./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2879135404 <...> Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. execve("./syz-executor2879135404", ["./syz-executor2879135404"], 0x7ffd0040a3d0 /* 10 vars */) = 0 brk(NULL) = 0x555555793000 brk(0x555555793c40) = 0x555555793c40 arch_prctl(ARCH_SET_FS, 0x555555793300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555557935d0) = 5062 set_robust_list(0x5555557935e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f394b06f600, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f394b06fcd0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f394b06f6a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f394b06fcd0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2879135404", 4096) = 28 brk(0x5555557b4c40) = 0x5555557b4c40 brk(0x5555557b5000) = 0x5555557b5000 mprotect(0x7f394b150000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5062 mkdir("./syzkaller.JdujoX", 0700) = 0 chmod("./syzkaller.JdujoX", 0777) = 0 chdir("./syzkaller.JdujoX") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555557935e0, 24) = 0 [pid 5063] chdir("./0") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5063] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5065], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5065 [pid 5063] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5065] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 syzkaller login: [ 42.384881][ T5065] loop0: detected capacity change from 0 to 4096 [ 42.393302][ T5065] ======================================================= [ 42.393302][ T5065] WARNING: The mand mount option has been deprecated and [ 42.393302][ T5065] and is ignored by this kernel. Remove the mand [ 42.393302][ T5065] option from the mount to silence this warning. [ 42.393302][ T5065] ======================================================= [pid 5065] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5063] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5066], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5066 [pid 5063] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] mkdir("./bus", 0777) = 0 [pid 5065] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5063] <... futex resumed>) = ? [pid 5065] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5066 attached [pid 5066] +++ killed by SIGSEGV +++ [pid 5063] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5063, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x5555557935e0, 24) = 0 [pid 5067] chdir("./1") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0 [pid 5062] <... clone resumed>, child_tidptr=0x5555557935d0) = 5067 [pid 5067] <... setpgid resumed>) = 0 [ 42.429653][ T5065] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.449625][ T5065] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5067] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5068 [pid 5067] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5068] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [pid 5068] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5067] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5069 [pid 5067] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] mkdir("./bus", 0777) = 0 [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5067] <... futex resumed>) = ? [pid 5068] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5069 attached [pid 5069] +++ killed by SIGSEGV +++ [pid 5067] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5067, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 [ 42.529808][ T5068] loop0: detected capacity change from 0 to 4096 [ 42.539817][ T5068] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.559846][ T5068] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x5555557935e0, 24) = 0 [pid 5070] chdir("./2") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5070] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5071 [pid 5070] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5071] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5070] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5072 [pid 5070] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] mkdir("./bus", 0777./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5072] chdir("./bus" [pid 5071] <... mkdir resumed>) = 0 [pid 5071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5070] <... futex resumed>) = ? [pid 5071] +++ killed by SIGSEGV +++ [pid 5072] <... chdir resumed>) = ? [pid 5072] +++ killed by SIGSEGV +++ [pid 5070] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5070, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x5555557935e0, 24) = 0 [pid 5073] chdir("./3") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5073] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5074], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5074 [pid 5073] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5074 attached [ 42.644519][ T5071] loop0: detected capacity change from 0 to 4096 [ 42.653626][ T5071] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.671672][ T5071] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5074] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5074] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 0777) = 0 [pid 5074] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5073] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5075 [pid 5073] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... futex resumed>) = 0 [pid 5074] mkdir("./bus", 0777) = 0 [pid 5074] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5073] <... futex resumed>) = ? [pid 5074] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5075 attached [pid 5075] +++ killed by SIGSEGV +++ [pid 5073] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5073, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x5555557935e0, 24) = 0 [pid 5076] chdir("./4" [pid 5062] <... clone resumed>, child_tidptr=0x5555557935d0) = 5076 [pid 5076] <... chdir resumed>) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [ 42.748889][ T5074] loop0: detected capacity change from 0 to 4096 [ 42.758205][ T5074] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.777266][ T5074] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5076] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5077], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5077 [pid 5076] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5077] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file0", 0777) = 0 [pid 5077] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file0") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5076] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5078 [pid 5076] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... futex resumed>) = 1 [pid 5077] mkdir("./bus", 0777) = 0 [pid 5077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5076] <... futex resumed>) = ? [pid 5077] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5078 attached [pid 5078] +++ killed by SIGSEGV +++ [pid 5076] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5076, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 42.855731][ T5077] loop0: detected capacity change from 0 to 4096 [ 42.864784][ T5077] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.882988][ T5077] ntfs3: loop0: Mark volume as dirty due to NTFS errors ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x5555557935e0, 24) = 0 [pid 5079] chdir("./5") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5079] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5080 attached , parent_tid=[5080], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5080 [pid 5079] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5080] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5080] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [pid 5080] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5079] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5081] futex(0x7f394b156798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... clone resumed>, parent_tid=[5081], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5081 [pid 5079] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5079] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus" [pid 5080] mkdir("./bus", 0777 [pid 5081] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5081] chdir("./bus" [pid 5080] <... mkdir resumed>) = 0 [pid 5081] <... chdir resumed>) = 0 [pid 5080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5081] ???( [pid 5079] <... futex resumed>) = ? [pid 5081] <... ??? resumed>) = ? [pid 5081] +++ killed by SIGSEGV +++ [pid 5080] +++ killed by SIGSEGV +++ [pid 5079] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5079, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 [ 42.977755][ T5080] loop0: detected capacity change from 0 to 4096 [ 42.986134][ T5080] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.005607][ T5080] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x5555557935e0, 24) = 0 [pid 5082] chdir("./6") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5082] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5082] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] set_robust_list(0x7f394b05e9e0, 24 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5083] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5083] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [ 43.102916][ T5083] loop0: detected capacity change from 0 to 4096 [ 43.111466][ T5083] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5083] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5082] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5084], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5084 [pid 5082] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] mkdir("./bus", 0777) = 0 [pid 5083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5082] <... futex resumed>) = ? [pid 5083] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5084 attached [pid 5084] +++ killed by SIGSEGV +++ [pid 5082] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5082, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x5555557935e0, 24) = 0 [pid 5085] chdir("./7") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5085] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5086], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5086 [pid 5085] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 43.130816][ T5083] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5086] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5086] mkdir("./bus", 0777 [pid 5085] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5085] <... mmap resumed>) = 0x7f3942e1d000 [pid 5086] +++ killed by SIGSEGV +++ [pid 5085] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5085, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x5555557935e0, 24) = 0 [pid 5087] chdir("./8") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5087] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5088] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... clone resumed>, parent_tid=[5088], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5088 [pid 5087] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [ 43.226767][ T5086] loop0: detected capacity change from 0 to 4096 [ 43.235195][ T5086] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.253559][ T5086] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5087] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5088] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file0", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file0") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5087] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5089 [pid 5087] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 0 [pid 5088] mkdir("./bus", 0777./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x7f3942e3d9e0, 24 [pid 5088] <... mkdir resumed>) = 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5087] <... futex resumed>) = ? [pid 5089] +++ killed by SIGSEGV +++ [pid 5088] +++ killed by SIGSEGV +++ [pid 5087] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5087, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 43.328914][ T5088] loop0: detected capacity change from 0 to 4096 [ 43.338436][ T5088] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.356767][ T5088] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x5555557935e0, 24) = 0 [pid 5090] chdir("./9") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5090] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5091 [pid 5090] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5091] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5091] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5090] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5092 [pid 5090] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] mkdir("./bus", 0777) = 0 [pid 5091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5090] <... futex resumed>) = ? [pid 5091] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5092 attached [pid 5092] +++ killed by SIGSEGV +++ [pid 5090] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5090, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x5555557935e0, 24) = 0 [pid 5093] chdir("./10") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5093] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5094 [pid 5093] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 43.433984][ T5091] loop0: detected capacity change from 0 to 4096 [ 43.442828][ T5091] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.458297][ T5091] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file0") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5093] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5095], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5095 [pid 5093] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] mkdir("./bus", 0777) = 0 [pid 5094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5093] <... futex resumed>) = ? [pid 5094] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5095 attached [pid 5095] +++ killed by SIGSEGV +++ [pid 5093] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5093, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x5555557935e0, 24) = 0 [pid 5096] chdir("./11") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5096] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5097 [pid 5096] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 43.521750][ T5094] loop0: detected capacity change from 0 to 4096 [ 43.529921][ T5094] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.544798][ T5094] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5097] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [pid 5097] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file0") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5096] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5098 [pid 5096] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7f3942e3d9e0, 24 [pid 5097] mkdir("./bus", 0777 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus") = 0 [pid 5098] chdir("./bus" [pid 5097] <... mkdir resumed>) = 0 [pid 5098] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5098] chdir("./bus" [pid 5097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5096] <... futex resumed>) = ? [pid 5098] <... chdir resumed>) = ? [pid 5098] +++ killed by SIGSEGV +++ [pid 5097] +++ killed by SIGSEGV +++ [pid 5096] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5096, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 [ 43.605834][ T5097] loop0: detected capacity change from 0 to 4096 [ 43.615135][ T5097] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.633612][ T5097] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x5555557935e0, 24) = 0 [pid 5099] chdir("./12") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5099] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5099] <... clone resumed>, parent_tid=[5100], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5100 [pid 5100] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5099] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5100] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... mmap resumed>) = 0x7f3942e1d000 [pid 5099] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5100] mkdir("./bus", 0777 [pid 5099] <... clone resumed>, parent_tid=[5101], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5101 [pid 5099] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7f3942e3d9e0, 24 [pid 5100] <... mkdir resumed>) = 0 [pid 5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5099] <... futex resumed>) = ? [pid 5100] +++ killed by SIGSEGV +++ [pid 5101] <... set_robust_list resumed>) = ? [pid 5101] +++ killed by SIGSEGV +++ [pid 5099] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5099, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x5555557935e0, 24) = 0 [pid 5102] chdir("./13") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5102] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5103 [pid 5102] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [ 43.722153][ T5100] loop0: detected capacity change from 0 to 4096 [ 43.730290][ T5100] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.748775][ T5100] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5103] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5103] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file0", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file0") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5102] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5104], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5104 [pid 5102] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] mkdir("./bus", 0777./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5104] chdir("./bus" [pid 5103] <... mkdir resumed>) = 0 [pid 5104] <... chdir resumed>) = 0 [pid 5104] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5104] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5104] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5104] chdir("./bus" [pid 5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5102] <... futex resumed>) = ? [pid 5104] <... chdir resumed>) = ? [pid 5103] +++ killed by SIGSEGV +++ [pid 5104] +++ killed by SIGSEGV +++ [pid 5102] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5102, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 [ 43.829095][ T5103] loop0: detected capacity change from 0 to 4096 [ 43.838030][ T5103] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.856964][ T5103] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x5555557935e0, 24) = 0 [pid 5105] chdir("./14") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5105] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5106 [pid 5105] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5106] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5105] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5107], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5107 [pid 5105] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 0 [pid 5106] mkdir("./bus", 0777) = 0 [pid 5106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5105] <... futex resumed>) = ? [pid 5106] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5107 attached [pid 5107] +++ killed by SIGSEGV +++ [pid 5105] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5105, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x5555557935e0, 24) = 0 [pid 5108] chdir("./15") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5108] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 43.942029][ T5106] loop0: detected capacity change from 0 to 4096 [ 43.950849][ T5106] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 43.970154][ T5106] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5108] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5109 [pid 5108] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5109] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5109] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file0", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file0") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5108] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... mprotect resumed>) = 0 [pid 5108] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5110], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5110 [pid 5108] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] mkdir("./bus", 0777./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5109] <... mkdir resumed>) = 0 [pid 5109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5108] <... futex resumed>) = ? [pid 5109] +++ killed by SIGSEGV +++ [pid 5110] +++ killed by SIGSEGV +++ [pid 5108] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5108, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x5555557935e0, 24) = 0 [pid 5111] chdir("./16") = 0 [ 44.045027][ T5109] loop0: detected capacity change from 0 to 4096 [ 44.053836][ T5109] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.072058][ T5109] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5111] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5112 attached , parent_tid=[5112], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5112 [pid 5112] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5112] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5112] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file0", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file0") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5112] mkdir("./bus", 0777 [pid 5111] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... mkdir resumed>) = 0 [pid 5111] <... futex resumed>) = 0 [pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5112] +++ killed by SIGSEGV +++ [pid 5111] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5111, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x5555557935e0, 24) = 0 [pid 5113] chdir("./17") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5113] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5114 [pid 5113] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.156484][ T5112] loop0: detected capacity change from 0 to 4096 [ 44.165180][ T5112] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.185006][ T5112] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5113] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5113] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5115 [pid 5113] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] mkdir("./bus", 0777./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5115] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f394b156798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... mkdir resumed>) = 0 [pid 5114] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5115] <... futex resumed>) = ? [pid 5115] +++ killed by SIGSEGV +++ [pid 5114] +++ killed by SIGSEGV +++ [pid 5113] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5113, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 44.260170][ T5114] loop0: detected capacity change from 0 to 4096 [ 44.269057][ T5114] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.288159][ T5114] ntfs3: loop0: Mark volume as dirty due to NTFS errors lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x5555557935e0, 24) = 0 [pid 5116] chdir("./18" [pid 5062] <... clone resumed>, child_tidptr=0x5555557935d0) = 5116 [pid 5116] <... chdir resumed>) = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5116] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5117], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5117 [pid 5116] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5117 attached ) = 0 [pid 5116] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5117] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file0", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file0") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5116] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5117] <... futex resumed>) = 0 [pid 5116] <... mprotect resumed>) = 0 [pid 5117] mkdir("./bus", 0777 [pid 5116] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5118 [pid 5116] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus" [pid 5117] <... mkdir resumed>) = 0 [pid 5118] <... chdir resumed>) = 0 [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5118] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5117] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5118] chdir("./bus" [pid 5116] <... futex resumed>) = ? [pid 5118] <... chdir resumed>) = ? [pid 5118] +++ killed by SIGSEGV +++ [pid 5117] +++ killed by SIGSEGV +++ [pid 5116] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5116, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 44.390438][ T5117] loop0: detected capacity change from 0 to 4096 [ 44.399214][ T5117] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.418618][ T5117] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555557935e0, 24) = 0 [pid 5119] chdir("./19") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5119] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached , parent_tid=[5120], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5120 [pid 5119] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5120] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5119] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5121 [pid 5119] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] mkdir("./bus", 0777) = 0 [pid 5120] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5119] <... futex resumed>) = ? [pid 5120] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5121 attached [pid 5121] +++ killed by SIGSEGV +++ [pid 5119] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5119, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 44.512106][ T5120] loop0: detected capacity change from 0 to 4096 [ 44.521835][ T5120] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.540405][ T5120] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555557935e0, 24) = 0 [pid 5122] chdir("./20") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5122] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5123 [pid 5123] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5123] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5122] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5123] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5122] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5124], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5124 [pid 5122] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 0 [pid 5123] mkdir("./bus", 0777) = 0 [pid 5123] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5122] <... futex resumed>) = ? [pid 5123] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5124 attached [pid 5124] +++ killed by SIGSEGV +++ [pid 5122] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5122, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x5555557935e0, 24) = 0 [pid 5125] chdir("./21") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5125] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5125] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 44.632491][ T5123] loop0: detected capacity change from 0 to 4096 [ 44.640948][ T5123] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.659772][ T5123] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5126] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5125] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5127], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5127 [pid 5125] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5127 attached [pid 5126] mkdir("./bus", 0777 [pid 5127] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5126] <... mkdir resumed>) = 0 [pid 5127] chdir("./bus" [pid 5126] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5127] <... chdir resumed>) = 0 [pid 5127] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5127] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5125] <... futex resumed>) = ? [pid 5127] +++ killed by SIGSEGV +++ [pid 5126] +++ killed by SIGSEGV +++ [pid 5125] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5125, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 44.729776][ T5126] loop0: detected capacity change from 0 to 4096 [ 44.738541][ T5126] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.758438][ T5126] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x5555557935e0, 24) = 0 [pid 5128] chdir("./22") = 0 [pid 5062] <... clone resumed>, child_tidptr=0x5555557935d0) = 5128 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5128] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5129], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5129 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5129] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5129] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file0") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] mkdir("./bus", 0777 [pid 5128] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5128] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5129] <... mkdir resumed>) = 0 [pid 5128] <... mprotect resumed>) = 0 [pid 5128] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5129] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5128] <... clone resumed> ) = ? [pid 5129] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5130 attached [pid 5130] +++ killed by SIGSEGV +++ [pid 5128] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5128, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x5555557935e0, 24) = 0 [pid 5131] chdir("./23") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5131] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5132 [pid 5131] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 44.844785][ T5129] loop0: detected capacity change from 0 to 4096 [ 44.853731][ T5129] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.872550][ T5129] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5132] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5131] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5132] mkdir("./bus", 0777 [pid 5131] <... mprotect resumed>) = 0 [pid 5131] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5133 [pid 5131] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5133] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5133] chdir("./bus" [pid 5132] <... mkdir resumed>) = 0 [pid 5133] <... chdir resumed>) = 0 [pid 5132] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5133] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5133] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5133] chdir("./bus" [pid 5131] <... futex resumed>) = ? [pid 5133] +++ killed by SIGSEGV +++ [pid 5132] +++ killed by SIGSEGV +++ [pid 5131] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5131, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 44.937083][ T5132] loop0: detected capacity change from 0 to 4096 [ 44.946155][ T5132] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 44.965734][ T5132] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555557935e0, 24) = 0 [pid 5134] chdir("./24") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5134] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5135], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5135 [pid 5134] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5135] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5134] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5136 [pid 5134] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 1 [pid 5135] mkdir("./bus", 0777./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5136] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5136] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5135] <... mkdir resumed>) = 0 [pid 5135] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5134] <... futex resumed>) = ? [pid 5136] +++ killed by SIGSEGV +++ [pid 5135] +++ killed by SIGSEGV +++ [pid 5134] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5134, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x5555557935e0, 24) = 0 [pid 5137] chdir("./25") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [ 45.050152][ T5135] loop0: detected capacity change from 0 to 4096 [ 45.058565][ T5135] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.077985][ T5135] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5137] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5138] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... clone resumed>, parent_tid=[5138], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5138 [pid 5137] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5137] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5138] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5137] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5139], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5139 [pid 5137] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] mkdir("./bus", 0777) = 0 [pid 5138] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5137] <... futex resumed>) = ? [pid 5138] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5139 attached [pid 5139] +++ killed by SIGSEGV +++ [pid 5137] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5137, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x5555557935e0, 24) = 0 [pid 5140] chdir("./26") = 0 [ 45.161094][ T5138] loop0: detected capacity change from 0 to 4096 [ 45.170203][ T5138] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.189227][ T5138] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5140] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5141] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... clone resumed>, parent_tid=[5141], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5141 [pid 5140] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5140] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5141] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file0") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] mkdir("./bus", 0777 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5140] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5142 [pid 5140] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5142] chdir("./bus" [pid 5141] <... mkdir resumed>) = 0 [pid 5142] <... chdir resumed>) = 0 [pid 5141] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5142] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5140] <... futex resumed>) = ? [pid 5141] +++ killed by SIGSEGV +++ [pid 5142] +++ killed by SIGSEGV +++ [pid 5140] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5140, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 45.274196][ T5141] loop0: detected capacity change from 0 to 4096 [ 45.284106][ T5141] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.303276][ T5141] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x5555557935e0, 24) = 0 [pid 5143] chdir("./27") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5143] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5144 [pid 5143] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5144] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] mkdir("./bus", 0777 [pid 5143] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5143] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] <... mkdir resumed>) = 0 [pid 5143] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5144] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 5145 attached [pid 5143] <... clone resumed> ) = ? [pid 5145] +++ killed by SIGSEGV +++ [pid 5144] +++ killed by SIGSEGV +++ [pid 5143] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5143, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 45.380955][ T5144] loop0: detected capacity change from 0 to 4096 [ 45.389600][ T5144] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.407917][ T5144] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x5555557935e0, 24) = 0 [pid 5146] chdir("./28") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5146] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5147 [pid 5146] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5147] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file0", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file0") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] mkdir("./bus", 0777 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5146] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5147] <... mkdir resumed>) = 0 [pid 5146] <... mprotect resumed>) = 0 [pid 5147] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5146] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID ) = ? ./strace-static-x86_64: Process 5148 attached [pid 5148] +++ killed by SIGSEGV +++ [pid 5147] +++ killed by SIGSEGV +++ [pid 5146] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5146, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 45.494173][ T5147] loop0: detected capacity change from 0 to 4096 [ 45.502963][ T5147] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.521819][ T5147] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x5555557935e0, 24) = 0 [pid 5149] chdir("./29") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5149] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5150], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5150] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5150] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5150] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5149] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE [pid 5150] <... futex resumed>) = 0 [pid 5149] <... mprotect resumed>) = 0 [pid 5149] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5150] mkdir("./bus", 0777 [pid 5149] <... clone resumed>, parent_tid=[5151], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5151 [pid 5149] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus" [pid 5150] <... mkdir resumed>) = 0 [pid 5151] <... chdir resumed>) = 0 [pid 5150] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5151] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f394b156798, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5151] +++ killed by SIGSEGV +++ [pid 5150] +++ killed by SIGSEGV +++ [pid 5149] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5149, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 45.609480][ T5150] loop0: detected capacity change from 0 to 4096 [ 45.618292][ T5150] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.638072][ T5150] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x5555557935e0, 24) = 0 [pid 5152] chdir("./30") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5152] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5153 [pid 5152] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5153] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file0", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file0") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5152] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5154 [pid 5152] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] mkdir("./bus", 0777) = 0 [pid 5153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5152] <... futex resumed>) = ? [pid 5153] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5154 attached [pid 5154] +++ killed by SIGSEGV +++ [pid 5152] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5152, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x5555557935e0, 24) = 0 [pid 5155] chdir("./31") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5155] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5156], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5156 [pid 5155] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [ 45.731452][ T5153] loop0: detected capacity change from 0 to 4096 [ 45.740333][ T5153] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.758894][ T5153] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5156] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5155] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5157], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5157 [pid 5155] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] mkdir("./bus", 0777./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5157] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5157] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5157] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5156] <... mkdir resumed>) = 0 [pid 5156] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5157] chdir("./bus" [pid 5155] <... futex resumed>) = ? [pid 5156] +++ killed by SIGSEGV +++ [pid 5157] <... chdir resumed>) = ? [pid 5157] +++ killed by SIGSEGV +++ [pid 5155] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5155, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 45.831196][ T5156] loop0: detected capacity change from 0 to 4096 [ 45.840600][ T5156] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.860432][ T5156] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x5555557935e0, 24) = 0 [pid 5158] chdir("./32") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5158] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5159 attached , parent_tid=[5159], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5159 [pid 5159] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5159] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5158] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5159] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5159] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file0", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file0") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5159] <... futex resumed>) = 0 [pid 5159] mkdir("./bus", 0777 [pid 5158] <... mmap resumed>) = 0x7f3942e1d000 [pid 5158] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5160 attached , parent_tid=[5160], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5160 [pid 5158] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5159] <... mkdir resumed>) = 0 [pid 5159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5158] <... futex resumed>) = ? [pid 5159] +++ killed by SIGSEGV +++ [pid 5160] +++ killed by SIGSEGV +++ [pid 5158] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5158, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x5555557935e0, 24) = 0 [pid 5161] chdir("./33") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5161] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5162], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5162 [pid 5161] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 45.951401][ T5159] loop0: detected capacity change from 0 to 4096 [ 45.960182][ T5159] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 45.979449][ T5159] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5162] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file0", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file0") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5161] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5163 [pid 5161] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 1 [pid 5162] mkdir("./bus", 0777) = 0 [pid 5162] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5161] <... futex resumed>) = ? [pid 5162] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5163 attached [pid 5163] +++ killed by SIGSEGV +++ [pid 5161] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5161, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x5555557935e0, 24) = 0 [pid 5164] chdir("./34") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5164] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5165 [pid 5164] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 46.047457][ T5162] loop0: detected capacity change from 0 to 4096 [ 46.055740][ T5162] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.074171][ T5162] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5165] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5165] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file0", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file0") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5165] mkdir("./bus", 0777 [pid 5164] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... mkdir resumed>) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5165] +++ killed by SIGSEGV +++ [pid 5164] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5164, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x5555557935e0, 24) = 0 [pid 5166] chdir("./35") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5166] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5167 [pid 5166] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 46.136324][ T5165] loop0: detected capacity change from 0 to 4096 [ 46.144866][ T5165] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.164270][ T5165] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5167] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5167] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file0", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file0") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5166] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5168], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5168 [pid 5166] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [pid 5167] mkdir("./bus", 0777) = 0 [pid 5167] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5166] <... futex resumed>) = ? [pid 5167] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5168 attached [pid 5168] +++ killed by SIGSEGV +++ [pid 5166] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5166, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x5555557935d0) = 5169 [pid 5169] set_robust_list(0x5555557935e0, 24) = 0 [pid 5169] chdir("./36") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5169] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f394b05e9e0, 24 [pid 5169] <... clone resumed>, parent_tid=[5170], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5170 [pid 5169] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] <... set_robust_list resumed>) = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 46.227751][ T5167] loop0: detected capacity change from 0 to 4096 [ 46.236493][ T5167] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.255627][ T5167] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5170] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5170] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file0", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file0") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] mkdir("./bus", 0777 [pid 5169] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] <... mkdir resumed>) = 0 [pid 5169] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5169] <... futex resumed>) = 0 [pid 5170] +++ killed by SIGSEGV +++ [pid 5169] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5169, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x5555557935d0) = 5171 [pid 5171] set_robust_list(0x5555557935e0, 24) = 0 [pid 5171] chdir("./37") = 0 [ 46.325078][ T5170] loop0: detected capacity change from 0 to 4096 [ 46.333412][ T5170] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.353354][ T5170] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5171] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5172 [pid 5171] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5172] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5172] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file0", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file0") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5171] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5173 attached , parent_tid=[5173], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5173 [pid 5171] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5173] chdir("./bus" [pid 5172] <... futex resumed>) = 0 [pid 5172] mkdir("./bus", 0777 [pid 5173] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5173] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5172] <... mkdir resumed>) = 0 [pid 5173] chdir("./bus" [pid 5172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5173] <... chdir resumed>) = 0 [pid 5171] <... futex resumed>) = ? [pid 5173] +++ killed by SIGSEGV +++ [pid 5172] +++ killed by SIGSEGV +++ [pid 5171] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5171, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 46.435751][ T5172] loop0: detected capacity change from 0 to 4096 [ 46.444553][ T5172] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.462901][ T5172] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x5555557935d0) = 5174 [pid 5174] set_robust_list(0x5555557935e0, 24) = 0 [pid 5174] chdir("./38") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5174] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5175 attached , parent_tid=[5175], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5175 [pid 5175] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5175] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5174] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5175] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5175] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file0", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file0") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5174] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] <... futex resumed>) = 0 [pid 5174] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5175] mkdir("./bus", 0777 [pid 5174] <... clone resumed>, parent_tid=[5176], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5176 [pid 5174] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... mkdir resumed>) = 0 [pid 5174] <... futex resumed>) = 0 [pid 5175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5174] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5175] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5176 attached [pid 5176] +++ killed by SIGSEGV +++ [pid 5174] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5174, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x5555557935e0, 24) = 0 [pid 5177] chdir("./39") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5177] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5178 [pid 5177] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 46.551512][ T5175] loop0: detected capacity change from 0 to 4096 [ 46.560963][ T5175] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.579905][ T5175] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5178] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5178] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file0", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file0") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5177] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5179], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5179 [pid 5177] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 0 [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5177] <... futex resumed>) = ? [pid 5178] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5179 attached [pid 5179] +++ killed by SIGSEGV +++ [pid 5177] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5177, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x5555557935e0, 24) = 0 [pid 5180] chdir("./40") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5180] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5181], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5181 [pid 5180] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 46.650314][ T5178] loop0: detected capacity change from 0 to 4096 [ 46.659580][ T5178] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.678521][ T5178] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5181] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5181] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file0", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file0") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5180] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5182], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5182 [pid 5180] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] mkdir("./bus", 0777) = 0 [pid 5181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5182] chdir("./bus") = 0 [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5182] chdir("./bus" [pid 5180] <... futex resumed>) = ? [pid 5181] +++ killed by SIGSEGV +++ [pid 5182] <... chdir resumed>) = ? [pid 5182] +++ killed by SIGSEGV +++ [pid 5180] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5180, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 46.751960][ T5181] loop0: detected capacity change from 0 to 4096 [ 46.761490][ T5181] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.782910][ T5181] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x5555557935d0) = 5183 [pid 5183] set_robust_list(0x5555557935e0, 24) = 0 [pid 5183] chdir("./41") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5183] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5183] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5184] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5184] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] mkdir("./bus", 0777 [pid 5183] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... mkdir resumed>) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = ? [pid 5184] +++ killed by SIGSEGV +++ [pid 5183] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5183, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5185 ./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x5555557935e0, 24) = 0 [pid 5185] chdir("./42") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [ 46.894999][ T5184] loop0: detected capacity change from 0 to 4096 [ 46.903676][ T5184] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 46.922502][ T5184] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5185] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5186 attached , parent_tid=[5186], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5186 [pid 5186] set_robust_list(0x7f394b05e9e0, 24 [pid 5185] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5186] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5186] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file0", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file0") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mkdir("./bus", 0777 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5185] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5187 [pid 5185] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x7f3942e3d9e0, 24 [pid 5186] <... mkdir resumed>) = 0 [pid 5186] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5185] <... futex resumed>) = ? [pid 5187] <... set_robust_list resumed>) = ? [pid 5187] +++ killed by SIGSEGV +++ [pid 5186] +++ killed by SIGSEGV +++ [pid 5185] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5185, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x5555557935e0, 24) = 0 [pid 5188] chdir("./43") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5188] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5189 [pid 5188] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 47.001956][ T5186] loop0: detected capacity change from 0 to 4096 [ 47.010377][ T5186] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.028853][ T5186] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5189] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5189] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file0", 0777) = 0 [pid 5189] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file0") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5188] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5190 [pid 5188] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] mkdir("./bus", 0777) = 0 [pid 5189] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5188] <... futex resumed>) = ? [pid 5189] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5190 attached [pid 5190] +++ killed by SIGSEGV +++ [pid 5188] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5188, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x5555557935e0, 24) = 0 [pid 5191] chdir("./44") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5191] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5192], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5192 [pid 5191] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 47.099384][ T5189] loop0: detected capacity change from 0 to 4096 [ 47.107964][ T5189] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.125831][ T5189] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5192] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file0") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5191] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5193 [pid 5191] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5192] <... futex resumed>) = 1 [pid 5192] mkdir("./bus", 0777 [pid 5193] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5192] <... mkdir resumed>) = 0 [pid 5192] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5191] <... futex resumed>) = ? [pid 5193] +++ killed by SIGSEGV +++ [pid 5192] +++ killed by SIGSEGV +++ [pid 5191] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5191, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x5555557935e0, 24) = 0 [pid 5194] chdir("./45") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5194] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5195], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5195 [pid 5194] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 47.189456][ T5192] loop0: detected capacity change from 0 to 4096 [ 47.198766][ T5192] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.217320][ T5192] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5195] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5195] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file0") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5194] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] mkdir("./bus", 0777 [pid 5194] <... futex resumed>) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5194] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5196], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5196 [pid 5195] <... mkdir resumed>) = 0 [pid 5194] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5194] <... futex resumed>) = ? [pid 5195] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5196 attached [pid 5196] +++ killed by SIGSEGV +++ [pid 5194] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5194, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached , child_tidptr=0x5555557935d0) = 5197 [pid 5197] set_robust_list(0x5555557935e0, 24) = 0 [pid 5197] chdir("./46") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5197] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5198], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5198 [pid 5197] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 47.285739][ T5195] loop0: detected capacity change from 0 to 4096 [ 47.294009][ T5195] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.312280][ T5195] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5198] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5198] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file0", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file0") = 0 [pid 5198] ioctl(4, LOOP_CLR_FD) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] mkdir("./bus", 0777 [pid 5197] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] <... mkdir resumed>) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5198] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5197] <... mmap resumed>) = 0x7f3942e1d000 [pid 5198] +++ killed by SIGSEGV +++ [pid 5197] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5197, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555557935e0, 24) = 0 [pid 5199] chdir("./47") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5199] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5200 [pid 5199] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 47.387805][ T5198] loop0: detected capacity change from 0 to 4096 [ 47.396105][ T5198] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.415304][ T5198] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5200] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5200] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file0", 0777) = 0 [pid 5200] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file0") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5199] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5201], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5200] <... futex resumed>) = 0 [pid 5199] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] mkdir("./bus", 0777 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5201] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5200] <... mkdir resumed>) = 0 [pid 5201] chdir("./bus" [pid 5200] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5199] <... futex resumed>) = ? [pid 5200] +++ killed by SIGSEGV +++ [pid 5201] <... chdir resumed>) = ? [pid 5201] +++ killed by SIGSEGV +++ [pid 5199] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5199, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5202 ./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x5555557935e0, 24) = 0 [pid 5202] chdir("./48") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5202] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5203] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... clone resumed>, parent_tid=[5203], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5203 [pid 5202] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5202] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] memfd_create("syzkaller", 0) = 3 [ 47.475950][ T5200] loop0: detected capacity change from 0 to 4096 [ 47.484720][ T5200] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.504233][ T5200] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5203] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5203] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file0", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file0") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] mkdir("./bus", 0777 [pid 5202] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5202] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5204 [pid 5202] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5204 attached [pid 5203] <... mkdir resumed>) = 0 [pid 5204] set_robust_list(0x7f3942e3d9e0, 24 [pid 5203] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5202] <... futex resumed>) = ? [pid 5203] +++ killed by SIGSEGV +++ [pid 5204] <... set_robust_list resumed>) = ? [pid 5204] +++ killed by SIGSEGV +++ [pid 5202] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5202, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5205 ./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x5555557935e0, 24) = 0 [pid 5205] chdir("./49") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [ 47.577152][ T5203] loop0: detected capacity change from 0 to 4096 [ 47.585604][ T5203] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.604980][ T5203] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5205] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5206 attached , parent_tid=[5206], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5206 [pid 5206] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5206] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5205] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5206] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5206] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file0", 0777) = 0 [pid 5206] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./file0") = 0 [pid 5206] ioctl(4, LOOP_CLR_FD) = 0 [pid 5206] close(4) = 0 [pid 5206] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5205] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5207], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5207 [pid 5205] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] mkdir("./bus", 0777./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x7f3942e3d9e0, 24 [pid 5206] <... mkdir resumed>) = 0 [pid 5206] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5205] <... futex resumed>) = ? [pid 5207] <... set_robust_list resumed>) = ? [pid 5207] +++ killed by SIGSEGV +++ [pid 5206] +++ killed by SIGSEGV +++ [pid 5205] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5205, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5208 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x5555557935e0, 24) = 0 [pid 5208] chdir("./50") = 0 [ 47.686334][ T5206] loop0: detected capacity change from 0 to 4096 [ 47.695096][ T5206] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.714066][ T5206] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5208] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5209] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5209] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5209] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file0", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file0") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5208] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5210 [pid 5208] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... futex resumed>) = 0 [pid 5209] mkdir("./bus", 0777) = 0 [pid 5209] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5208] <... futex resumed>) = ? [pid 5209] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5210 attached [pid 5210] +++ killed by SIGSEGV +++ [pid 5208] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5208, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached , child_tidptr=0x5555557935d0) = 5211 [pid 5211] set_robust_list(0x5555557935e0, 24) = 0 [pid 5211] chdir("./51") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [ 47.797484][ T5209] loop0: detected capacity change from 0 to 4096 [ 47.806161][ T5209] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.825262][ T5209] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5211] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5212] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... clone resumed>, parent_tid=[5212], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5212 [pid 5211] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5211] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5212] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5212] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5211] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5213], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5213 [pid 5211] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] mkdir("./bus", 0777./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5213] chdir("./bus") = 0 [pid 5212] <... mkdir resumed>) = 0 [pid 5213] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5212] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5213] chdir("./bus" [pid 5211] <... futex resumed>) = ? [pid 5213] <... chdir resumed>) = ? [pid 5213] +++ killed by SIGSEGV +++ [pid 5212] +++ killed by SIGSEGV +++ [pid 5211] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5211, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5214 ./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x5555557935e0, 24) = 0 [pid 5214] chdir("./52") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5214] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5215 attached , parent_tid=[5215], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5215 [pid 5215] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5215] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5214] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 47.905412][ T5212] loop0: detected capacity change from 0 to 4096 [ 47.914565][ T5212] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 47.933010][ T5212] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5215] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5215] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file0", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file0") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5214] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5216 [pid 5214] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5215] mkdir("./bus", 0777 [pid 5214] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... mkdir resumed>) = 0 [pid 5215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5214] <... futex resumed>) = ? [pid 5215] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5216 attached [pid 5216] +++ killed by SIGSEGV +++ [pid 5214] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5214, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x5555557935d0) = 5217 [pid 5217] set_robust_list(0x5555557935e0, 24) = 0 [pid 5217] chdir("./53") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [ 48.015155][ T5215] loop0: detected capacity change from 0 to 4096 [ 48.024316][ T5215] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.042800][ T5215] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5217] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5218] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... clone resumed>, parent_tid=[5218], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5218 [pid 5217] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5217] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5218] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5218] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file0", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file0") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5217] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5219], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5219 [pid 5217] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [pid 5218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5217] <... futex resumed>) = ? [pid 5218] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5219 attached [pid 5219] +++ killed by SIGSEGV +++ [pid 5217] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5217, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5220 ./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555557935e0, 24) = 0 [pid 5220] chdir("./54") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [ 48.121690][ T5218] loop0: detected capacity change from 0 to 4096 [ 48.130436][ T5218] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.149392][ T5218] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5220] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5221] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... clone resumed>, parent_tid=[5221], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5221 [pid 5220] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5220] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5221] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5221] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./file0", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file0") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5220] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5222], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5222 [pid 5220] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] mkdir("./bus", 0777./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5222] chdir("./bus" [pid 5221] <... mkdir resumed>) = 0 [pid 5222] <... chdir resumed>) = 0 [pid 5222] chdir("./bus" [pid 5221] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5222] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5220] <... futex resumed>) = ? [pid 5222] +++ killed by SIGSEGV +++ [pid 5221] +++ killed by SIGSEGV +++ [pid 5220] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5220, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x5555557935e0, 24) = 0 [pid 5223] chdir("./55") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5223] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5224 attached , parent_tid=[5224], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5224 [pid 5223] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 48.228265][ T5221] loop0: detected capacity change from 0 to 4096 [ 48.236886][ T5221] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.255481][ T5221] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5224] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5224] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file0", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file0") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5223] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5225 [pid 5223] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] mkdir("./bus", 0777) = 0 [pid 5224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5223] <... futex resumed>) = ? [pid 5224] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5225 attached [pid 5225] +++ killed by SIGSEGV +++ [pid 5223] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5223, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x5555557935d0) = 5226 [pid 5226] set_robust_list(0x5555557935e0, 24) = 0 [pid 5226] chdir("./56") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 48.322905][ T5224] loop0: detected capacity change from 0 to 4096 [ 48.331397][ T5224] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.352089][ T5224] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5226] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5227], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5227 [pid 5226] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5227] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5227] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./file0", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file0") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5226] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5228], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5228 [pid 5226] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 0 [pid 5227] mkdir("./bus", 0777) = 0 [pid 5227] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5228] chdir("./bus") = 0 [pid 5228] chdir("./bus" [pid 5226] <... futex resumed>) = ? [pid 5228] <... chdir resumed>) = ? [pid 5228] +++ killed by SIGSEGV +++ [pid 5227] +++ killed by SIGSEGV +++ [pid 5226] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5226, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x5555557935e0, 24) = 0 [pid 5229] chdir("./57") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [ 48.428705][ T5227] loop0: detected capacity change from 0 to 4096 [ 48.437574][ T5227] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.456491][ T5227] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5229] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5230] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... clone resumed>, parent_tid=[5230], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5230 [pid 5229] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5229] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5230] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5230] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] mkdir("./bus", 0777 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5229] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5231 attached , parent_tid=[5231], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5231 [pid 5229] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5231] chdir("./bus" [pid 5230] <... mkdir resumed>) = 0 [pid 5230] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5231] <... chdir resumed>) = ? [pid 5229] <... futex resumed>) = ? [pid 5231] +++ killed by SIGSEGV +++ [pid 5230] +++ killed by SIGSEGV +++ [pid 5229] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5229, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 48.539975][ T5230] loop0: detected capacity change from 0 to 4096 [ 48.548569][ T5230] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.567697][ T5230] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x5555557935e0, 24) = 0 [pid 5232] chdir("./58") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5232] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5233 attached , parent_tid=[5233], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5233 [pid 5233] set_robust_list(0x7f394b05e9e0, 24 [pid 5232] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... set_robust_list resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5233] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5233] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./file0", 0777) = 0 [pid 5233] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file0") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5232] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5234], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5234 [pid 5232] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [pid 5233] mkdir("./bus", 0777./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5234] chdir("./bus") = 0 [pid 5233] <... mkdir resumed>) = 0 [pid 5234] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5233] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5232] <... futex resumed>) = ? [pid 5234] +++ killed by SIGSEGV +++ [pid 5233] +++ killed by SIGSEGV +++ [pid 5232] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5232, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x5555557935e0, 24) = 0 [pid 5235] chdir("./59") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5235] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5236 attached , parent_tid=[5236], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5236 [pid 5235] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 48.647952][ T5233] loop0: detected capacity change from 0 to 4096 [ 48.656723][ T5233] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.675283][ T5233] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5236] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5236] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5236] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file0", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file0") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mkdir("./bus", 0777 [pid 5235] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5235] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5237], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5237 [pid 5235] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus" [pid 5236] <... mkdir resumed>) = 0 [pid 5237] <... chdir resumed>) = 0 [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus" [pid 5236] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5237] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5237] chdir("./bus" [pid 5235] <... futex resumed>) = ? [pid 5237] <... chdir resumed>) = ? [pid 5237] +++ killed by SIGSEGV +++ [pid 5236] +++ killed by SIGSEGV +++ [pid 5235] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5235, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 48.760199][ T5236] loop0: detected capacity change from 0 to 4096 [ 48.768550][ T5236] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.786937][ T5236] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x5555557935e0, 24) = 0 [pid 5238] chdir("./60") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x5555557935d0) = 5238 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5238] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5239 attached , parent_tid=[5239], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5239 [pid 5239] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5239] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5238] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5239] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5239] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file0", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file0") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5238] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5240], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5240 [pid 5238] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 0 [pid 5239] mkdir("./bus", 0777./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5240] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5240] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5239] <... mkdir resumed>) = 0 [pid 5240] chdir("./bus") = 0 [pid 5240] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5239] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5240] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5238] <... futex resumed>) = ? [pid 5240] +++ killed by SIGSEGV +++ [pid 5239] +++ killed by SIGSEGV +++ [pid 5238] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5238, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 48.870283][ T5239] loop0: detected capacity change from 0 to 4096 [ 48.878991][ T5239] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 48.897871][ T5239] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached , child_tidptr=0x5555557935d0) = 5241 [pid 5241] set_robust_list(0x5555557935e0, 24) = 0 [pid 5241] chdir("./61") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5241] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5242], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5242 [pid 5241] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5242] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5242] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file0", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file0") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5241] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5243], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5243 [pid 5241] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] mkdir("./bus", 0777./strace-static-x86_64: Process 5243 attached ) = 0 [pid 5243] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5243] chdir("./bus" [pid 5242] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5243] <... chdir resumed>) = 0 [pid 5241] <... futex resumed>) = ? [pid 5243] +++ killed by SIGSEGV +++ [pid 5242] +++ killed by SIGSEGV +++ [pid 5241] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5241, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 [ 48.979275][ T5242] loop0: detected capacity change from 0 to 4096 [ 48.989341][ T5242] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.007542][ T5242] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5244 ./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x5555557935e0, 24) = 0 [pid 5244] chdir("./62") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5244] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5245 attached , parent_tid=[5245], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5245 [pid 5245] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5245] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5244] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5245] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5245] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file0", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file0") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5244] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5246 [pid 5244] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... futex resumed>) = 0 [pid 5245] mkdir("./bus", 0777) = 0 [pid 5245] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5244] <... futex resumed>) = ? [pid 5245] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5246 attached [pid 5246] +++ killed by SIGSEGV +++ [pid 5244] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5244, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x5555557935d0) = 5247 [pid 5247] set_robust_list(0x5555557935e0, 24) = 0 [pid 5247] chdir("./63") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5247] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5248], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5248 [pid 5247] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 49.101117][ T5245] loop0: detected capacity change from 0 to 4096 [ 49.110021][ T5245] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.129777][ T5245] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5248] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5248] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file0", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file0") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5247] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5249], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5249 [pid 5247] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5249] chdir("./bus" [pid 5248] mkdir("./bus", 0777 [pid 5249] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5249] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5248] <... mkdir resumed>) = 0 [pid 5249] chdir("./bus" [pid 5248] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5249] <... chdir resumed>) = 0 [pid 5247] <... futex resumed>) = ? [pid 5248] +++ killed by SIGSEGV +++ [pid 5249] +++ killed by SIGSEGV +++ [pid 5247] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5247, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 49.202146][ T5248] loop0: detected capacity change from 0 to 4096 [ 49.211297][ T5248] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.230033][ T5248] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x5555557935e0, 24) = 0 [pid 5250] chdir("./64") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5250] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x7f394b05e9e0, 24 [pid 5250] <... clone resumed>, parent_tid=[5251], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5251 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5251] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5251] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file0", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file0") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5250] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5252 [pid 5250] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus" [pid 5251] mkdir("./bus", 0777 [pid 5252] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5252] chdir("./bus" [pid 5251] <... mkdir resumed>) = 0 [pid 5252] <... chdir resumed>) = 0 [pid 5251] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5252] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5250] <... futex resumed>) = ? [pid 5252] +++ killed by SIGSEGV +++ [pid 5251] +++ killed by SIGSEGV +++ [pid 5250] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5250, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 [ 49.313501][ T5251] loop0: detected capacity change from 0 to 4096 [ 49.322539][ T5251] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.341943][ T5251] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5253 ./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x5555557935e0, 24) = 0 [pid 5253] chdir("./65") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5253] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5254 attached , parent_tid=[5254], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5254 [pid 5254] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5254] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5253] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5254] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5254] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file0", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file0") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5253] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5255 [pid 5253] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] mkdir("./bus", 0777) = 0 [pid 5254] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5253] <... futex resumed>) = ? ./strace-static-x86_64: Process 5255 attached [pid 5254] +++ killed by SIGSEGV +++ [pid 5255] +++ killed by SIGSEGV +++ [pid 5253] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5253, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x5555557935e0, 24) = 0 [pid 5256] chdir("./66") = 0 [ 49.435044][ T5254] loop0: detected capacity change from 0 to 4096 [ 49.443461][ T5254] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.461627][ T5254] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5256] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x7f394b05e9e0, 24 [pid 5256] <... clone resumed>, parent_tid=[5257], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5257 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5256] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5257] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5257] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file0", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file0") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5256] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5258 [pid 5256] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] mkdir("./bus", 0777) = 0 [pid 5257] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5256] <... futex resumed>) = ? [pid 5257] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5258 attached [pid 5258] +++ killed by SIGSEGV +++ [pid 5256] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5256, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x5555557935e0, 24) = 0 [pid 5259] chdir("./67") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5259] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5260], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5260 [pid 5259] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 49.546205][ T5257] loop0: detected capacity change from 0 to 4096 [ 49.555433][ T5257] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.573428][ T5257] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5260] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5260] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file0", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file0") = 0 [pid 5260] ioctl(4, LOOP_CLR_FD) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5259] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5261], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5261 [pid 5259] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] mkdir("./bus", 0777./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x7f3942e3d9e0, 24) = 0 [pid 5260] <... mkdir resumed>) = 0 [pid 5260] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5259] <... futex resumed>) = ? [pid 5260] +++ killed by SIGSEGV +++ [pid 5261] +++ killed by SIGSEGV +++ [pid 5259] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5259, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 49.641949][ T5260] loop0: detected capacity change from 0 to 4096 [ 49.650366][ T5260] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.669559][ T5260] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x5555557935e0, 24) = 0 [pid 5262] chdir("./68") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5262] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5263 attached , parent_tid=[5263], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5263 [pid 5263] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5263] futex(0x7f394b156788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5262] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [pid 5263] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5263] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file0", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file0") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5262] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5264 [pid 5262] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] mkdir("./bus", 0777) = 0 [pid 5263] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5262] <... futex resumed>) = ? [pid 5263] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 5264 attached [pid 5264] +++ killed by SIGSEGV +++ [pid 5262] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5262, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x5555557935e0, 24) = 0 [pid 5265] chdir("./69") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5265] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5266], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5266 [pid 5265] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 49.756418][ T5263] loop0: detected capacity change from 0 to 4096 [ 49.764891][ T5263] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.783428][ T5263] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5266] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5266] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] mkdir("./file0", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5266] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5266] chdir("./file0") = 0 [pid 5266] ioctl(4, LOOP_CLR_FD) = 0 [pid 5266] close(4) = 0 [pid 5266] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mkdir("./bus", 0777 [pid 5265] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5265] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] <... mkdir resumed>) = 0 [pid 5266] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5266] +++ killed by SIGSEGV +++ [pid 5265] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5265, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555794620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555579c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555579c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555555794620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557935d0) = 5267 ./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x5555557935e0, 24) = 0 [pid 5267] chdir("./70") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f394b03e000 [pid 5267] mprotect(0x7f394b03f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] clone(child_stack=0x7f394b05e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5268], tls=0x7f394b05e700, child_tidptr=0x7f394b05e9d0) = 5268 [pid 5267] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f394b15678c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x7f394b05e9e0, 24) = 0 [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3942c3e000 [ 49.859017][ T5266] loop0: detected capacity change from 0 to 4096 [ 49.867616][ T5266] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.886578][ T5266] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5268] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5268] munmap(0x7f3942c3e000, 2097152) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] mkdir("./file0", 0777) = 0 [pid 5268] mount("/dev/loop0", "./file0", "ntfs3", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_REC|MS_LAZYTIME, "showmeta,") = 0 [pid 5268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./file0") = 0 [pid 5268] ioctl(4, LOOP_CLR_FD) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f394b15678c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f394b156788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f394b15679c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3942e1d000 [pid 5267] mprotect(0x7f3942e1e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] clone(child_stack=0x7f3942e3d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x7f3942e3d9e0, 24 [pid 5267] <... clone resumed>, parent_tid=[5269], tls=0x7f3942e3d700, child_tidptr=0x7f3942e3d9d0) = 5269 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5269] futex(0x7f394b156798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f394b156798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5267] futex(0x7f394b15679c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... futex resumed>) = 1 [pid 5269] chdir("./bus" [pid 5268] mkdir("./bus", 0777 [pid 5269] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = -1 ENOENT (No such file or directory) [pid 5269] chdir("./bus") = 0 [pid 5269] chdir("./bus" [pid 5268] <... mkdir resumed>) = 0 [pid 5268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 49.957745][ T5268] loop0: detected capacity change from 0 to 4096 [ 49.966374][ T5268] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 49.985147][ T5268] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 50.019284][ T5269] ------------[ cut here ]------------ [ 50.024899][ T5269] DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff888073ed6310, owner = 0x0, curr 0xffff888017c1ba80, list empty [ 50.039499][ T5269] WARNING: CPU: 0 PID: 5269 at kernel/locking/rwsem.c:1336 __up_read+0x5c0/0x720 [ 50.048668][ T5269] Modules linked in: [ 50.052590][ T5269] CPU: 0 PID: 5269 Comm: syz-executor287 Not tainted 6.2.0-rc4-syzkaller-00241-gff83fec8179e #0 [ 50.063022][ T5269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 50.073100][ T5269] RIP: 0010:__up_read+0x5c0/0x720 [ 50.078219][ T5269] Code: 03 80 3c 02 00 0f 85 35 01 00 00 49 8b 17 4d 89 f1 4c 89 e9 48 c7 c6 00 45 4c 8a ff 34 24 48 c7 c7 40 42 4c 8a e8 60 b8 5c 08 <0f> 0b 5e e9 38 fb ff ff 48 89 df e8 b0 93 6c 00 e9 b2 fa ff ff 48 [ 50.097870][ T5269] RSP: 0018:ffffc9000408fb58 EFLAGS: 00010282 [ 50.104075][ T5269] RAX: 0000000000000000 RBX: ffffffff8e732ba8 RCX: 0000000000000000 [ 50.112145][ T5269] RDX: ffff888017c1ba80 RSI: ffffffff8166822c RDI: fffff52000811f5d [ 50.120196][ T5269] RBP: ffff888073ed6318 R08: 0000000000000005 R09: 0000000000000000 [ 50.128209][ T5269] R10: 0000000080000000 R11: 0000000000000000 R12: 1ffff92000811f6f [ 50.136475][ T5269] R13: ffff888073ed6310 R14: ffff888017c1ba80 R15: ffff888073ed6310 [ 50.144548][ T5269] FS: 00007f3942e3d700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 50.153573][ T5269] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.160168][ T5269] CR2: 00007f3942e3d000 CR3: 000000007c7e4000 CR4: 0000000000350ef0 [ 50.168169][ T5269] Call Trace: [ 50.171453][ T5269] [ 50.174425][ T5269] ? up_write+0x520/0x520 [ 50.178792][ T5269] walk_component+0x34a/0x5a0 [ 50.183506][ T5269] path_lookupat+0x1ba/0x840 [ 50.188113][ T5269] filename_lookup+0x1d2/0x590 [ 50.192907][ T5269] ? may_linkat+0x500/0x500 [ 50.197479][ T5269] ? __might_fault+0xd9/0x180 [ 50.202168][ T5269] ? __phys_addr_symbol+0x30/0x70 [ 50.207232][ T5269] ? __check_object_size+0x2e2/0x5a0 [ 50.212561][ T5269] ? strncpy_from_user+0x28b/0x3c0 [ 50.217667][ T5269] ? getname_flags.part.0+0x1dd/0x4f0 [ 50.223163][ T5269] user_path_at_empty+0x46/0x60 [ 50.228040][ T5269] __x64_sys_chdir+0xbb/0x240 [ 50.232764][ T5269] ? _raw_spin_unlock_irq+0x23/0x50 [ 50.237979][ T5269] ? __ia32_sys_access+0x80/0x80 [ 50.242954][ T5269] ? lockdep_hardirqs_on+0x7d/0x100 [ 50.248180][ T5269] ? _raw_spin_unlock_irq+0x2e/0x50 [ 50.253788][ T5269] ? ptrace_notify+0xfe/0x140 [ 50.258578][ T5269] do_syscall_64+0x39/0xb0 [ 50.263027][ T5269] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.268928][ T5269] RIP: 0033:0x7f394b0b26a9 [ 50.273361][ T5269] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.293093][ T5269] RSP: 002b:00007f3942e3d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 50.301500][ T5269] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f394b0b26a9 [ 50.309494][ T5269] RDX: 00007f394b0b26a9 RSI: ffffffffffffffb8 RDI: 0000000020000380 [ 50.317486][ T5269] RBP: 00007f394b156798 R08: 0000000000000000 R09: 0000000000000000 [ 50.325488][ T5269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f394b156790 [ 50.333491][ T5269] R13: 00007f394b15679c R14: 6174656d776f6873 R15: 0030656c69662f2e [ 50.341903][ T5269] [ 50.344958][ T5269] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 50.352228][ T5269] CPU: 0 PID: 5269 Comm: syz-executor287 Not tainted 6.2.0-rc4-syzkaller-00241-gff83fec8179e #0 [ 50.362622][ T5269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 50.372672][ T5269] Call Trace: [ 50.375940][ T5269] [ 50.378859][ T5269] dump_stack_lvl+0xd1/0x138 [ 50.383456][ T5269] panic+0x2cc/0x626 [ 50.387349][ T5269] ? panic_print_sys_info.part.0+0x110/0x110 [ 50.393330][ T5269] ? __up_read+0x5c0/0x720 [ 50.397744][ T5269] check_panic_on_warn.cold+0x19/0x35 [ 50.403462][ T5269] __warn+0xf2/0x1a0 [ 50.407351][ T5269] ? __up_read+0x5c0/0x720 [ 50.411758][ T5269] report_bug+0x1c0/0x210 [ 50.416080][ T5269] handle_bug+0x3c/0x70 [ 50.420228][ T5269] exc_invalid_op+0x18/0x50 [ 50.424726][ T5269] asm_exc_invalid_op+0x1a/0x20 [ 50.429566][ T5269] RIP: 0010:__up_read+0x5c0/0x720 [ 50.434598][ T5269] Code: 03 80 3c 02 00 0f 85 35 01 00 00 49 8b 17 4d 89 f1 4c 89 e9 48 c7 c6 00 45 4c 8a ff 34 24 48 c7 c7 40 42 4c 8a e8 60 b8 5c 08 <0f> 0b 5e e9 38 fb ff ff 48 89 df e8 b0 93 6c 00 e9 b2 fa ff ff 48 [ 50.454567][ T5269] RSP: 0018:ffffc9000408fb58 EFLAGS: 00010282 [ 50.460633][ T5269] RAX: 0000000000000000 RBX: ffffffff8e732ba8 RCX: 0000000000000000 [ 50.469033][ T5269] RDX: ffff888017c1ba80 RSI: ffffffff8166822c RDI: fffff52000811f5d [ 50.476999][ T5269] RBP: ffff888073ed6318 R08: 0000000000000005 R09: 0000000000000000 [ 50.484961][ T5269] R10: 0000000080000000 R11: 0000000000000000 R12: 1ffff92000811f6f [ 50.492929][ T5269] R13: ffff888073ed6310 R14: ffff888017c1ba80 R15: ffff888073ed6310 [ 50.500898][ T5269] ? vprintk+0x8c/0xa0 [ 50.504973][ T5269] ? __up_read+0x5c0/0x720 [ 50.509391][ T5269] ? up_write+0x520/0x520 [ 50.513725][ T5269] walk_component+0x34a/0x5a0 [ 50.518401][ T5269] path_lookupat+0x1ba/0x840 [ 50.522993][ T5269] filename_lookup+0x1d2/0x590 [ 50.527767][ T5269] ? may_linkat+0x500/0x500 [ 50.532261][ T5269] ? __might_fault+0xd9/0x180 [ 50.536939][ T5269] ? __phys_addr_symbol+0x30/0x70 [ 50.541957][ T5269] ? __check_object_size+0x2e2/0x5a0 [ 50.547246][ T5269] ? strncpy_from_user+0x28b/0x3c0 [ 50.552366][ T5269] ? getname_flags.part.0+0x1dd/0x4f0 [ 50.557738][ T5269] user_path_at_empty+0x46/0x60 [ 50.562586][ T5269] __x64_sys_chdir+0xbb/0x240 [ 50.567260][ T5269] ? _raw_spin_unlock_irq+0x23/0x50 [ 50.572449][ T5269] ? __ia32_sys_access+0x80/0x80 [ 50.577383][ T5269] ? lockdep_hardirqs_on+0x7d/0x100 [ 50.582569][ T5269] ? _raw_spin_unlock_irq+0x2e/0x50 [ 50.587758][ T5269] ? ptrace_notify+0xfe/0x140 [ 50.592426][ T5269] do_syscall_64+0x39/0xb0 [ 50.596836][ T5269] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.602724][ T5269] RIP: 0033:0x7f394b0b26a9 [ 50.607132][ T5269] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.626731][ T5269] RSP: 002b:00007f3942e3d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 50.635133][ T5269] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f394b0b26a9 [ 50.643230][ T5269] RDX: 00007f394b0b26a9 RSI: ffffffffffffffb8 RDI: 0000000020000380 [ 50.651451][ T5269] RBP: 00007f394b156798 R08: 0000000000000000 R09: 0000000000000000 [ 50.659410][ T5269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f394b156790 [ 50.667373][ T5269] R13: 00007f394b15679c R14: 6174656d776f6873 R15: 0030656c69662f2e [ 50.675432][ T5269] [ 50.679375][ T5269] Kernel Offset: disabled [ 50.683751][ T5269] Rebooting in 86400 seconds..