558585730 /* 2 entries */, 32768) = 48 [pid 5938] <... openat resumed>) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5938] write(1, "executing program\n", 18) = 18 [pid 5938] memfd_create("syzkaller", 0 [pid 5837] getdents64(4, 0x555558585730 /* 0 entries */, 32768) = 0 [ 95.916644][ T5936] loop3: detected capacity change from 0 to 4096 [pid 5938] <... memfd_create resumed>) = 3 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] close(4 [pid 5938] <... mmap resumed>) = 0x7f349a600000 [pid 5937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5837] <... close resumed>) = 0 [pid 5837] rmdir("./15/file1") = 0 [pid 5837] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5837] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5837] unlink("./15/binderfs") = 0 [pid 5837] getdents64(3, 0x55555857d6f0 /* 0 entries */, 32768) = 0 [ 95.957310][ T5936] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [pid 5837] close(3) = 0 [pid 5837] rmdir("./15") = 0 [pid 5935] <... write resumed>) = 2097152 [pid 5837] mkdir("./16", 0777 [pid 5938] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x04\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x07\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x00\x00\xf4\x00\x00\x00\x5c\xdb\x3c\x27\x8b\x67\x89\x70\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5937] <... write resumed>) = 2097152 [pid 5937] munmap(0x7f349a600000, 138412032 [pid 5935] munmap(0x7f349a600000, 138412032 [pid 5837] <... mkdir resumed>) = 0 [pid 5937] <... munmap resumed>) = 0 [pid 5935] <... munmap resumed>) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [pid 5837] close(3 [pid 5937] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5935] close(5 [pid 5837] <... close resumed>) = 0 [pid 5935] <... close resumed>) = 0 [pid 5938] <... write resumed>) = 2097152 [pid 5937] <... ioctl resumed>) = 0 [pid 5837] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file1", 0777./strace-static-x86_64: Process 5939 attached ) = 0 [pid 5939] set_robust_list(0x55555857c660, 24) = 0 [pid 5939] chdir("./16" [pid 5837] <... clone resumed>, child_tidptr=0x55555857c650) = 5939 [ 96.056588][ T5937] loop2: detected capacity change from 0 to 4096 [pid 5937] mount("/dev/loop2", "./file1", "ntfs3", MS_NOSUID|MS_DIRSYNC, "hide_dot_files,fmask=00000000000000000002007,showmeta," [pid 5939] <... chdir resumed>) = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] munmap(0x7f349a600000, 138412032 [pid 5936] <... mount resumed>) = 0 [pid 5935] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 006 [pid 5939] setpgid(0, 0 [pid 5938] <... munmap resumed>) = 0 [pid 5936] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5939] <... setpgid resumed>) = 0 [pid 5936] <... openat resumed>) = 3 [pid 5936] chdir("./file1") = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5936] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5939] <... openat resumed>) = 3 [pid 5936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] open("./file1", O_RDONLY|O_DIRECT [pid 5938] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5939] write(3, "1000", 4 [pid 5935] <... open resumed>) = 5 [pid 5939] <... write resumed>) = 4 [pid 5936] <... open resumed>) = 4 [pid 5935] truncate("./file1", 16784380 [pid 5939] close(3 [pid 5936] preadv2(4, [pid 5939] <... close resumed>) = 0 [pid 5935] <... truncate resumed>) = -1 EFBIG (File too large) [pid 5939] symlink("/dev/binderfs", "./binderfs" [pid 5936] <... preadv2 resumed>[{iov_base="syzkallers", iov_len=4096}, {iov_base=NULL, iov_len=0}], 2, 0, 0) = 10 [pid 5935] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000 [pid 5939] <... symlink resumed>) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] <... openat resumed>) = 6 [pid 5936] <... memfd_create resumed>) = 5 [pid 5935] mmap(0x200000001000, 4096, PROT_WRITE|PROT_EXEC|PROT_SEM, MAP_SHARED|MAP_FIXED, 6, 0 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f349a600000 [pid 5939] write(1, "executing program\n", 18 [pid 5935] <... mmap resumed>) = 0x200000001000 executing program