./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor715077006 <...> Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. execve("./syz-executor715077006", ["./syz-executor715077006"], 0x7fff2d66fa40 /* 10 vars */) = 0 brk(NULL) = 0x55555716c000 brk(0x55555716cc40) = 0x55555716cc40 arch_prctl(ARCH_SET_FS, 0x55555716c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor715077006", 4096) = 27 brk(0x55555718dc40) = 0x55555718dc40 brk(0x55555718e000) = 0x55555718e000 mprotect(0x7f2237239000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4993 mkdir("./syzkaller.Amv2pL", 0700) = 0 chmod("./syzkaller.Amv2pL", 0777) = 0 chdir("./syzkaller.Amv2pL") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4994 attached , child_tidptr=0x55555716c5d0) = 4994 [pid 4994] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4994] setsid() = 1 [pid 4994] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 4994] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 4994] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 4994] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 4994] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 4994] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 4994] unshare(CLONE_NEWNS) = 0 [pid 4994] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 4994] unshare(CLONE_NEWIPC) = 0 [pid 4994] unshare(CLONE_NEWCGROUP) = 0 [pid 4994] unshare(CLONE_NEWUTS) = 0 [pid 4994] unshare(CLONE_SYSVSEM) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "16777216", 8) = 8 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "536870912", 9) = 9 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "1024", 4) = 4 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "8192", 4) = 4 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "1024", 4) = 4 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "1024", 4) = 4 [pid 4994] close(3) = 0 [pid 4994] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 4994] write(3, "1024 1048576 500 1024", 21) = 21 [pid 4994] close(3) = 0 [pid 4994] getpid() = 1 [pid 4994] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 4994] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./0/binderfs") = 0 [pid 4994] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./0/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./0") = 0 [pid 4994] mkdir("./1", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 3 ./strace-static-x86_64: Process 4998 attached [pid 4998] chdir("./1") = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 4998] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 4998] memfd_create("syzkaller", 0) = 4 [pid 4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 4998] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4998] munmap(0x7f222ed5e000, 2097152) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 4998] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 4998] close(4) = 0 [pid 4998] mkdir("./file0", 0777) = 0 [pid 4998] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 4998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 4998] chdir("./file0") = 0 [pid 4998] ioctl(5, LOOP_CLR_FD) = 0 [pid 4998] close(5) = 0 [pid 4998] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 4998] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 73.341103][ T4998] loop0: detected capacity change from 0 to 4096 [ 73.351727][ T4998] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 73.368636][ T4998] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 4998] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 4998] open("./file0", O_RDONLY) = 7 [pid 4998] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 73.385650][ T27] audit: type=1800 audit(1683090815.301:4): pid=4998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 73.407638][ T27] audit: type=1804 audit(1683090815.321:5): pid=4998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/1/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 4998] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 4998] close(3) = 0 [pid 4998] close(4) = 0 [pid 4998] close(5) = 0 [pid 4998] close(6) = 0 [pid 4998] close(7) = 0 [pid 4998] close(8) = -1 EBADF (Bad file descriptor) [pid 4998] close(9) = -1 EBADF (Bad file descriptor) [pid 4998] close(10) = -1 EBADF (Bad file descriptor) [pid 4998] close(11) = -1 EBADF (Bad file descriptor) [pid 4998] close(12) = -1 EBADF (Bad file descriptor) [pid 4998] close(13) = -1 EBADF (Bad file descriptor) [pid 4998] close(14) = -1 EBADF (Bad file descriptor) [pid 4998] close(15) = -1 EBADF (Bad file descriptor) [pid 4998] close(16) = -1 EBADF (Bad file descriptor) [pid 4998] close(17) = -1 EBADF (Bad file descriptor) [pid 4998] close(18) = -1 EBADF (Bad file descriptor) [pid 4998] close(19) = -1 EBADF (Bad file descriptor) [pid 4998] close(20) = -1 EBADF (Bad file descriptor) [pid 4998] close(21) = -1 EBADF (Bad file descriptor) [pid 4998] close(22) = -1 EBADF (Bad file descriptor) [pid 4998] close(23) = -1 EBADF (Bad file descriptor) [pid 4998] close(24) = -1 EBADF (Bad file descriptor) [pid 4998] close(25) = -1 EBADF (Bad file descriptor) [pid 4998] close(26) = -1 EBADF (Bad file descriptor) [pid 4998] close(27) = -1 EBADF (Bad file descriptor) [pid 4998] close(28) = -1 EBADF (Bad file descriptor) [pid 4998] close(29) = -1 EBADF (Bad file descriptor) [pid 4998] exit_group(0) = ? [pid 4998] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=64 /* 0.64 s */} --- [pid 4994] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./1/binderfs") = 0 [pid 4994] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./1/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./1") = 0 [pid 4994] mkdir("./2", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 4 ./strace-static-x86_64: Process 4999 attached [pid 4999] chdir("./2") = 0 [pid 4999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] setpgid(0, 0) = 0 [pid 4999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4999] write(3, "1000", 4) = 4 [pid 4999] close(3) = 0 [pid 4999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4999] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 4999] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 4999] memfd_create("syzkaller", 0) = 4 [pid 4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 4999] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4999] munmap(0x7f222ed5e000, 2097152) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 4999] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 4999] close(4) = 0 [pid 4999] mkdir("./file0", 0777) = 0 [pid 4999] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 4999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 4999] chdir("./file0") = 0 [pid 4999] ioctl(5, LOOP_CLR_FD) = 0 [pid 4999] close(5) = 0 [pid 4999] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 4999] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 74.469867][ T4999] loop0: detected capacity change from 0 to 4096 [ 74.480050][ T4999] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 74.496388][ T4999] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 4999] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 4999] open("./file0", O_RDONLY) = 7 [pid 4999] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 74.516688][ T27] audit: type=1800 audit(1683090816.431:6): pid=4999 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 74.537166][ T27] audit: type=1804 audit(1683090816.451:7): pid=4999 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/2/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 4999] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 4999] close(3) = 0 [pid 4999] close(4) = 0 [pid 4999] close(5) = 0 [pid 4999] close(6) = 0 [pid 4999] close(7) = 0 [pid 4999] close(8) = -1 EBADF (Bad file descriptor) [pid 4999] close(9) = -1 EBADF (Bad file descriptor) [pid 4999] close(10) = -1 EBADF (Bad file descriptor) [pid 4999] close(11) = -1 EBADF (Bad file descriptor) [pid 4999] close(12) = -1 EBADF (Bad file descriptor) [pid 4999] close(13) = -1 EBADF (Bad file descriptor) [pid 4999] close(14) = -1 EBADF (Bad file descriptor) [pid 4999] close(15) = -1 EBADF (Bad file descriptor) [pid 4999] close(16) = -1 EBADF (Bad file descriptor) [pid 4999] close(17) = -1 EBADF (Bad file descriptor) [pid 4999] close(18) = -1 EBADF (Bad file descriptor) [pid 4999] close(19) = -1 EBADF (Bad file descriptor) [pid 4999] close(20) = -1 EBADF (Bad file descriptor) [pid 4999] close(21) = -1 EBADF (Bad file descriptor) [pid 4999] close(22) = -1 EBADF (Bad file descriptor) [pid 4999] close(23) = -1 EBADF (Bad file descriptor) [pid 4999] close(24) = -1 EBADF (Bad file descriptor) [pid 4999] close(25) = -1 EBADF (Bad file descriptor) [pid 4999] close(26) = -1 EBADF (Bad file descriptor) [pid 4999] close(27) = -1 EBADF (Bad file descriptor) [pid 4999] close(28) = -1 EBADF (Bad file descriptor) [pid 4999] close(29) = -1 EBADF (Bad file descriptor) [pid 4999] exit_group(0) = ? [pid 4999] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=61 /* 0.61 s */} --- [pid 4994] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./2/binderfs") = 0 [pid 4994] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./2/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./2") = 0 [pid 4994] mkdir("./3", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 5 ./strace-static-x86_64: Process 5000 attached [pid 5000] chdir("./3") = 0 [pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5000] setpgid(0, 0) = 0 [pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5000] write(3, "1000", 4) = 4 [pid 5000] close(3) = 0 [pid 5000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5000] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5000] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5000] memfd_create("syzkaller", 0) = 4 [pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5000] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5000] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5000] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5000] close(4) = 0 [pid 5000] mkdir("./file0", 0777) = 0 [pid 5000] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5000] chdir("./file0") = 0 [pid 5000] ioctl(5, LOOP_CLR_FD) = 0 [pid 5000] close(5) = 0 [ 75.606298][ T5000] loop0: detected capacity change from 0 to 4096 [ 75.615979][ T5000] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 75.632157][ T5000] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5000] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5000] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5000] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5000] open("./file0", O_RDONLY) = 7 [pid 5000] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 75.648692][ T27] audit: type=1800 audit(1683090817.561:8): pid=5000 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 75.682444][ T27] audit: type=1804 audit(1683090817.561:9): pid=5000 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/3/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5000] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5000] close(3) = 0 [pid 5000] close(4) = 0 [pid 5000] close(5) = 0 [pid 5000] close(6) = 0 [pid 5000] close(7) = 0 [pid 5000] close(8) = -1 EBADF (Bad file descriptor) [pid 5000] close(9) = -1 EBADF (Bad file descriptor) [pid 5000] close(10) = -1 EBADF (Bad file descriptor) [pid 5000] close(11) = -1 EBADF (Bad file descriptor) [pid 5000] close(12) = -1 EBADF (Bad file descriptor) [pid 5000] close(13) = -1 EBADF (Bad file descriptor) [pid 5000] close(14) = -1 EBADF (Bad file descriptor) [pid 5000] close(15) = -1 EBADF (Bad file descriptor) [pid 5000] close(16) = -1 EBADF (Bad file descriptor) [pid 5000] close(17) = -1 EBADF (Bad file descriptor) [pid 5000] close(18) = -1 EBADF (Bad file descriptor) [pid 5000] close(19) = -1 EBADF (Bad file descriptor) [pid 5000] close(20) = -1 EBADF (Bad file descriptor) [pid 5000] close(21) = -1 EBADF (Bad file descriptor) [pid 5000] close(22) = -1 EBADF (Bad file descriptor) [pid 5000] close(23) = -1 EBADF (Bad file descriptor) [pid 5000] close(24) = -1 EBADF (Bad file descriptor) [pid 5000] close(25) = -1 EBADF (Bad file descriptor) [pid 5000] close(26) = -1 EBADF (Bad file descriptor) [pid 5000] close(27) = -1 EBADF (Bad file descriptor) [pid 5000] close(28) = -1 EBADF (Bad file descriptor) [pid 5000] close(29) = -1 EBADF (Bad file descriptor) [pid 5000] exit_group(0) = ? [pid 5000] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=61 /* 0.61 s */} --- [pid 4994] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./3/binderfs") = 0 [pid 4994] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./3/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./3") = 0 [pid 4994] mkdir("./4", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 6 ./strace-static-x86_64: Process 5001 attached [pid 5001] chdir("./4") = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5001] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5001] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5001] memfd_create("syzkaller", 0) = 4 [pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5001] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5001] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5001] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5001] close(4) = 0 [pid 5001] mkdir("./file0", 0777) = 0 [pid 5001] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5001] chdir("./file0") = 0 [pid 5001] ioctl(5, LOOP_CLR_FD) = 0 [pid 5001] close(5) = 0 [pid 5001] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5001] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 76.821972][ T5001] loop0: detected capacity change from 0 to 4096 [ 76.835749][ T5001] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 76.861780][ T5001] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5001] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5001] open("./file0", O_RDONLY) = 7 [pid 5001] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 76.893288][ T27] audit: type=1800 audit(1683090818.801:10): pid=5001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 76.948248][ T27] audit: type=1804 audit(1683090818.831:11): pid=5001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/4/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5001] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5001] close(3) = 0 [pid 5001] close(4) = 0 [pid 5001] close(5) = 0 [pid 5001] close(6) = 0 [pid 5001] close(7) = 0 [pid 5001] close(8) = -1 EBADF (Bad file descriptor) [pid 5001] close(9) = -1 EBADF (Bad file descriptor) [pid 5001] close(10) = -1 EBADF (Bad file descriptor) [pid 5001] close(11) = -1 EBADF (Bad file descriptor) [pid 5001] close(12) = -1 EBADF (Bad file descriptor) [pid 5001] close(13) = -1 EBADF (Bad file descriptor) [pid 5001] close(14) = -1 EBADF (Bad file descriptor) [pid 5001] close(15) = -1 EBADF (Bad file descriptor) [pid 5001] close(16) = -1 EBADF (Bad file descriptor) [pid 5001] close(17) = -1 EBADF (Bad file descriptor) [pid 5001] close(18) = -1 EBADF (Bad file descriptor) [pid 5001] close(19) = -1 EBADF (Bad file descriptor) [pid 5001] close(20) = -1 EBADF (Bad file descriptor) [pid 5001] close(21) = -1 EBADF (Bad file descriptor) [pid 5001] close(22) = -1 EBADF (Bad file descriptor) [pid 5001] close(23) = -1 EBADF (Bad file descriptor) [pid 5001] close(24) = -1 EBADF (Bad file descriptor) [pid 5001] close(25) = -1 EBADF (Bad file descriptor) [pid 5001] close(26) = -1 EBADF (Bad file descriptor) [pid 5001] close(27) = -1 EBADF (Bad file descriptor) [pid 5001] close(28) = -1 EBADF (Bad file descriptor) [pid 5001] close(29) = -1 EBADF (Bad file descriptor) [pid 5001] exit_group(0) = ? [pid 5001] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./4/binderfs") = 0 [pid 4994] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./4/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./4") = 0 [pid 4994] mkdir("./5", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 7 ./strace-static-x86_64: Process 5002 attached [pid 5002] chdir("./5") = 0 [pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] setpgid(0, 0) = 0 [pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5002] write(3, "1000", 4) = 4 [pid 5002] close(3) = 0 [pid 5002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5002] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5002] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5002] memfd_create("syzkaller", 0) = 4 [pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5002] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5002] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5002] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5002] close(4) = 0 [pid 5002] mkdir("./file0", 0777) = 0 [pid 5002] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5002] chdir("./file0") = 0 [pid 5002] ioctl(5, LOOP_CLR_FD) = 0 [pid 5002] close(5) = 0 [pid 5002] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 78.041636][ T5002] loop0: detected capacity change from 0 to 4096 [ 78.051397][ T5002] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 78.067959][ T5002] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5002] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5002] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5002] open("./file0", O_RDONLY) = 7 [pid 5002] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 78.083785][ T27] audit: type=1800 audit(1683090819.991:12): pid=5002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 78.116508][ T27] audit: type=1804 audit(1683090819.991:13): pid=5002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/5/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5002] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5002] close(3) = 0 [pid 5002] close(4) = 0 [pid 5002] close(5) = 0 [pid 5002] close(6) = 0 [pid 5002] close(7) = 0 [pid 5002] close(8) = -1 EBADF (Bad file descriptor) [pid 5002] close(9) = -1 EBADF (Bad file descriptor) [pid 5002] close(10) = -1 EBADF (Bad file descriptor) [pid 5002] close(11) = -1 EBADF (Bad file descriptor) [pid 5002] close(12) = -1 EBADF (Bad file descriptor) [pid 5002] close(13) = -1 EBADF (Bad file descriptor) [pid 5002] close(14) = -1 EBADF (Bad file descriptor) [pid 5002] close(15) = -1 EBADF (Bad file descriptor) [pid 5002] close(16) = -1 EBADF (Bad file descriptor) [pid 5002] close(17) = -1 EBADF (Bad file descriptor) [pid 5002] close(18) = -1 EBADF (Bad file descriptor) [pid 5002] close(19) = -1 EBADF (Bad file descriptor) [pid 5002] close(20) = -1 EBADF (Bad file descriptor) [pid 5002] close(21) = -1 EBADF (Bad file descriptor) [pid 5002] close(22) = -1 EBADF (Bad file descriptor) [pid 5002] close(23) = -1 EBADF (Bad file descriptor) [pid 5002] close(24) = -1 EBADF (Bad file descriptor) [pid 5002] close(25) = -1 EBADF (Bad file descriptor) [pid 5002] close(26) = -1 EBADF (Bad file descriptor) [pid 5002] close(27) = -1 EBADF (Bad file descriptor) [pid 5002] close(28) = -1 EBADF (Bad file descriptor) [pid 5002] close(29) = -1 EBADF (Bad file descriptor) [pid 5002] exit_group(0) = ? [pid 5002] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./5/binderfs") = 0 [pid 4994] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./5/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./5") = 0 [pid 4994] mkdir("./6", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 8 ./strace-static-x86_64: Process 5003 attached [pid 5003] chdir("./6") = 0 [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5003] setpgid(0, 0) = 0 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1000", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5003] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5003] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5003] memfd_create("syzkaller", 0) = 4 [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5003] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5003] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5003] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5003] close(4) = 0 [pid 5003] mkdir("./file0", 0777) = 0 [pid 5003] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5003] chdir("./file0") = 0 [pid 5003] ioctl(5, LOOP_CLR_FD) = 0 [pid 5003] close(5) = 0 [pid 5003] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5003] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5003] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [ 79.147144][ T5003] loop0: detected capacity change from 0 to 4096 [ 79.157616][ T5003] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 79.176432][ T5003] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5003] open("./file0", O_RDONLY) = 7 [pid 5003] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 79.208513][ T27] audit: type=1800 audit(1683090821.121:14): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 79.228731][ T27] audit: type=1804 audit(1683090821.121:15): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/6/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5003] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5003] close(3) = 0 [pid 5003] close(4) = 0 [pid 5003] close(5) = 0 [pid 5003] close(6) = 0 [pid 5003] close(7) = 0 [pid 5003] close(8) = -1 EBADF (Bad file descriptor) [pid 5003] close(9) = -1 EBADF (Bad file descriptor) [pid 5003] close(10) = -1 EBADF (Bad file descriptor) [pid 5003] close(11) = -1 EBADF (Bad file descriptor) [pid 5003] close(12) = -1 EBADF (Bad file descriptor) [pid 5003] close(13) = -1 EBADF (Bad file descriptor) [pid 5003] close(14) = -1 EBADF (Bad file descriptor) [pid 5003] close(15) = -1 EBADF (Bad file descriptor) [pid 5003] close(16) = -1 EBADF (Bad file descriptor) [pid 5003] close(17) = -1 EBADF (Bad file descriptor) [pid 5003] close(18) = -1 EBADF (Bad file descriptor) [pid 5003] close(19) = -1 EBADF (Bad file descriptor) [pid 5003] close(20) = -1 EBADF (Bad file descriptor) [pid 5003] close(21) = -1 EBADF (Bad file descriptor) [pid 5003] close(22) = -1 EBADF (Bad file descriptor) [pid 5003] close(23) = -1 EBADF (Bad file descriptor) [pid 5003] close(24) = -1 EBADF (Bad file descriptor) [pid 5003] close(25) = -1 EBADF (Bad file descriptor) [pid 5003] close(26) = -1 EBADF (Bad file descriptor) [pid 5003] close(27) = -1 EBADF (Bad file descriptor) [pid 5003] close(28) = -1 EBADF (Bad file descriptor) [pid 5003] close(29) = -1 EBADF (Bad file descriptor) [pid 5003] exit_group(0) = ? [pid 5003] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./6/binderfs") = 0 [pid 4994] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./6/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./6") = 0 [pid 4994] mkdir("./7", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 9 ./strace-static-x86_64: Process 5004 attached [pid 5004] chdir("./7") = 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5004] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5004] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5004] memfd_create("syzkaller", 0) = 4 [pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5004] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5004] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5004] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5004] close(4) = 0 [pid 5004] mkdir("./file0", 0777) = 0 [pid 5004] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5004] chdir("./file0") = 0 [pid 5004] ioctl(5, LOOP_CLR_FD) = 0 [pid 5004] close(5) = 0 [pid 5004] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5004] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 80.292241][ T5004] loop0: detected capacity change from 0 to 4096 [ 80.301948][ T5004] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 80.332133][ T5004] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5004] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5004] open("./file0", O_RDONLY) = 7 [pid 5004] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 80.357429][ T27] audit: type=1800 audit(1683090822.271:16): pid=5004 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 80.379094][ T27] audit: type=1804 audit(1683090822.271:17): pid=5004 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/7/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5004] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5004] close(3) = 0 [pid 5004] close(4) = 0 [pid 5004] close(5) = 0 [pid 5004] close(6) = 0 [pid 5004] close(7) = 0 [pid 5004] close(8) = -1 EBADF (Bad file descriptor) [pid 5004] close(9) = -1 EBADF (Bad file descriptor) [pid 5004] close(10) = -1 EBADF (Bad file descriptor) [pid 5004] close(11) = -1 EBADF (Bad file descriptor) [pid 5004] close(12) = -1 EBADF (Bad file descriptor) [pid 5004] close(13) = -1 EBADF (Bad file descriptor) [pid 5004] close(14) = -1 EBADF (Bad file descriptor) [pid 5004] close(15) = -1 EBADF (Bad file descriptor) [pid 5004] close(16) = -1 EBADF (Bad file descriptor) [pid 5004] close(17) = -1 EBADF (Bad file descriptor) [pid 5004] close(18) = -1 EBADF (Bad file descriptor) [pid 5004] close(19) = -1 EBADF (Bad file descriptor) [pid 5004] close(20) = -1 EBADF (Bad file descriptor) [pid 5004] close(21) = -1 EBADF (Bad file descriptor) [pid 5004] close(22) = -1 EBADF (Bad file descriptor) [pid 5004] close(23) = -1 EBADF (Bad file descriptor) [pid 5004] close(24) = -1 EBADF (Bad file descriptor) [pid 5004] close(25) = -1 EBADF (Bad file descriptor) [pid 5004] close(26) = -1 EBADF (Bad file descriptor) [pid 5004] close(27) = -1 EBADF (Bad file descriptor) [pid 5004] close(28) = -1 EBADF (Bad file descriptor) [pid 5004] close(29) = -1 EBADF (Bad file descriptor) [pid 5004] exit_group(0) = ? [pid 5004] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=64 /* 0.64 s */} --- [pid 4994] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./7/binderfs") = 0 [pid 4994] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./7/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./7") = 0 [pid 4994] mkdir("./8", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 10 ./strace-static-x86_64: Process 5005 attached [pid 5005] chdir("./8") = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5005] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5005] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5005] memfd_create("syzkaller", 0) = 4 [pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5005] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5005] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5005] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5005] close(4) = 0 [pid 5005] mkdir("./file0", 0777) = 0 [pid 5005] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5005] chdir("./file0") = 0 [pid 5005] ioctl(5, LOOP_CLR_FD) = 0 [pid 5005] close(5) = 0 [pid 5005] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5005] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5005] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [ 81.464179][ T5005] loop0: detected capacity change from 0 to 4096 [ 81.475214][ T5005] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 81.493721][ T5005] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5005] open("./file0", O_RDONLY) = 7 [pid 5005] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 81.529414][ T27] audit: type=1800 audit(1683090823.441:18): pid=5005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 81.551349][ T27] audit: type=1804 audit(1683090823.441:19): pid=5005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/8/file0/file0" dev="loop0" ino=33 res=1 errno=0 [ 81.706329][ T26] cfg80211: failed to load regulatory.db [pid 5005] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5005] close(3) = 0 [pid 5005] close(4) = 0 [pid 5005] close(5) = 0 [pid 5005] close(6) = 0 [pid 5005] close(7) = 0 [pid 5005] close(8) = -1 EBADF (Bad file descriptor) [pid 5005] close(9) = -1 EBADF (Bad file descriptor) [pid 5005] close(10) = -1 EBADF (Bad file descriptor) [pid 5005] close(11) = -1 EBADF (Bad file descriptor) [pid 5005] close(12) = -1 EBADF (Bad file descriptor) [pid 5005] close(13) = -1 EBADF (Bad file descriptor) [pid 5005] close(14) = -1 EBADF (Bad file descriptor) [pid 5005] close(15) = -1 EBADF (Bad file descriptor) [pid 5005] close(16) = -1 EBADF (Bad file descriptor) [pid 5005] close(17) = -1 EBADF (Bad file descriptor) [pid 5005] close(18) = -1 EBADF (Bad file descriptor) [pid 5005] close(19) = -1 EBADF (Bad file descriptor) [pid 5005] close(20) = -1 EBADF (Bad file descriptor) [pid 5005] close(21) = -1 EBADF (Bad file descriptor) [pid 5005] close(22) = -1 EBADF (Bad file descriptor) [pid 5005] close(23) = -1 EBADF (Bad file descriptor) [pid 5005] close(24) = -1 EBADF (Bad file descriptor) [pid 5005] close(25) = -1 EBADF (Bad file descriptor) [pid 5005] close(26) = -1 EBADF (Bad file descriptor) [pid 5005] close(27) = -1 EBADF (Bad file descriptor) [pid 5005] close(28) = -1 EBADF (Bad file descriptor) [pid 5005] close(29) = -1 EBADF (Bad file descriptor) [pid 5005] exit_group(0) = ? [pid 5005] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=65 /* 0.65 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./8/binderfs") = 0 [pid 4994] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./8/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./8") = 0 [pid 4994] mkdir("./9", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 11 ./strace-static-x86_64: Process 5006 attached [pid 5006] chdir("./9") = 0 [pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5006] setpgid(0, 0) = 0 [pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5006] write(3, "1000", 4) = 4 [pid 5006] close(3) = 0 [pid 5006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5006] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5006] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5006] memfd_create("syzkaller", 0) = 4 [pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5006] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5006] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5006] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5006] close(4) = 0 [pid 5006] mkdir("./file0", 0777) = 0 [pid 5006] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5006] chdir("./file0") = 0 [pid 5006] ioctl(5, LOOP_CLR_FD) = 0 [pid 5006] close(5) = 0 [pid 5006] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5006] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 82.548362][ T5006] loop0: detected capacity change from 0 to 4096 [ 82.558963][ T5006] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 82.578984][ T5006] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5006] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5006] open("./file0", O_RDONLY) = 7 [pid 5006] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 82.607968][ T27] audit: type=1800 audit(1683090824.521:20): pid=5006 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 82.630543][ T27] audit: type=1804 audit(1683090824.541:21): pid=5006 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/9/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5006] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5006] close(3) = 0 [pid 5006] close(4) = 0 [pid 5006] close(5) = 0 [pid 5006] close(6) = 0 [pid 5006] close(7) = 0 [pid 5006] close(8) = -1 EBADF (Bad file descriptor) [pid 5006] close(9) = -1 EBADF (Bad file descriptor) [pid 5006] close(10) = -1 EBADF (Bad file descriptor) [pid 5006] close(11) = -1 EBADF (Bad file descriptor) [pid 5006] close(12) = -1 EBADF (Bad file descriptor) [pid 5006] close(13) = -1 EBADF (Bad file descriptor) [pid 5006] close(14) = -1 EBADF (Bad file descriptor) [pid 5006] close(15) = -1 EBADF (Bad file descriptor) [pid 5006] close(16) = -1 EBADF (Bad file descriptor) [pid 5006] close(17) = -1 EBADF (Bad file descriptor) [pid 5006] close(18) = -1 EBADF (Bad file descriptor) [pid 5006] close(19) = -1 EBADF (Bad file descriptor) [pid 5006] close(20) = -1 EBADF (Bad file descriptor) [pid 5006] close(21) = -1 EBADF (Bad file descriptor) [pid 5006] close(22) = -1 EBADF (Bad file descriptor) [pid 5006] close(23) = -1 EBADF (Bad file descriptor) [pid 5006] close(24) = -1 EBADF (Bad file descriptor) [pid 5006] close(25) = -1 EBADF (Bad file descriptor) [pid 5006] close(26) = -1 EBADF (Bad file descriptor) [pid 5006] close(27) = -1 EBADF (Bad file descriptor) [pid 5006] close(28) = -1 EBADF (Bad file descriptor) [pid 5006] close(29) = -1 EBADF (Bad file descriptor) [pid 5006] exit_group(0) = ? [pid 5006] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./9/binderfs") = 0 [pid 4994] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./9/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./9") = 0 [pid 4994] mkdir("./10", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5007 attached , child_tidptr=0x55555716c5d0) = 12 [pid 5007] chdir("./10") = 0 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5007] setpgid(0, 0) = 0 [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5007] write(3, "1000", 4) = 4 [pid 5007] close(3) = 0 [pid 5007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5007] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5007] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5007] memfd_create("syzkaller", 0) = 4 [pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5007] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5007] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5007] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5007] close(4) = 0 [pid 5007] mkdir("./file0", 0777) = 0 [pid 5007] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5007] chdir("./file0") = 0 [pid 5007] ioctl(5, LOOP_CLR_FD) = 0 [pid 5007] close(5) = 0 [pid 5007] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5007] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 83.693597][ T5007] loop0: detected capacity change from 0 to 4096 [ 83.704121][ T5007] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 83.720503][ T5007] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5007] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5007] open("./file0", O_RDONLY) = 7 [pid 5007] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 83.749479][ T27] audit: type=1800 audit(1683090825.661:22): pid=5007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 83.770527][ T27] audit: type=1804 audit(1683090825.681:23): pid=5007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/10/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5007] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5007] close(3) = 0 [pid 5007] close(4) = 0 [pid 5007] close(5) = 0 [pid 5007] close(6) = 0 [pid 5007] close(7) = 0 [pid 5007] close(8) = -1 EBADF (Bad file descriptor) [pid 5007] close(9) = -1 EBADF (Bad file descriptor) [pid 5007] close(10) = -1 EBADF (Bad file descriptor) [pid 5007] close(11) = -1 EBADF (Bad file descriptor) [pid 5007] close(12) = -1 EBADF (Bad file descriptor) [pid 5007] close(13) = -1 EBADF (Bad file descriptor) [pid 5007] close(14) = -1 EBADF (Bad file descriptor) [pid 5007] close(15) = -1 EBADF (Bad file descriptor) [pid 5007] close(16) = -1 EBADF (Bad file descriptor) [pid 5007] close(17) = -1 EBADF (Bad file descriptor) [pid 5007] close(18) = -1 EBADF (Bad file descriptor) [pid 5007] close(19) = -1 EBADF (Bad file descriptor) [pid 5007] close(20) = -1 EBADF (Bad file descriptor) [pid 5007] close(21) = -1 EBADF (Bad file descriptor) [pid 5007] close(22) = -1 EBADF (Bad file descriptor) [pid 5007] close(23) = -1 EBADF (Bad file descriptor) [pid 5007] close(24) = -1 EBADF (Bad file descriptor) [pid 5007] close(25) = -1 EBADF (Bad file descriptor) [pid 5007] close(26) = -1 EBADF (Bad file descriptor) [pid 5007] close(27) = -1 EBADF (Bad file descriptor) [pid 5007] close(28) = -1 EBADF (Bad file descriptor) [pid 5007] close(29) = -1 EBADF (Bad file descriptor) [pid 5007] exit_group(0) = ? [pid 5007] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=58 /* 0.58 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./10/binderfs") = 0 [pid 4994] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./10/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./10") = 0 [pid 4994] mkdir("./11", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 13 ./strace-static-x86_64: Process 5008 attached [pid 5008] chdir("./11") = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5008] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5008] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5008] memfd_create("syzkaller", 0) = 4 [pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5008] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5008] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5008] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5008] close(4) = 0 [pid 5008] mkdir("./file0", 0777) = 0 [pid 5008] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5008] chdir("./file0") = 0 [pid 5008] ioctl(5, LOOP_CLR_FD) = 0 [pid 5008] close(5) = 0 [pid 5008] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5008] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 84.769909][ T5008] loop0: detected capacity change from 0 to 4096 [ 84.780553][ T5008] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 84.798074][ T5008] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5008] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5008] open("./file0", O_RDONLY) = 7 [pid 5008] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 84.824570][ T27] audit: type=1800 audit(1683090826.731:24): pid=5008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 84.862015][ T27] audit: type=1804 audit(1683090826.741:25): pid=5008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/11/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5008] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5008] close(3) = 0 [pid 5008] close(4) = 0 [pid 5008] close(5) = 0 [pid 5008] close(6) = 0 [pid 5008] close(7) = 0 [pid 5008] close(8) = -1 EBADF (Bad file descriptor) [pid 5008] close(9) = -1 EBADF (Bad file descriptor) [pid 5008] close(10) = -1 EBADF (Bad file descriptor) [pid 5008] close(11) = -1 EBADF (Bad file descriptor) [pid 5008] close(12) = -1 EBADF (Bad file descriptor) [pid 5008] close(13) = -1 EBADF (Bad file descriptor) [pid 5008] close(14) = -1 EBADF (Bad file descriptor) [pid 5008] close(15) = -1 EBADF (Bad file descriptor) [pid 5008] close(16) = -1 EBADF (Bad file descriptor) [pid 5008] close(17) = -1 EBADF (Bad file descriptor) [pid 5008] close(18) = -1 EBADF (Bad file descriptor) [pid 5008] close(19) = -1 EBADF (Bad file descriptor) [pid 5008] close(20) = -1 EBADF (Bad file descriptor) [pid 5008] close(21) = -1 EBADF (Bad file descriptor) [pid 5008] close(22) = -1 EBADF (Bad file descriptor) [pid 5008] close(23) = -1 EBADF (Bad file descriptor) [pid 5008] close(24) = -1 EBADF (Bad file descriptor) [pid 5008] close(25) = -1 EBADF (Bad file descriptor) [pid 5008] close(26) = -1 EBADF (Bad file descriptor) [pid 5008] close(27) = -1 EBADF (Bad file descriptor) [pid 5008] close(28) = -1 EBADF (Bad file descriptor) [pid 5008] close(29) = -1 EBADF (Bad file descriptor) [pid 5008] exit_group(0) = ? [pid 5008] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=66 /* 0.66 s */} --- [pid 4994] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./11/binderfs") = 0 [pid 4994] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./11/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./11") = 0 [pid 4994] mkdir("./12", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 14 ./strace-static-x86_64: Process 5009 attached [pid 5009] chdir("./12") = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5009] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5009] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5009] memfd_create("syzkaller", 0) = 4 [pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5009] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5009] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5009] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5009] close(4) = 0 [pid 5009] mkdir("./file0", 0777) = 0 [pid 5009] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5009] chdir("./file0") = 0 [pid 5009] ioctl(5, LOOP_CLR_FD) = 0 [pid 5009] close(5) = 0 [pid 5009] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5009] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 85.902899][ T5009] loop0: detected capacity change from 0 to 4096 [ 85.912816][ T5009] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 85.930480][ T5009] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5009] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5009] open("./file0", O_RDONLY) = 7 [pid 5009] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 85.966146][ T27] audit: type=1800 audit(1683090827.881:26): pid=5009 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 85.987404][ T27] audit: type=1804 audit(1683090827.881:27): pid=5009 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/12/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5009] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5009] close(3) = 0 [pid 5009] close(4) = 0 [pid 5009] close(5) = 0 [pid 5009] close(6) = 0 [pid 5009] close(7) = 0 [pid 5009] close(8) = -1 EBADF (Bad file descriptor) [pid 5009] close(9) = -1 EBADF (Bad file descriptor) [pid 5009] close(10) = -1 EBADF (Bad file descriptor) [pid 5009] close(11) = -1 EBADF (Bad file descriptor) [pid 5009] close(12) = -1 EBADF (Bad file descriptor) [pid 5009] close(13) = -1 EBADF (Bad file descriptor) [pid 5009] close(14) = -1 EBADF (Bad file descriptor) [pid 5009] close(15) = -1 EBADF (Bad file descriptor) [pid 5009] close(16) = -1 EBADF (Bad file descriptor) [pid 5009] close(17) = -1 EBADF (Bad file descriptor) [pid 5009] close(18) = -1 EBADF (Bad file descriptor) [pid 5009] close(19) = -1 EBADF (Bad file descriptor) [pid 5009] close(20) = -1 EBADF (Bad file descriptor) [pid 5009] close(21) = -1 EBADF (Bad file descriptor) [pid 5009] close(22) = -1 EBADF (Bad file descriptor) [pid 5009] close(23) = -1 EBADF (Bad file descriptor) [pid 5009] close(24) = -1 EBADF (Bad file descriptor) [pid 5009] close(25) = -1 EBADF (Bad file descriptor) [pid 5009] close(26) = -1 EBADF (Bad file descriptor) [pid 5009] close(27) = -1 EBADF (Bad file descriptor) [pid 5009] close(28) = -1 EBADF (Bad file descriptor) [pid 5009] close(29) = -1 EBADF (Bad file descriptor) [pid 5009] exit_group(0) = ? [pid 5009] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- [pid 4994] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./12/binderfs") = 0 [pid 4994] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./12/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./12") = 0 [pid 4994] mkdir("./13", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5010 attached [pid 5010] chdir("./13") = 0 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4994] <... clone resumed>, child_tidptr=0x55555716c5d0) = 15 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5010] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5010] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5010] memfd_create("syzkaller", 0) = 4 [pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5010] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5010] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5010] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5010] close(4) = 0 [pid 5010] mkdir("./file0", 0777) = 0 [pid 5010] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5010] chdir("./file0") = 0 [pid 5010] ioctl(5, LOOP_CLR_FD) = 0 [pid 5010] close(5) = 0 [pid 5010] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5010] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 86.978300][ T5010] loop0: detected capacity change from 0 to 4096 [ 86.988926][ T5010] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 87.006936][ T5010] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5010] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5010] open("./file0", O_RDONLY) = 7 [pid 5010] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 87.032236][ T27] audit: type=1800 audit(1683090828.941:28): pid=5010 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 87.052889][ T27] audit: type=1804 audit(1683090828.941:29): pid=5010 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/13/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5010] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5010] close(3) = 0 [pid 5010] close(4) = 0 [pid 5010] close(5) = 0 [pid 5010] close(6) = 0 [pid 5010] close(7) = 0 [pid 5010] close(8) = -1 EBADF (Bad file descriptor) [pid 5010] close(9) = -1 EBADF (Bad file descriptor) [pid 5010] close(10) = -1 EBADF (Bad file descriptor) [pid 5010] close(11) = -1 EBADF (Bad file descriptor) [pid 5010] close(12) = -1 EBADF (Bad file descriptor) [pid 5010] close(13) = -1 EBADF (Bad file descriptor) [pid 5010] close(14) = -1 EBADF (Bad file descriptor) [pid 5010] close(15) = -1 EBADF (Bad file descriptor) [pid 5010] close(16) = -1 EBADF (Bad file descriptor) [pid 5010] close(17) = -1 EBADF (Bad file descriptor) [pid 5010] close(18) = -1 EBADF (Bad file descriptor) [pid 5010] close(19) = -1 EBADF (Bad file descriptor) [pid 5010] close(20) = -1 EBADF (Bad file descriptor) [pid 5010] close(21) = -1 EBADF (Bad file descriptor) [pid 5010] close(22) = -1 EBADF (Bad file descriptor) [pid 5010] close(23) = -1 EBADF (Bad file descriptor) [pid 5010] close(24) = -1 EBADF (Bad file descriptor) [pid 5010] close(25) = -1 EBADF (Bad file descriptor) [pid 5010] close(26) = -1 EBADF (Bad file descriptor) [pid 5010] close(27) = -1 EBADF (Bad file descriptor) [pid 5010] close(28) = -1 EBADF (Bad file descriptor) [pid 5010] close(29) = -1 EBADF (Bad file descriptor) [pid 5010] exit_group(0) = ? [pid 5010] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=61 /* 0.61 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./13/binderfs") = 0 [pid 4994] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./13/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./13") = 0 [pid 4994] mkdir("./14", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 16 ./strace-static-x86_64: Process 5011 attached [pid 5011] chdir("./14") = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5011] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5011] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5011] memfd_create("syzkaller", 0) = 4 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5011] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5011] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5011] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5011] close(4) = 0 [pid 5011] mkdir("./file0", 0777) = 0 [pid 5011] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5011] chdir("./file0") = 0 [pid 5011] ioctl(5, LOOP_CLR_FD) = 0 [pid 5011] close(5) = 0 [pid 5011] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5011] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5011] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5011] open("./file0", O_RDONLY) = 7 [pid 5011] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 88.066736][ T5011] loop0: detected capacity change from 0 to 4096 [ 88.076014][ T5011] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 88.091737][ T5011] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 88.109808][ T27] audit: type=1800 audit(1683090830.021:30): pid=5011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 88.141323][ T27] audit: type=1804 audit(1683090830.021:31): pid=5011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/14/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5011] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5011] close(3) = 0 [pid 5011] close(4) = 0 [pid 5011] close(5) = 0 [pid 5011] close(6) = 0 [pid 5011] close(7) = 0 [pid 5011] close(8) = -1 EBADF (Bad file descriptor) [pid 5011] close(9) = -1 EBADF (Bad file descriptor) [pid 5011] close(10) = -1 EBADF (Bad file descriptor) [pid 5011] close(11) = -1 EBADF (Bad file descriptor) [pid 5011] close(12) = -1 EBADF (Bad file descriptor) [pid 5011] close(13) = -1 EBADF (Bad file descriptor) [pid 5011] close(14) = -1 EBADF (Bad file descriptor) [pid 5011] close(15) = -1 EBADF (Bad file descriptor) [pid 5011] close(16) = -1 EBADF (Bad file descriptor) [pid 5011] close(17) = -1 EBADF (Bad file descriptor) [pid 5011] close(18) = -1 EBADF (Bad file descriptor) [pid 5011] close(19) = -1 EBADF (Bad file descriptor) [pid 5011] close(20) = -1 EBADF (Bad file descriptor) [pid 5011] close(21) = -1 EBADF (Bad file descriptor) [pid 5011] close(22) = -1 EBADF (Bad file descriptor) [pid 5011] close(23) = -1 EBADF (Bad file descriptor) [pid 5011] close(24) = -1 EBADF (Bad file descriptor) [pid 5011] close(25) = -1 EBADF (Bad file descriptor) [pid 5011] close(26) = -1 EBADF (Bad file descriptor) [pid 5011] close(27) = -1 EBADF (Bad file descriptor) [pid 5011] close(28) = -1 EBADF (Bad file descriptor) [pid 5011] close(29) = -1 EBADF (Bad file descriptor) [pid 5011] exit_group(0) = ? [pid 5011] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=53 /* 0.53 s */} --- [pid 4994] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./14/binderfs") = 0 [pid 4994] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./14/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./14") = 0 [pid 4994] mkdir("./15", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 17 ./strace-static-x86_64: Process 5012 attached [pid 5012] chdir("./15") = 0 [pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5012] setpgid(0, 0) = 0 [pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1000", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5012] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5012] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5012] memfd_create("syzkaller", 0) = 4 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5012] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5012] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5012] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5012] close(4) = 0 [pid 5012] mkdir("./file0", 0777) = 0 [pid 5012] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5012] chdir("./file0") = 0 [pid 5012] ioctl(5, LOOP_CLR_FD) = 0 [pid 5012] close(5) = 0 [pid 5012] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5012] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 89.121250][ T5012] loop0: detected capacity change from 0 to 4096 [ 89.131038][ T5012] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 89.150401][ T5012] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5012] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5012] open("./file0", O_RDONLY) = 7 [pid 5012] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 89.177019][ T27] audit: type=1800 audit(1683090831.091:32): pid=5012 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 89.197796][ T27] audit: type=1804 audit(1683090831.091:33): pid=5012 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/15/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5012] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5012] close(3) = 0 [pid 5012] close(4) = 0 [pid 5012] close(5) = 0 [pid 5012] close(6) = 0 [pid 5012] close(7) = 0 [pid 5012] close(8) = -1 EBADF (Bad file descriptor) [pid 5012] close(9) = -1 EBADF (Bad file descriptor) [pid 5012] close(10) = -1 EBADF (Bad file descriptor) [pid 5012] close(11) = -1 EBADF (Bad file descriptor) [pid 5012] close(12) = -1 EBADF (Bad file descriptor) [pid 5012] close(13) = -1 EBADF (Bad file descriptor) [pid 5012] close(14) = -1 EBADF (Bad file descriptor) [pid 5012] close(15) = -1 EBADF (Bad file descriptor) [pid 5012] close(16) = -1 EBADF (Bad file descriptor) [pid 5012] close(17) = -1 EBADF (Bad file descriptor) [pid 5012] close(18) = -1 EBADF (Bad file descriptor) [pid 5012] close(19) = -1 EBADF (Bad file descriptor) [pid 5012] close(20) = -1 EBADF (Bad file descriptor) [pid 5012] close(21) = -1 EBADF (Bad file descriptor) [pid 5012] close(22) = -1 EBADF (Bad file descriptor) [pid 5012] close(23) = -1 EBADF (Bad file descriptor) [pid 5012] close(24) = -1 EBADF (Bad file descriptor) [pid 5012] close(25) = -1 EBADF (Bad file descriptor) [pid 5012] close(26) = -1 EBADF (Bad file descriptor) [pid 5012] close(27) = -1 EBADF (Bad file descriptor) [pid 5012] close(28) = -1 EBADF (Bad file descriptor) [pid 5012] close(29) = -1 EBADF (Bad file descriptor) [pid 5012] exit_group(0) = ? [pid 5012] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=54 /* 0.54 s */} --- [pid 4994] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./15/binderfs") = 0 [pid 4994] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./15/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./15") = 0 [pid 4994] mkdir("./16", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 18 ./strace-static-x86_64: Process 5013 attached [pid 5013] chdir("./16") = 0 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5013] setpgid(0, 0) = 0 [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5013] write(3, "1000", 4) = 4 [pid 5013] close(3) = 0 [pid 5013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5013] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5013] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5013] memfd_create("syzkaller", 0) = 4 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5013] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5013] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5013] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5013] close(4) = 0 [pid 5013] mkdir("./file0", 0777) = 0 [pid 5013] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5013] chdir("./file0") = 0 [pid 5013] ioctl(5, LOOP_CLR_FD) = 0 [pid 5013] close(5) = 0 [pid 5013] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5013] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5013] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5013] open("./file0", O_RDONLY) = 7 [pid 5013] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 90.241576][ T5013] loop0: detected capacity change from 0 to 4096 [ 90.252194][ T5013] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 90.268683][ T5013] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 90.285296][ T27] audit: type=1800 audit(1683090832.201:34): pid=5013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 90.313919][ T27] audit: type=1804 audit(1683090832.201:35): pid=5013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/16/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5013] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5013] close(3) = 0 [pid 5013] close(4) = 0 [pid 5013] close(5) = 0 [pid 5013] close(6) = 0 [pid 5013] close(7) = 0 [pid 5013] close(8) = -1 EBADF (Bad file descriptor) [pid 5013] close(9) = -1 EBADF (Bad file descriptor) [pid 5013] close(10) = -1 EBADF (Bad file descriptor) [pid 5013] close(11) = -1 EBADF (Bad file descriptor) [pid 5013] close(12) = -1 EBADF (Bad file descriptor) [pid 5013] close(13) = -1 EBADF (Bad file descriptor) [pid 5013] close(14) = -1 EBADF (Bad file descriptor) [pid 5013] close(15) = -1 EBADF (Bad file descriptor) [pid 5013] close(16) = -1 EBADF (Bad file descriptor) [pid 5013] close(17) = -1 EBADF (Bad file descriptor) [pid 5013] close(18) = -1 EBADF (Bad file descriptor) [pid 5013] close(19) = -1 EBADF (Bad file descriptor) [pid 5013] close(20) = -1 EBADF (Bad file descriptor) [pid 5013] close(21) = -1 EBADF (Bad file descriptor) [pid 5013] close(22) = -1 EBADF (Bad file descriptor) [pid 5013] close(23) = -1 EBADF (Bad file descriptor) [pid 5013] close(24) = -1 EBADF (Bad file descriptor) [pid 5013] close(25) = -1 EBADF (Bad file descriptor) [pid 5013] close(26) = -1 EBADF (Bad file descriptor) [pid 5013] close(27) = -1 EBADF (Bad file descriptor) [pid 5013] close(28) = -1 EBADF (Bad file descriptor) [pid 5013] close(29) = -1 EBADF (Bad file descriptor) [pid 5013] exit_group(0) = ? [pid 5013] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 4994] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./16/binderfs") = 0 [pid 4994] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./16/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./16") = 0 [pid 4994] mkdir("./17", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 19 ./strace-static-x86_64: Process 5014 attached [pid 5014] chdir("./17") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5014] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5014] memfd_create("syzkaller", 0) = 4 [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5014] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5014] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5014] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5014] close(4) = 0 [pid 5014] mkdir("./file0", 0777) = 0 [pid 5014] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5014] chdir("./file0") = 0 [pid 5014] ioctl(5, LOOP_CLR_FD) = 0 [pid 5014] close(5) = 0 [pid 5014] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 91.345755][ T5014] loop0: detected capacity change from 0 to 4096 [ 91.355259][ T5014] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 91.373002][ T5014] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5014] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5014] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5014] open("./file0", O_RDONLY) = 7 [pid 5014] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 91.388090][ T27] audit: type=1800 audit(1683090833.301:36): pid=5014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 91.418637][ T27] audit: type=1804 audit(1683090833.301:37): pid=5014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/17/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5014] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5014] close(3) = 0 [pid 5014] close(4) = 0 [pid 5014] close(5) = 0 [pid 5014] close(6) = 0 [pid 5014] close(7) = 0 [pid 5014] close(8) = -1 EBADF (Bad file descriptor) [pid 5014] close(9) = -1 EBADF (Bad file descriptor) [pid 5014] close(10) = -1 EBADF (Bad file descriptor) [pid 5014] close(11) = -1 EBADF (Bad file descriptor) [pid 5014] close(12) = -1 EBADF (Bad file descriptor) [pid 5014] close(13) = -1 EBADF (Bad file descriptor) [pid 5014] close(14) = -1 EBADF (Bad file descriptor) [pid 5014] close(15) = -1 EBADF (Bad file descriptor) [pid 5014] close(16) = -1 EBADF (Bad file descriptor) [pid 5014] close(17) = -1 EBADF (Bad file descriptor) [pid 5014] close(18) = -1 EBADF (Bad file descriptor) [pid 5014] close(19) = -1 EBADF (Bad file descriptor) [pid 5014] close(20) = -1 EBADF (Bad file descriptor) [pid 5014] close(21) = -1 EBADF (Bad file descriptor) [pid 5014] close(22) = -1 EBADF (Bad file descriptor) [pid 5014] close(23) = -1 EBADF (Bad file descriptor) [pid 5014] close(24) = -1 EBADF (Bad file descriptor) [pid 5014] close(25) = -1 EBADF (Bad file descriptor) [pid 5014] close(26) = -1 EBADF (Bad file descriptor) [pid 5014] close(27) = -1 EBADF (Bad file descriptor) [pid 5014] close(28) = -1 EBADF (Bad file descriptor) [pid 5014] close(29) = -1 EBADF (Bad file descriptor) [pid 5014] exit_group(0) = ? [pid 5014] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 4994] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./17/binderfs") = 0 [pid 4994] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./17/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./17") = 0 [pid 4994] mkdir("./18", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5015 attached , child_tidptr=0x55555716c5d0) = 20 [pid 5015] chdir("./18") = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5015] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5015] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5015] memfd_create("syzkaller", 0) = 4 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5015] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5015] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5015] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5015] close(4) = 0 [pid 5015] mkdir("./file0", 0777) = 0 [pid 5015] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5015] chdir("./file0") = 0 [pid 5015] ioctl(5, LOOP_CLR_FD) = 0 [pid 5015] close(5) = 0 [pid 5015] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5015] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 92.407656][ T5015] loop0: detected capacity change from 0 to 4096 [ 92.416804][ T5015] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 92.433899][ T5015] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5015] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5015] open("./file0", O_RDONLY) = 7 [pid 5015] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 92.462368][ T27] audit: type=1800 audit(1683090834.371:38): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 92.494558][ T27] audit: type=1804 audit(1683090834.381:39): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/18/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5015] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5015] close(3) = 0 [pid 5015] close(4) = 0 [pid 5015] close(5) = 0 [pid 5015] close(6) = 0 [pid 5015] close(7) = 0 [pid 5015] close(8) = -1 EBADF (Bad file descriptor) [pid 5015] close(9) = -1 EBADF (Bad file descriptor) [pid 5015] close(10) = -1 EBADF (Bad file descriptor) [pid 5015] close(11) = -1 EBADF (Bad file descriptor) [pid 5015] close(12) = -1 EBADF (Bad file descriptor) [pid 5015] close(13) = -1 EBADF (Bad file descriptor) [pid 5015] close(14) = -1 EBADF (Bad file descriptor) [pid 5015] close(15) = -1 EBADF (Bad file descriptor) [pid 5015] close(16) = -1 EBADF (Bad file descriptor) [pid 5015] close(17) = -1 EBADF (Bad file descriptor) [pid 5015] close(18) = -1 EBADF (Bad file descriptor) [pid 5015] close(19) = -1 EBADF (Bad file descriptor) [pid 5015] close(20) = -1 EBADF (Bad file descriptor) [pid 5015] close(21) = -1 EBADF (Bad file descriptor) [pid 5015] close(22) = -1 EBADF (Bad file descriptor) [pid 5015] close(23) = -1 EBADF (Bad file descriptor) [pid 5015] close(24) = -1 EBADF (Bad file descriptor) [pid 5015] close(25) = -1 EBADF (Bad file descriptor) [pid 5015] close(26) = -1 EBADF (Bad file descriptor) [pid 5015] close(27) = -1 EBADF (Bad file descriptor) [pid 5015] close(28) = -1 EBADF (Bad file descriptor) [pid 5015] close(29) = -1 EBADF (Bad file descriptor) [pid 5015] exit_group(0) = ? [pid 5015] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=68 /* 0.68 s */} --- [pid 4994] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./18/binderfs") = 0 [pid 4994] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./18/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./18") = 0 [pid 4994] mkdir("./19", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5016 attached , child_tidptr=0x55555716c5d0) = 21 [pid 5016] chdir("./19") = 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5016] setpgid(0, 0) = 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5016] write(3, "1000", 4) = 4 [pid 5016] close(3) = 0 [pid 5016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5016] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5016] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5016] memfd_create("syzkaller", 0) = 4 [pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5016] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5016] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5016] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5016] close(4) = 0 [pid 5016] mkdir("./file0", 0777) = 0 [pid 5016] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5016] chdir("./file0") = 0 [pid 5016] ioctl(5, LOOP_CLR_FD) = 0 [pid 5016] close(5) = 0 [pid 5016] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5016] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 93.548437][ T5016] loop0: detected capacity change from 0 to 4096 [ 93.559430][ T5016] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 93.578805][ T5016] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5016] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5016] open("./file0", O_RDONLY) = 7 [pid 5016] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 93.610032][ T27] audit: type=1800 audit(1683090835.521:40): pid=5016 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 93.641742][ T27] audit: type=1804 audit(1683090835.531:41): pid=5016 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/19/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5016] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5016] close(3) = 0 [pid 5016] close(4) = 0 [pid 5016] close(5) = 0 [pid 5016] close(6) = 0 [pid 5016] close(7) = 0 [pid 5016] close(8) = -1 EBADF (Bad file descriptor) [pid 5016] close(9) = -1 EBADF (Bad file descriptor) [pid 5016] close(10) = -1 EBADF (Bad file descriptor) [pid 5016] close(11) = -1 EBADF (Bad file descriptor) [pid 5016] close(12) = -1 EBADF (Bad file descriptor) [pid 5016] close(13) = -1 EBADF (Bad file descriptor) [pid 5016] close(14) = -1 EBADF (Bad file descriptor) [pid 5016] close(15) = -1 EBADF (Bad file descriptor) [pid 5016] close(16) = -1 EBADF (Bad file descriptor) [pid 5016] close(17) = -1 EBADF (Bad file descriptor) [pid 5016] close(18) = -1 EBADF (Bad file descriptor) [pid 5016] close(19) = -1 EBADF (Bad file descriptor) [pid 5016] close(20) = -1 EBADF (Bad file descriptor) [pid 5016] close(21) = -1 EBADF (Bad file descriptor) [pid 5016] close(22) = -1 EBADF (Bad file descriptor) [pid 5016] close(23) = -1 EBADF (Bad file descriptor) [pid 5016] close(24) = -1 EBADF (Bad file descriptor) [pid 5016] close(25) = -1 EBADF (Bad file descriptor) [pid 5016] close(26) = -1 EBADF (Bad file descriptor) [pid 5016] close(27) = -1 EBADF (Bad file descriptor) [pid 5016] close(28) = -1 EBADF (Bad file descriptor) [pid 5016] close(29) = -1 EBADF (Bad file descriptor) [pid 5016] exit_group(0) = ? [pid 5016] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=54 /* 0.54 s */} --- [pid 4994] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./19/binderfs") = 0 [pid 4994] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./19/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./19") = 0 [pid 4994] mkdir("./20", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 22 ./strace-static-x86_64: Process 5017 attached [pid 5017] chdir("./20") = 0 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5017] setpgid(0, 0) = 0 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5017] write(3, "1000", 4) = 4 [pid 5017] close(3) = 0 [pid 5017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5017] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5017] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5017] memfd_create("syzkaller", 0) = 4 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5017] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5017] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5017] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5017] close(4) = 0 [pid 5017] mkdir("./file0", 0777) = 0 [pid 5017] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5017] chdir("./file0") = 0 [pid 5017] ioctl(5, LOOP_CLR_FD) = 0 [pid 5017] close(5) = 0 [pid 5017] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5017] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 94.631326][ T5017] loop0: detected capacity change from 0 to 4096 [ 94.642078][ T5017] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 94.658734][ T5017] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5017] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5017] open("./file0", O_RDONLY) = 7 [pid 5017] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 94.687103][ T27] audit: type=1800 audit(1683090836.601:42): pid=5017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 94.709305][ T27] audit: type=1804 audit(1683090836.601:43): pid=5017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/20/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5017] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5017] close(3) = 0 [pid 5017] close(4) = 0 [pid 5017] close(5) = 0 [pid 5017] close(6) = 0 [pid 5017] close(7) = 0 [pid 5017] close(8) = -1 EBADF (Bad file descriptor) [pid 5017] close(9) = -1 EBADF (Bad file descriptor) [pid 5017] close(10) = -1 EBADF (Bad file descriptor) [pid 5017] close(11) = -1 EBADF (Bad file descriptor) [pid 5017] close(12) = -1 EBADF (Bad file descriptor) [pid 5017] close(13) = -1 EBADF (Bad file descriptor) [pid 5017] close(14) = -1 EBADF (Bad file descriptor) [pid 5017] close(15) = -1 EBADF (Bad file descriptor) [pid 5017] close(16) = -1 EBADF (Bad file descriptor) [pid 5017] close(17) = -1 EBADF (Bad file descriptor) [pid 5017] close(18) = -1 EBADF (Bad file descriptor) [pid 5017] close(19) = -1 EBADF (Bad file descriptor) [pid 5017] close(20) = -1 EBADF (Bad file descriptor) [pid 5017] close(21) = -1 EBADF (Bad file descriptor) [pid 5017] close(22) = -1 EBADF (Bad file descriptor) [pid 5017] close(23) = -1 EBADF (Bad file descriptor) [pid 5017] close(24) = -1 EBADF (Bad file descriptor) [pid 5017] close(25) = -1 EBADF (Bad file descriptor) [pid 5017] close(26) = -1 EBADF (Bad file descriptor) [pid 5017] close(27) = -1 EBADF (Bad file descriptor) [pid 5017] close(28) = -1 EBADF (Bad file descriptor) [pid 5017] close(29) = -1 EBADF (Bad file descriptor) [pid 5017] exit_group(0) = ? [pid 5017] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=57 /* 0.57 s */} --- [pid 4994] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./20/binderfs") = 0 [pid 4994] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./20/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./20") = 0 [pid 4994] mkdir("./21", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 23 ./strace-static-x86_64: Process 5018 attached [pid 5018] chdir("./21") = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5018] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5018] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5018] memfd_create("syzkaller", 0) = 4 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5018] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5018] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5018] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5018] close(4) = 0 [pid 5018] mkdir("./file0", 0777) = 0 [pid 5018] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5018] chdir("./file0") = 0 [pid 5018] ioctl(5, LOOP_CLR_FD) = 0 [pid 5018] close(5) = 0 [pid 5018] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5018] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 95.716321][ T5018] loop0: detected capacity change from 0 to 4096 [ 95.726292][ T5018] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 95.743609][ T5018] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5018] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5018] open("./file0", O_RDONLY) = 7 [pid 5018] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 95.768088][ T27] audit: type=1800 audit(1683090837.681:44): pid=5018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 95.788792][ T27] audit: type=1804 audit(1683090837.691:45): pid=5018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/21/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5018] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5018] close(3) = 0 [pid 5018] close(4) = 0 [pid 5018] close(5) = 0 [pid 5018] close(6) = 0 [pid 5018] close(7) = 0 [pid 5018] close(8) = -1 EBADF (Bad file descriptor) [pid 5018] close(9) = -1 EBADF (Bad file descriptor) [pid 5018] close(10) = -1 EBADF (Bad file descriptor) [pid 5018] close(11) = -1 EBADF (Bad file descriptor) [pid 5018] close(12) = -1 EBADF (Bad file descriptor) [pid 5018] close(13) = -1 EBADF (Bad file descriptor) [pid 5018] close(14) = -1 EBADF (Bad file descriptor) [pid 5018] close(15) = -1 EBADF (Bad file descriptor) [pid 5018] close(16) = -1 EBADF (Bad file descriptor) [pid 5018] close(17) = -1 EBADF (Bad file descriptor) [pid 5018] close(18) = -1 EBADF (Bad file descriptor) [pid 5018] close(19) = -1 EBADF (Bad file descriptor) [pid 5018] close(20) = -1 EBADF (Bad file descriptor) [pid 5018] close(21) = -1 EBADF (Bad file descriptor) [pid 5018] close(22) = -1 EBADF (Bad file descriptor) [pid 5018] close(23) = -1 EBADF (Bad file descriptor) [pid 5018] close(24) = -1 EBADF (Bad file descriptor) [pid 5018] close(25) = -1 EBADF (Bad file descriptor) [pid 5018] close(26) = -1 EBADF (Bad file descriptor) [pid 5018] close(27) = -1 EBADF (Bad file descriptor) [pid 5018] close(28) = -1 EBADF (Bad file descriptor) [pid 5018] close(29) = -1 EBADF (Bad file descriptor) [pid 5018] exit_group(0) = ? [pid 5018] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=55 /* 0.55 s */} --- [pid 4994] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./21/binderfs") = 0 [pid 4994] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./21/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./21") = 0 [pid 4994] mkdir("./22", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 24 ./strace-static-x86_64: Process 5019 attached [pid 5019] chdir("./22") = 0 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5019] setpgid(0, 0) = 0 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5019] write(3, "1000", 4) = 4 [pid 5019] close(3) = 0 [pid 5019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5019] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5019] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5019] memfd_create("syzkaller", 0) = 4 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5019] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5019] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5019] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5019] close(4) = 0 [pid 5019] mkdir("./file0", 0777) = 0 [pid 5019] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5019] chdir("./file0") = 0 [pid 5019] ioctl(5, LOOP_CLR_FD) = 0 [pid 5019] close(5) = 0 [pid 5019] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5019] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 96.836134][ T5019] loop0: detected capacity change from 0 to 4096 [ 96.846968][ T5019] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 96.865535][ T5019] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5019] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5019] open("./file0", O_RDONLY) = 7 [pid 5019] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 96.891304][ T27] audit: type=1800 audit(1683090838.801:46): pid=5019 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 96.911770][ T27] audit: type=1804 audit(1683090838.811:47): pid=5019 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/22/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5019] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5019] close(3) = 0 [pid 5019] close(4) = 0 [pid 5019] close(5) = 0 [pid 5019] close(6) = 0 [pid 5019] close(7) = 0 [pid 5019] close(8) = -1 EBADF (Bad file descriptor) [pid 5019] close(9) = -1 EBADF (Bad file descriptor) [pid 5019] close(10) = -1 EBADF (Bad file descriptor) [pid 5019] close(11) = -1 EBADF (Bad file descriptor) [pid 5019] close(12) = -1 EBADF (Bad file descriptor) [pid 5019] close(13) = -1 EBADF (Bad file descriptor) [pid 5019] close(14) = -1 EBADF (Bad file descriptor) [pid 5019] close(15) = -1 EBADF (Bad file descriptor) [pid 5019] close(16) = -1 EBADF (Bad file descriptor) [pid 5019] close(17) = -1 EBADF (Bad file descriptor) [pid 5019] close(18) = -1 EBADF (Bad file descriptor) [pid 5019] close(19) = -1 EBADF (Bad file descriptor) [pid 5019] close(20) = -1 EBADF (Bad file descriptor) [pid 5019] close(21) = -1 EBADF (Bad file descriptor) [pid 5019] close(22) = -1 EBADF (Bad file descriptor) [pid 5019] close(23) = -1 EBADF (Bad file descriptor) [pid 5019] close(24) = -1 EBADF (Bad file descriptor) [pid 5019] close(25) = -1 EBADF (Bad file descriptor) [pid 5019] close(26) = -1 EBADF (Bad file descriptor) [pid 5019] close(27) = -1 EBADF (Bad file descriptor) [pid 5019] close(28) = -1 EBADF (Bad file descriptor) [pid 5019] close(29) = -1 EBADF (Bad file descriptor) [pid 5019] exit_group(0) = ? [pid 5019] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./22/binderfs") = 0 [pid 4994] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./22/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./22") = 0 [pid 4994] mkdir("./23", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 25 ./strace-static-x86_64: Process 5020 attached [pid 5020] chdir("./23") = 0 [pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5020] setpgid(0, 0) = 0 [pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5020] write(3, "1000", 4) = 4 [pid 5020] close(3) = 0 [pid 5020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5020] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5020] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5020] memfd_create("syzkaller", 0) = 4 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5020] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5020] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5020] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5020] close(4) = 0 [pid 5020] mkdir("./file0", 0777) = 0 [pid 5020] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5020] chdir("./file0") = 0 [pid 5020] ioctl(5, LOOP_CLR_FD) = 0 [pid 5020] close(5) = 0 [pid 5020] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5020] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 97.937752][ T5020] loop0: detected capacity change from 0 to 4096 [ 97.947945][ T5020] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 97.964924][ T5020] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5020] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5020] open("./file0", O_RDONLY) = 7 [pid 5020] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 97.991483][ T27] audit: type=1800 audit(1683090839.901:48): pid=5020 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 98.011977][ T27] audit: type=1804 audit(1683090839.921:49): pid=5020 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/23/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5020] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5020] close(3) = 0 [pid 5020] close(4) = 0 [pid 5020] close(5) = 0 [pid 5020] close(6) = 0 [pid 5020] close(7) = 0 [pid 5020] close(8) = -1 EBADF (Bad file descriptor) [pid 5020] close(9) = -1 EBADF (Bad file descriptor) [pid 5020] close(10) = -1 EBADF (Bad file descriptor) [pid 5020] close(11) = -1 EBADF (Bad file descriptor) [pid 5020] close(12) = -1 EBADF (Bad file descriptor) [pid 5020] close(13) = -1 EBADF (Bad file descriptor) [pid 5020] close(14) = -1 EBADF (Bad file descriptor) [pid 5020] close(15) = -1 EBADF (Bad file descriptor) [pid 5020] close(16) = -1 EBADF (Bad file descriptor) [pid 5020] close(17) = -1 EBADF (Bad file descriptor) [pid 5020] close(18) = -1 EBADF (Bad file descriptor) [pid 5020] close(19) = -1 EBADF (Bad file descriptor) [pid 5020] close(20) = -1 EBADF (Bad file descriptor) [pid 5020] close(21) = -1 EBADF (Bad file descriptor) [pid 5020] close(22) = -1 EBADF (Bad file descriptor) [pid 5020] close(23) = -1 EBADF (Bad file descriptor) [pid 5020] close(24) = -1 EBADF (Bad file descriptor) [pid 5020] close(25) = -1 EBADF (Bad file descriptor) [pid 5020] close(26) = -1 EBADF (Bad file descriptor) [pid 5020] close(27) = -1 EBADF (Bad file descriptor) [pid 5020] close(28) = -1 EBADF (Bad file descriptor) [pid 5020] close(29) = -1 EBADF (Bad file descriptor) [pid 5020] exit_group(0) = ? [pid 5020] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- [pid 4994] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./23/binderfs") = 0 [pid 4994] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./23/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./23") = 0 [pid 4994] mkdir("./24", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 26 ./strace-static-x86_64: Process 5021 attached [pid 5021] chdir("./24") = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5021] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5021] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5021] memfd_create("syzkaller", 0) = 4 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5021] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5021] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5021] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5021] close(4) = 0 [pid 5021] mkdir("./file0", 0777) = 0 [pid 5021] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5021] chdir("./file0") = 0 [pid 5021] ioctl(5, LOOP_CLR_FD) = 0 [pid 5021] close(5) = 0 [pid 5021] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5021] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 99.010392][ T5021] loop0: detected capacity change from 0 to 4096 [ 99.020519][ T5021] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 99.036878][ T5021] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5021] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5021] open("./file0", O_RDONLY) = 7 [pid 5021] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 99.069142][ T27] audit: type=1800 audit(1683090840.981:50): pid=5021 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 99.089785][ T27] audit: type=1804 audit(1683090840.991:51): pid=5021 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/24/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5021] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5021] close(3) = 0 [pid 5021] close(4) = 0 [pid 5021] close(5) = 0 [pid 5021] close(6) = 0 [pid 5021] close(7) = 0 [pid 5021] close(8) = -1 EBADF (Bad file descriptor) [pid 5021] close(9) = -1 EBADF (Bad file descriptor) [pid 5021] close(10) = -1 EBADF (Bad file descriptor) [pid 5021] close(11) = -1 EBADF (Bad file descriptor) [pid 5021] close(12) = -1 EBADF (Bad file descriptor) [pid 5021] close(13) = -1 EBADF (Bad file descriptor) [pid 5021] close(14) = -1 EBADF (Bad file descriptor) [pid 5021] close(15) = -1 EBADF (Bad file descriptor) [pid 5021] close(16) = -1 EBADF (Bad file descriptor) [pid 5021] close(17) = -1 EBADF (Bad file descriptor) [pid 5021] close(18) = -1 EBADF (Bad file descriptor) [pid 5021] close(19) = -1 EBADF (Bad file descriptor) [pid 5021] close(20) = -1 EBADF (Bad file descriptor) [pid 5021] close(21) = -1 EBADF (Bad file descriptor) [pid 5021] close(22) = -1 EBADF (Bad file descriptor) [pid 5021] close(23) = -1 EBADF (Bad file descriptor) [pid 5021] close(24) = -1 EBADF (Bad file descriptor) [pid 5021] close(25) = -1 EBADF (Bad file descriptor) [pid 5021] close(26) = -1 EBADF (Bad file descriptor) [pid 5021] close(27) = -1 EBADF (Bad file descriptor) [pid 5021] close(28) = -1 EBADF (Bad file descriptor) [pid 5021] close(29) = -1 EBADF (Bad file descriptor) [pid 5021] exit_group(0) = ? [pid 5021] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=52 /* 0.52 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./24/binderfs") = 0 [pid 4994] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./24/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./24") = 0 [pid 4994] mkdir("./25", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 27 ./strace-static-x86_64: Process 5022 attached [pid 5022] chdir("./25") = 0 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5022] setpgid(0, 0) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5022] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5022] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5022] memfd_create("syzkaller", 0) = 4 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5022] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5022] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5022] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5022] close(4) = 0 [pid 5022] mkdir("./file0", 0777) = 0 [pid 5022] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5022] chdir("./file0") = 0 [pid 5022] ioctl(5, LOOP_CLR_FD) = 0 [pid 5022] close(5) = 0 [pid 5022] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5022] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 100.138488][ T5022] loop0: detected capacity change from 0 to 4096 [ 100.149149][ T5022] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 100.165233][ T5022] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5022] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5022] open("./file0", O_RDONLY) = 7 [pid 5022] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 100.182311][ T27] audit: type=1800 audit(1683090842.091:52): pid=5022 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 100.204135][ T27] audit: type=1804 audit(1683090842.111:53): pid=5022 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/25/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5022] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5022] close(3) = 0 [pid 5022] close(4) = 0 [pid 5022] close(5) = 0 [pid 5022] close(6) = 0 [pid 5022] close(7) = 0 [pid 5022] close(8) = -1 EBADF (Bad file descriptor) [pid 5022] close(9) = -1 EBADF (Bad file descriptor) [pid 5022] close(10) = -1 EBADF (Bad file descriptor) [pid 5022] close(11) = -1 EBADF (Bad file descriptor) [pid 5022] close(12) = -1 EBADF (Bad file descriptor) [pid 5022] close(13) = -1 EBADF (Bad file descriptor) [pid 5022] close(14) = -1 EBADF (Bad file descriptor) [pid 5022] close(15) = -1 EBADF (Bad file descriptor) [pid 5022] close(16) = -1 EBADF (Bad file descriptor) [pid 5022] close(17) = -1 EBADF (Bad file descriptor) [pid 5022] close(18) = -1 EBADF (Bad file descriptor) [pid 5022] close(19) = -1 EBADF (Bad file descriptor) [pid 5022] close(20) = -1 EBADF (Bad file descriptor) [pid 5022] close(21) = -1 EBADF (Bad file descriptor) [pid 5022] close(22) = -1 EBADF (Bad file descriptor) [pid 5022] close(23) = -1 EBADF (Bad file descriptor) [pid 5022] close(24) = -1 EBADF (Bad file descriptor) [pid 5022] close(25) = -1 EBADF (Bad file descriptor) [pid 5022] close(26) = -1 EBADF (Bad file descriptor) [pid 5022] close(27) = -1 EBADF (Bad file descriptor) [pid 5022] close(28) = -1 EBADF (Bad file descriptor) [pid 5022] close(29) = -1 EBADF (Bad file descriptor) [pid 5022] exit_group(0) = ? [pid 5022] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./25/binderfs") = 0 [pid 4994] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./25/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./25") = 0 [pid 4994] mkdir("./26", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 28 ./strace-static-x86_64: Process 5023 attached [pid 5023] chdir("./26") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5023] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5023] memfd_create("syzkaller", 0) = 4 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5023] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5023] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5023] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5023] close(4) = 0 [pid 5023] mkdir("./file0", 0777) = 0 [pid 5023] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5023] chdir("./file0") = 0 [pid 5023] ioctl(5, LOOP_CLR_FD) = 0 [pid 5023] close(5) = 0 [pid 5023] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5023] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 101.252681][ T5023] loop0: detected capacity change from 0 to 4096 [ 101.263563][ T5023] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 101.281189][ T5023] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5023] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5023] open("./file0", O_RDONLY) = 7 [pid 5023] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 101.316208][ T27] audit: type=1800 audit(1683090843.231:54): pid=5023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 101.337281][ T27] audit: type=1804 audit(1683090843.231:55): pid=5023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/26/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5023] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5023] close(3) = 0 [pid 5023] close(4) = 0 [pid 5023] close(5) = 0 [pid 5023] close(6) = 0 [pid 5023] close(7) = 0 [pid 5023] close(8) = -1 EBADF (Bad file descriptor) [pid 5023] close(9) = -1 EBADF (Bad file descriptor) [pid 5023] close(10) = -1 EBADF (Bad file descriptor) [pid 5023] close(11) = -1 EBADF (Bad file descriptor) [pid 5023] close(12) = -1 EBADF (Bad file descriptor) [pid 5023] close(13) = -1 EBADF (Bad file descriptor) [pid 5023] close(14) = -1 EBADF (Bad file descriptor) [pid 5023] close(15) = -1 EBADF (Bad file descriptor) [pid 5023] close(16) = -1 EBADF (Bad file descriptor) [pid 5023] close(17) = -1 EBADF (Bad file descriptor) [pid 5023] close(18) = -1 EBADF (Bad file descriptor) [pid 5023] close(19) = -1 EBADF (Bad file descriptor) [pid 5023] close(20) = -1 EBADF (Bad file descriptor) [pid 5023] close(21) = -1 EBADF (Bad file descriptor) [pid 5023] close(22) = -1 EBADF (Bad file descriptor) [pid 5023] close(23) = -1 EBADF (Bad file descriptor) [pid 5023] close(24) = -1 EBADF (Bad file descriptor) [pid 5023] close(25) = -1 EBADF (Bad file descriptor) [pid 5023] close(26) = -1 EBADF (Bad file descriptor) [pid 5023] close(27) = -1 EBADF (Bad file descriptor) [pid 5023] close(28) = -1 EBADF (Bad file descriptor) [pid 5023] close(29) = -1 EBADF (Bad file descriptor) [pid 5023] exit_group(0) = ? [pid 5023] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=62 /* 0.62 s */} --- [pid 4994] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./26/binderfs") = 0 [pid 4994] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./26/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./26") = 0 [pid 4994] mkdir("./27", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 29 ./strace-static-x86_64: Process 5026 attached [pid 5026] chdir("./27") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5026] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5026] memfd_create("syzkaller", 0) = 4 [pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5026] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5026] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5026] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5026] close(4) = 0 [pid 5026] mkdir("./file0", 0777) = 0 [pid 5026] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5026] chdir("./file0") = 0 [pid 5026] ioctl(5, LOOP_CLR_FD) = 0 [pid 5026] close(5) = 0 [pid 5026] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 102.371950][ T5026] loop0: detected capacity change from 0 to 4096 [ 102.381216][ T5026] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 102.397817][ T5026] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5026] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5026] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5026] open("./file0", O_RDONLY) = 7 [pid 5026] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 102.410777][ T27] audit: type=1800 audit(1683090844.321:56): pid=5026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 102.435216][ T27] audit: type=1804 audit(1683090844.321:57): pid=5026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/27/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5026] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5026] close(3) = 0 [pid 5026] close(4) = 0 [pid 5026] close(5) = 0 [pid 5026] close(6) = 0 [pid 5026] close(7) = 0 [pid 5026] close(8) = -1 EBADF (Bad file descriptor) [pid 5026] close(9) = -1 EBADF (Bad file descriptor) [pid 5026] close(10) = -1 EBADF (Bad file descriptor) [pid 5026] close(11) = -1 EBADF (Bad file descriptor) [pid 5026] close(12) = -1 EBADF (Bad file descriptor) [pid 5026] close(13) = -1 EBADF (Bad file descriptor) [pid 5026] close(14) = -1 EBADF (Bad file descriptor) [pid 5026] close(15) = -1 EBADF (Bad file descriptor) [pid 5026] close(16) = -1 EBADF (Bad file descriptor) [pid 5026] close(17) = -1 EBADF (Bad file descriptor) [pid 5026] close(18) = -1 EBADF (Bad file descriptor) [pid 5026] close(19) = -1 EBADF (Bad file descriptor) [pid 5026] close(20) = -1 EBADF (Bad file descriptor) [pid 5026] close(21) = -1 EBADF (Bad file descriptor) [pid 5026] close(22) = -1 EBADF (Bad file descriptor) [pid 5026] close(23) = -1 EBADF (Bad file descriptor) [pid 5026] close(24) = -1 EBADF (Bad file descriptor) [pid 5026] close(25) = -1 EBADF (Bad file descriptor) [pid 5026] close(26) = -1 EBADF (Bad file descriptor) [pid 5026] close(27) = -1 EBADF (Bad file descriptor) [pid 5026] close(28) = -1 EBADF (Bad file descriptor) [pid 5026] close(29) = -1 EBADF (Bad file descriptor) [pid 5026] exit_group(0) = ? [pid 5026] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=57 /* 0.57 s */} --- [pid 4994] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./27/binderfs") = 0 [pid 4994] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./27/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./27") = 0 [pid 4994] mkdir("./28", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 30 ./strace-static-x86_64: Process 5028 attached [pid 5028] chdir("./28") = 0 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5028] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5028] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5028] memfd_create("syzkaller", 0) = 4 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5028] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5028] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5028] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5028] close(4) = 0 [pid 5028] mkdir("./file0", 0777) = 0 [ 103.438411][ T5028] loop0: detected capacity change from 0 to 4096 [ 103.469776][ T5028] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [pid 5028] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5028] chdir("./file0") = 0 [pid 5028] ioctl(5, LOOP_CLR_FD) = 0 [pid 5028] close(5) = 0 [pid 5028] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5028] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5028] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5028] open("./file0", O_RDONLY) = 7 [ 103.485560][ T5028] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 103.502830][ T27] audit: type=1800 audit(1683090845.411:58): pid=5028 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [pid 5028] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 103.525229][ T27] audit: type=1804 audit(1683090845.441:59): pid=5028 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/28/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5028] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5028] close(3) = 0 [pid 5028] close(4) = 0 [pid 5028] close(5) = 0 [pid 5028] close(6) = 0 [pid 5028] close(7) = 0 [pid 5028] close(8) = -1 EBADF (Bad file descriptor) [pid 5028] close(9) = -1 EBADF (Bad file descriptor) [pid 5028] close(10) = -1 EBADF (Bad file descriptor) [pid 5028] close(11) = -1 EBADF (Bad file descriptor) [pid 5028] close(12) = -1 EBADF (Bad file descriptor) [pid 5028] close(13) = -1 EBADF (Bad file descriptor) [pid 5028] close(14) = -1 EBADF (Bad file descriptor) [pid 5028] close(15) = -1 EBADF (Bad file descriptor) [pid 5028] close(16) = -1 EBADF (Bad file descriptor) [pid 5028] close(17) = -1 EBADF (Bad file descriptor) [pid 5028] close(18) = -1 EBADF (Bad file descriptor) [pid 5028] close(19) = -1 EBADF (Bad file descriptor) [pid 5028] close(20) = -1 EBADF (Bad file descriptor) [pid 5028] close(21) = -1 EBADF (Bad file descriptor) [pid 5028] close(22) = -1 EBADF (Bad file descriptor) [pid 5028] close(23) = -1 EBADF (Bad file descriptor) [pid 5028] close(24) = -1 EBADF (Bad file descriptor) [pid 5028] close(25) = -1 EBADF (Bad file descriptor) [pid 5028] close(26) = -1 EBADF (Bad file descriptor) [pid 5028] close(27) = -1 EBADF (Bad file descriptor) [pid 5028] close(28) = -1 EBADF (Bad file descriptor) [pid 5028] close(29) = -1 EBADF (Bad file descriptor) [pid 5028] exit_group(0) = ? [pid 5028] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- [pid 4994] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./28/binderfs") = 0 [pid 4994] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./28/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./28") = 0 [pid 4994] mkdir("./29", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 31 ./strace-static-x86_64: Process 5030 attached [pid 5030] chdir("./29") = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5030] setpgid(0, 0) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5030] close(3) = 0 [pid 5030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5030] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5030] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5030] memfd_create("syzkaller", 0) = 4 [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5030] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5030] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5030] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5030] close(4) = 0 [pid 5030] mkdir("./file0", 0777) = 0 [pid 5030] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5030] chdir("./file0") = 0 [pid 5030] ioctl(5, LOOP_CLR_FD) = 0 [ 104.565360][ T5030] loop0: detected capacity change from 0 to 4096 [ 104.575378][ T5030] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 104.590906][ T5030] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5030] close(5) = 0 [pid 5030] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5030] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5030] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5030] open("./file0", O_RDONLY) = 7 [pid 5030] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 104.605863][ T27] audit: type=1800 audit(1683090846.521:60): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 104.641401][ T27] audit: type=1804 audit(1683090846.521:61): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/29/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5030] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5030] close(3) = 0 [pid 5030] close(4) = 0 [pid 5030] close(5) = 0 [pid 5030] close(6) = 0 [pid 5030] close(7) = 0 [pid 5030] close(8) = -1 EBADF (Bad file descriptor) [pid 5030] close(9) = -1 EBADF (Bad file descriptor) [pid 5030] close(10) = -1 EBADF (Bad file descriptor) [pid 5030] close(11) = -1 EBADF (Bad file descriptor) [pid 5030] close(12) = -1 EBADF (Bad file descriptor) [pid 5030] close(13) = -1 EBADF (Bad file descriptor) [pid 5030] close(14) = -1 EBADF (Bad file descriptor) [pid 5030] close(15) = -1 EBADF (Bad file descriptor) [pid 5030] close(16) = -1 EBADF (Bad file descriptor) [pid 5030] close(17) = -1 EBADF (Bad file descriptor) [pid 5030] close(18) = -1 EBADF (Bad file descriptor) [pid 5030] close(19) = -1 EBADF (Bad file descriptor) [pid 5030] close(20) = -1 EBADF (Bad file descriptor) [pid 5030] close(21) = -1 EBADF (Bad file descriptor) [pid 5030] close(22) = -1 EBADF (Bad file descriptor) [pid 5030] close(23) = -1 EBADF (Bad file descriptor) [pid 5030] close(24) = -1 EBADF (Bad file descriptor) [pid 5030] close(25) = -1 EBADF (Bad file descriptor) [pid 5030] close(26) = -1 EBADF (Bad file descriptor) [pid 5030] close(27) = -1 EBADF (Bad file descriptor) [pid 5030] close(28) = -1 EBADF (Bad file descriptor) [pid 5030] close(29) = -1 EBADF (Bad file descriptor) [pid 5030] exit_group(0) = ? [pid 5030] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=48 /* 0.48 s */} --- [pid 4994] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./29/binderfs") = 0 [pid 4994] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./29/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./29") = 0 [pid 4994] mkdir("./30", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 32 ./strace-static-x86_64: Process 5032 attached [pid 5032] chdir("./30") = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5032] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5032] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5032] memfd_create("syzkaller", 0) = 4 [pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5032] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5032] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5032] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5032] close(4) = 0 [pid 5032] mkdir("./file0", 0777) = 0 [pid 5032] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5032] chdir("./file0") = 0 [pid 5032] ioctl(5, LOOP_CLR_FD) = 0 [pid 5032] close(5) = 0 [pid 5032] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5032] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 105.622159][ T5032] loop0: detected capacity change from 0 to 4096 [ 105.631604][ T5032] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 105.650196][ T5032] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5032] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5032] open("./file0", O_RDONLY) = 7 [pid 5032] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 105.678879][ T27] audit: type=1800 audit(1683090847.591:62): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 105.700900][ T27] audit: type=1804 audit(1683090847.611:63): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/30/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5032] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5032] close(3) = 0 [pid 5032] close(4) = 0 [pid 5032] close(5) = 0 [pid 5032] close(6) = 0 [pid 5032] close(7) = 0 [pid 5032] close(8) = -1 EBADF (Bad file descriptor) [pid 5032] close(9) = -1 EBADF (Bad file descriptor) [pid 5032] close(10) = -1 EBADF (Bad file descriptor) [pid 5032] close(11) = -1 EBADF (Bad file descriptor) [pid 5032] close(12) = -1 EBADF (Bad file descriptor) [pid 5032] close(13) = -1 EBADF (Bad file descriptor) [pid 5032] close(14) = -1 EBADF (Bad file descriptor) [pid 5032] close(15) = -1 EBADF (Bad file descriptor) [pid 5032] close(16) = -1 EBADF (Bad file descriptor) [pid 5032] close(17) = -1 EBADF (Bad file descriptor) [pid 5032] close(18) = -1 EBADF (Bad file descriptor) [pid 5032] close(19) = -1 EBADF (Bad file descriptor) [pid 5032] close(20) = -1 EBADF (Bad file descriptor) [pid 5032] close(21) = -1 EBADF (Bad file descriptor) [pid 5032] close(22) = -1 EBADF (Bad file descriptor) [pid 5032] close(23) = -1 EBADF (Bad file descriptor) [pid 5032] close(24) = -1 EBADF (Bad file descriptor) [pid 5032] close(25) = -1 EBADF (Bad file descriptor) [pid 5032] close(26) = -1 EBADF (Bad file descriptor) [pid 5032] close(27) = -1 EBADF (Bad file descriptor) [pid 5032] close(28) = -1 EBADF (Bad file descriptor) [pid 5032] close(29) = -1 EBADF (Bad file descriptor) [pid 5032] exit_group(0) = ? [pid 5032] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=67 /* 0.67 s */} --- [pid 4994] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./30/binderfs") = 0 [pid 4994] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./30/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./30") = 0 [pid 4994] mkdir("./31", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 33 ./strace-static-x86_64: Process 5034 attached [pid 5034] chdir("./31") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5034] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5034] memfd_create("syzkaller", 0) = 4 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5034] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5034] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5034] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5034] close(4) = 0 [pid 5034] mkdir("./file0", 0777) = 0 [pid 5034] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5034] chdir("./file0") = 0 [pid 5034] ioctl(5, LOOP_CLR_FD) = 0 [pid 5034] close(5) = 0 [pid 5034] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5034] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 106.793694][ T5034] loop0: detected capacity change from 0 to 4096 [ 106.805710][ T5034] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 106.822783][ T5034] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5034] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5034] open("./file0", O_RDONLY) = 7 [pid 5034] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 106.854955][ T27] audit: type=1800 audit(1683090848.771:64): pid=5034 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 106.875632][ T27] audit: type=1804 audit(1683090848.771:65): pid=5034 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/31/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5034] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5034] close(3) = 0 [pid 5034] close(4) = 0 [pid 5034] close(5) = 0 [pid 5034] close(6) = 0 [pid 5034] close(7) = 0 [pid 5034] close(8) = -1 EBADF (Bad file descriptor) [pid 5034] close(9) = -1 EBADF (Bad file descriptor) [pid 5034] close(10) = -1 EBADF (Bad file descriptor) [pid 5034] close(11) = -1 EBADF (Bad file descriptor) [pid 5034] close(12) = -1 EBADF (Bad file descriptor) [pid 5034] close(13) = -1 EBADF (Bad file descriptor) [pid 5034] close(14) = -1 EBADF (Bad file descriptor) [pid 5034] close(15) = -1 EBADF (Bad file descriptor) [pid 5034] close(16) = -1 EBADF (Bad file descriptor) [pid 5034] close(17) = -1 EBADF (Bad file descriptor) [pid 5034] close(18) = -1 EBADF (Bad file descriptor) [pid 5034] close(19) = -1 EBADF (Bad file descriptor) [pid 5034] close(20) = -1 EBADF (Bad file descriptor) [pid 5034] close(21) = -1 EBADF (Bad file descriptor) [pid 5034] close(22) = -1 EBADF (Bad file descriptor) [pid 5034] close(23) = -1 EBADF (Bad file descriptor) [pid 5034] close(24) = -1 EBADF (Bad file descriptor) [pid 5034] close(25) = -1 EBADF (Bad file descriptor) [pid 5034] close(26) = -1 EBADF (Bad file descriptor) [pid 5034] close(27) = -1 EBADF (Bad file descriptor) [pid 5034] close(28) = -1 EBADF (Bad file descriptor) [pid 5034] close(29) = -1 EBADF (Bad file descriptor) [pid 5034] exit_group(0) = ? [pid 5034] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=52 /* 0.52 s */} --- [pid 4994] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./31/binderfs") = 0 [pid 4994] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./31/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./31") = 0 [pid 4994] mkdir("./32", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 34 ./strace-static-x86_64: Process 5035 attached [pid 5035] chdir("./32") = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5035] setpgid(0, 0) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5035] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5035] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5035] memfd_create("syzkaller", 0) = 4 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5035] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5035] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5035] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5035] close(4) = 0 [pid 5035] mkdir("./file0", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5035] chdir("./file0") = 0 [pid 5035] ioctl(5, LOOP_CLR_FD) = 0 [pid 5035] close(5) = 0 [pid 5035] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5035] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5035] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5035] open("./file0", O_RDONLY) = 7 [ 107.887670][ T5035] loop0: detected capacity change from 0 to 4096 [ 107.897450][ T5035] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 107.912741][ T5035] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5035] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 107.932951][ T27] audit: type=1800 audit(1683090849.841:66): pid=5035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 107.956431][ T27] audit: type=1804 audit(1683090849.851:67): pid=5035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/32/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5035] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5035] close(3) = 0 [pid 5035] close(4) = 0 [pid 5035] close(5) = 0 [pid 5035] close(6) = 0 [pid 5035] close(7) = 0 [pid 5035] close(8) = -1 EBADF (Bad file descriptor) [pid 5035] close(9) = -1 EBADF (Bad file descriptor) [pid 5035] close(10) = -1 EBADF (Bad file descriptor) [pid 5035] close(11) = -1 EBADF (Bad file descriptor) [pid 5035] close(12) = -1 EBADF (Bad file descriptor) [pid 5035] close(13) = -1 EBADF (Bad file descriptor) [pid 5035] close(14) = -1 EBADF (Bad file descriptor) [pid 5035] close(15) = -1 EBADF (Bad file descriptor) [pid 5035] close(16) = -1 EBADF (Bad file descriptor) [pid 5035] close(17) = -1 EBADF (Bad file descriptor) [pid 5035] close(18) = -1 EBADF (Bad file descriptor) [pid 5035] close(19) = -1 EBADF (Bad file descriptor) [pid 5035] close(20) = -1 EBADF (Bad file descriptor) [pid 5035] close(21) = -1 EBADF (Bad file descriptor) [pid 5035] close(22) = -1 EBADF (Bad file descriptor) [pid 5035] close(23) = -1 EBADF (Bad file descriptor) [pid 5035] close(24) = -1 EBADF (Bad file descriptor) [pid 5035] close(25) = -1 EBADF (Bad file descriptor) [pid 5035] close(26) = -1 EBADF (Bad file descriptor) [pid 5035] close(27) = -1 EBADF (Bad file descriptor) [pid 5035] close(28) = -1 EBADF (Bad file descriptor) [pid 5035] close(29) = -1 EBADF (Bad file descriptor) [pid 5035] exit_group(0) = ? [pid 5035] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./32/binderfs") = 0 [pid 4994] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./32/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./32") = 0 [pid 4994] mkdir("./33", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 35 ./strace-static-x86_64: Process 5036 attached [pid 5036] chdir("./33") = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5036] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5036] memfd_create("syzkaller", 0) = 4 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5036] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5036] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5036] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5036] close(4) = 0 [pid 5036] mkdir("./file0", 0777) = 0 [pid 5036] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5036] chdir("./file0") = 0 [pid 5036] ioctl(5, LOOP_CLR_FD) = 0 [pid 5036] close(5) = 0 [pid 5036] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5036] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 108.995342][ T5036] loop0: detected capacity change from 0 to 4096 [ 109.006179][ T5036] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 109.022987][ T5036] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5036] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5036] open("./file0", O_RDONLY) = 7 [pid 5036] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 109.058597][ T27] audit: type=1800 audit(1683090850.971:68): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 109.079655][ T27] audit: type=1804 audit(1683090850.981:69): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/33/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5036] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5036] close(3) = 0 [pid 5036] close(4) = 0 [pid 5036] close(5) = 0 [pid 5036] close(6) = 0 [pid 5036] close(7) = 0 [pid 5036] close(8) = -1 EBADF (Bad file descriptor) [pid 5036] close(9) = -1 EBADF (Bad file descriptor) [pid 5036] close(10) = -1 EBADF (Bad file descriptor) [pid 5036] close(11) = -1 EBADF (Bad file descriptor) [pid 5036] close(12) = -1 EBADF (Bad file descriptor) [pid 5036] close(13) = -1 EBADF (Bad file descriptor) [pid 5036] close(14) = -1 EBADF (Bad file descriptor) [pid 5036] close(15) = -1 EBADF (Bad file descriptor) [pid 5036] close(16) = -1 EBADF (Bad file descriptor) [pid 5036] close(17) = -1 EBADF (Bad file descriptor) [pid 5036] close(18) = -1 EBADF (Bad file descriptor) [pid 5036] close(19) = -1 EBADF (Bad file descriptor) [pid 5036] close(20) = -1 EBADF (Bad file descriptor) [pid 5036] close(21) = -1 EBADF (Bad file descriptor) [pid 5036] close(22) = -1 EBADF (Bad file descriptor) [pid 5036] close(23) = -1 EBADF (Bad file descriptor) [pid 5036] close(24) = -1 EBADF (Bad file descriptor) [pid 5036] close(25) = -1 EBADF (Bad file descriptor) [pid 5036] close(26) = -1 EBADF (Bad file descriptor) [pid 5036] close(27) = -1 EBADF (Bad file descriptor) [pid 5036] close(28) = -1 EBADF (Bad file descriptor) [pid 5036] close(29) = -1 EBADF (Bad file descriptor) [pid 5036] exit_group(0) = ? [pid 5036] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=51 /* 0.51 s */} --- [pid 4994] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./33/binderfs") = 0 [pid 4994] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./33/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./33") = 0 [pid 4994] mkdir("./34", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 36 ./strace-static-x86_64: Process 5037 attached [pid 5037] chdir("./34") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5037] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5037] memfd_create("syzkaller", 0) = 4 [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5037] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5037] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5037] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5037] close(4) = 0 [pid 5037] mkdir("./file0", 0777) = 0 [pid 5037] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5037] chdir("./file0") = 0 [pid 5037] ioctl(5, LOOP_CLR_FD) = 0 [pid 5037] close(5) = 0 [pid 5037] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5037] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 110.050056][ T5037] loop0: detected capacity change from 0 to 4096 [ 110.059666][ T5037] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 110.078171][ T5037] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5037] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5037] open("./file0", O_RDONLY) = 7 [pid 5037] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 110.111970][ T27] audit: type=1800 audit(1683090852.021:70): pid=5037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 110.132517][ T27] audit: type=1804 audit(1683090852.021:71): pid=5037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/34/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5037] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5037] close(3) = 0 [pid 5037] close(4) = 0 [pid 5037] close(5) = 0 [pid 5037] close(6) = 0 [pid 5037] close(7) = 0 [pid 5037] close(8) = -1 EBADF (Bad file descriptor) [pid 5037] close(9) = -1 EBADF (Bad file descriptor) [pid 5037] close(10) = -1 EBADF (Bad file descriptor) [pid 5037] close(11) = -1 EBADF (Bad file descriptor) [pid 5037] close(12) = -1 EBADF (Bad file descriptor) [pid 5037] close(13) = -1 EBADF (Bad file descriptor) [pid 5037] close(14) = -1 EBADF (Bad file descriptor) [pid 5037] close(15) = -1 EBADF (Bad file descriptor) [pid 5037] close(16) = -1 EBADF (Bad file descriptor) [pid 5037] close(17) = -1 EBADF (Bad file descriptor) [pid 5037] close(18) = -1 EBADF (Bad file descriptor) [pid 5037] close(19) = -1 EBADF (Bad file descriptor) [pid 5037] close(20) = -1 EBADF (Bad file descriptor) [pid 5037] close(21) = -1 EBADF (Bad file descriptor) [pid 5037] close(22) = -1 EBADF (Bad file descriptor) [pid 5037] close(23) = -1 EBADF (Bad file descriptor) [pid 5037] close(24) = -1 EBADF (Bad file descriptor) [pid 5037] close(25) = -1 EBADF (Bad file descriptor) [pid 5037] close(26) = -1 EBADF (Bad file descriptor) [pid 5037] close(27) = -1 EBADF (Bad file descriptor) [pid 5037] close(28) = -1 EBADF (Bad file descriptor) [pid 5037] close(29) = -1 EBADF (Bad file descriptor) [pid 5037] exit_group(0) = ? [pid 5037] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./34/binderfs") = 0 [pid 4994] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./34/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./34") = 0 [pid 4994] mkdir("./35", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 37 ./strace-static-x86_64: Process 5038 attached [pid 5038] chdir("./35") = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5038] write(3, "1000", 4) = 4 [pid 5038] close(3) = 0 [pid 5038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5038] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5038] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5038] memfd_create("syzkaller", 0) = 4 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5038] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5038] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5038] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5038] close(4) = 0 [pid 5038] mkdir("./file0", 0777) = 0 [pid 5038] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5038] chdir("./file0") = 0 [pid 5038] ioctl(5, LOOP_CLR_FD) = 0 [pid 5038] close(5) = 0 [pid 5038] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5038] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 111.187532][ T5038] loop0: detected capacity change from 0 to 4096 [ 111.196904][ T5038] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 111.212837][ T5038] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5038] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5038] open("./file0", O_RDONLY) = 7 [pid 5038] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 111.239005][ T27] audit: type=1800 audit(1683090853.151:72): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 111.259733][ T27] audit: type=1804 audit(1683090853.151:73): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/35/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5038] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5038] close(3) = 0 [pid 5038] close(4) = 0 [pid 5038] close(5) = 0 [pid 5038] close(6) = 0 [pid 5038] close(7) = 0 [pid 5038] close(8) = -1 EBADF (Bad file descriptor) [pid 5038] close(9) = -1 EBADF (Bad file descriptor) [pid 5038] close(10) = -1 EBADF (Bad file descriptor) [pid 5038] close(11) = -1 EBADF (Bad file descriptor) [pid 5038] close(12) = -1 EBADF (Bad file descriptor) [pid 5038] close(13) = -1 EBADF (Bad file descriptor) [pid 5038] close(14) = -1 EBADF (Bad file descriptor) [pid 5038] close(15) = -1 EBADF (Bad file descriptor) [pid 5038] close(16) = -1 EBADF (Bad file descriptor) [pid 5038] close(17) = -1 EBADF (Bad file descriptor) [pid 5038] close(18) = -1 EBADF (Bad file descriptor) [pid 5038] close(19) = -1 EBADF (Bad file descriptor) [pid 5038] close(20) = -1 EBADF (Bad file descriptor) [pid 5038] close(21) = -1 EBADF (Bad file descriptor) [pid 5038] close(22) = -1 EBADF (Bad file descriptor) [pid 5038] close(23) = -1 EBADF (Bad file descriptor) [pid 5038] close(24) = -1 EBADF (Bad file descriptor) [pid 5038] close(25) = -1 EBADF (Bad file descriptor) [pid 5038] close(26) = -1 EBADF (Bad file descriptor) [pid 5038] close(27) = -1 EBADF (Bad file descriptor) [pid 5038] close(28) = -1 EBADF (Bad file descriptor) [pid 5038] close(29) = -1 EBADF (Bad file descriptor) [pid 5038] exit_group(0) = ? [pid 5038] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./35/binderfs") = 0 [pid 4994] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./35/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./35") = 0 [pid 4994] mkdir("./36", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 38 ./strace-static-x86_64: Process 5039 attached [pid 5039] chdir("./36") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5039] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5039] memfd_create("syzkaller", 0) = 4 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5039] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5039] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5039] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5039] close(4) = 0 [pid 5039] mkdir("./file0", 0777) = 0 [pid 5039] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5039] chdir("./file0") = 0 [pid 5039] ioctl(5, LOOP_CLR_FD) = 0 [pid 5039] close(5) = 0 [pid 5039] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5039] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 112.291906][ T5039] loop0: detected capacity change from 0 to 4096 [ 112.311416][ T5039] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 112.327647][ T5039] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5039] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5039] open("./file0", O_RDONLY) = 7 [pid 5039] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 112.343808][ T27] audit: type=1800 audit(1683090854.251:74): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 112.365011][ T27] audit: type=1804 audit(1683090854.271:75): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/36/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5039] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5039] close(3) = 0 [pid 5039] close(4) = 0 [pid 5039] close(5) = 0 [pid 5039] close(6) = 0 [pid 5039] close(7) = 0 [pid 5039] close(8) = -1 EBADF (Bad file descriptor) [pid 5039] close(9) = -1 EBADF (Bad file descriptor) [pid 5039] close(10) = -1 EBADF (Bad file descriptor) [pid 5039] close(11) = -1 EBADF (Bad file descriptor) [pid 5039] close(12) = -1 EBADF (Bad file descriptor) [pid 5039] close(13) = -1 EBADF (Bad file descriptor) [pid 5039] close(14) = -1 EBADF (Bad file descriptor) [pid 5039] close(15) = -1 EBADF (Bad file descriptor) [pid 5039] close(16) = -1 EBADF (Bad file descriptor) [pid 5039] close(17) = -1 EBADF (Bad file descriptor) [pid 5039] close(18) = -1 EBADF (Bad file descriptor) [pid 5039] close(19) = -1 EBADF (Bad file descriptor) [pid 5039] close(20) = -1 EBADF (Bad file descriptor) [pid 5039] close(21) = -1 EBADF (Bad file descriptor) [pid 5039] close(22) = -1 EBADF (Bad file descriptor) [pid 5039] close(23) = -1 EBADF (Bad file descriptor) [pid 5039] close(24) = -1 EBADF (Bad file descriptor) [pid 5039] close(25) = -1 EBADF (Bad file descriptor) [pid 5039] close(26) = -1 EBADF (Bad file descriptor) [pid 5039] close(27) = -1 EBADF (Bad file descriptor) [pid 5039] close(28) = -1 EBADF (Bad file descriptor) [pid 5039] close(29) = -1 EBADF (Bad file descriptor) [pid 5039] exit_group(0) = ? [pid 5039] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=52 /* 0.52 s */} --- [pid 4994] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./36/binderfs") = 0 [pid 4994] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./36/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./36") = 0 [pid 4994] mkdir("./37", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 39 ./strace-static-x86_64: Process 5040 attached [pid 5040] chdir("./37") = 0 [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5040] setpgid(0, 0) = 0 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5040] write(3, "1000", 4) = 4 [pid 5040] close(3) = 0 [pid 5040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5040] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5040] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5040] memfd_create("syzkaller", 0) = 4 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5040] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5040] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5040] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5040] close(4) = 0 [pid 5040] mkdir("./file0", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5040] chdir("./file0") = 0 [pid 5040] ioctl(5, LOOP_CLR_FD) = 0 [pid 5040] close(5) = 0 [pid 5040] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5040] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 113.375064][ T5040] loop0: detected capacity change from 0 to 4096 [ 113.384286][ T5040] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 113.400552][ T5040] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5040] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5040] open("./file0", O_RDONLY) = 7 [pid 5040] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 113.425071][ T27] audit: type=1800 audit(1683090855.341:76): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 113.446551][ T27] audit: type=1804 audit(1683090855.361:77): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/37/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5040] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5040] close(3) = 0 [pid 5040] close(4) = 0 [pid 5040] close(5) = 0 [pid 5040] close(6) = 0 [pid 5040] close(7) = 0 [pid 5040] close(8) = -1 EBADF (Bad file descriptor) [pid 5040] close(9) = -1 EBADF (Bad file descriptor) [pid 5040] close(10) = -1 EBADF (Bad file descriptor) [pid 5040] close(11) = -1 EBADF (Bad file descriptor) [pid 5040] close(12) = -1 EBADF (Bad file descriptor) [pid 5040] close(13) = -1 EBADF (Bad file descriptor) [pid 5040] close(14) = -1 EBADF (Bad file descriptor) [pid 5040] close(15) = -1 EBADF (Bad file descriptor) [pid 5040] close(16) = -1 EBADF (Bad file descriptor) [pid 5040] close(17) = -1 EBADF (Bad file descriptor) [pid 5040] close(18) = -1 EBADF (Bad file descriptor) [pid 5040] close(19) = -1 EBADF (Bad file descriptor) [pid 5040] close(20) = -1 EBADF (Bad file descriptor) [pid 5040] close(21) = -1 EBADF (Bad file descriptor) [pid 5040] close(22) = -1 EBADF (Bad file descriptor) [pid 5040] close(23) = -1 EBADF (Bad file descriptor) [pid 5040] close(24) = -1 EBADF (Bad file descriptor) [pid 5040] close(25) = -1 EBADF (Bad file descriptor) [pid 5040] close(26) = -1 EBADF (Bad file descriptor) [pid 5040] close(27) = -1 EBADF (Bad file descriptor) [pid 5040] close(28) = -1 EBADF (Bad file descriptor) [pid 5040] close(29) = -1 EBADF (Bad file descriptor) [pid 5040] exit_group(0) = ? [pid 5040] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=65 /* 0.65 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./37/binderfs") = 0 [pid 4994] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./37/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./37") = 0 [pid 4994] mkdir("./38", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 40 ./strace-static-x86_64: Process 5041 attached [pid 5041] chdir("./38") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5041] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5041] memfd_create("syzkaller", 0) = 4 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5041] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5041] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5041] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5041] close(4) = 0 [pid 5041] mkdir("./file0", 0777) = 0 [pid 5041] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5041] chdir("./file0") = 0 [pid 5041] ioctl(5, LOOP_CLR_FD) = 0 [pid 5041] close(5) = 0 [pid 5041] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5041] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 114.480958][ T5041] loop0: detected capacity change from 0 to 4096 [ 114.492085][ T5041] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 114.510206][ T5041] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5041] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5041] open("./file0", O_RDONLY) = 7 [pid 5041] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 114.533665][ T27] audit: type=1800 audit(1683090856.441:78): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 114.556058][ T27] audit: type=1804 audit(1683090856.471:79): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/38/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5041] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5041] close(3) = 0 [pid 5041] close(4) = 0 [pid 5041] close(5) = 0 [pid 5041] close(6) = 0 [pid 5041] close(7) = 0 [pid 5041] close(8) = -1 EBADF (Bad file descriptor) [pid 5041] close(9) = -1 EBADF (Bad file descriptor) [pid 5041] close(10) = -1 EBADF (Bad file descriptor) [pid 5041] close(11) = -1 EBADF (Bad file descriptor) [pid 5041] close(12) = -1 EBADF (Bad file descriptor) [pid 5041] close(13) = -1 EBADF (Bad file descriptor) [pid 5041] close(14) = -1 EBADF (Bad file descriptor) [pid 5041] close(15) = -1 EBADF (Bad file descriptor) [pid 5041] close(16) = -1 EBADF (Bad file descriptor) [pid 5041] close(17) = -1 EBADF (Bad file descriptor) [pid 5041] close(18) = -1 EBADF (Bad file descriptor) [pid 5041] close(19) = -1 EBADF (Bad file descriptor) [pid 5041] close(20) = -1 EBADF (Bad file descriptor) [pid 5041] close(21) = -1 EBADF (Bad file descriptor) [pid 5041] close(22) = -1 EBADF (Bad file descriptor) [pid 5041] close(23) = -1 EBADF (Bad file descriptor) [pid 5041] close(24) = -1 EBADF (Bad file descriptor) [pid 5041] close(25) = -1 EBADF (Bad file descriptor) [pid 5041] close(26) = -1 EBADF (Bad file descriptor) [pid 5041] close(27) = -1 EBADF (Bad file descriptor) [pid 5041] close(28) = -1 EBADF (Bad file descriptor) [pid 5041] close(29) = -1 EBADF (Bad file descriptor) [pid 5041] exit_group(0) = ? [pid 5041] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=62 /* 0.62 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./38/binderfs") = 0 [pid 4994] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./38/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./38") = 0 [pid 4994] mkdir("./39", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 41 ./strace-static-x86_64: Process 5042 attached [pid 5042] chdir("./39") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5042] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5042] memfd_create("syzkaller", 0) = 4 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5042] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5042] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5042] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5042] close(4) = 0 [pid 5042] mkdir("./file0", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5042] chdir("./file0") = 0 [pid 5042] ioctl(5, LOOP_CLR_FD) = 0 [pid 5042] close(5) = 0 [pid 5042] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5042] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 115.639916][ T5042] loop0: detected capacity change from 0 to 4096 [ 115.651036][ T5042] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 115.669538][ T5042] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5042] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5042] open("./file0", O_RDONLY) = 7 [pid 5042] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 115.705503][ T27] audit: type=1800 audit(1683090857.621:80): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 115.727048][ T27] audit: type=1804 audit(1683090857.641:81): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/39/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5042] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5042] close(3) = 0 [pid 5042] close(4) = 0 [pid 5042] close(5) = 0 [pid 5042] close(6) = 0 [pid 5042] close(7) = 0 [pid 5042] close(8) = -1 EBADF (Bad file descriptor) [pid 5042] close(9) = -1 EBADF (Bad file descriptor) [pid 5042] close(10) = -1 EBADF (Bad file descriptor) [pid 5042] close(11) = -1 EBADF (Bad file descriptor) [pid 5042] close(12) = -1 EBADF (Bad file descriptor) [pid 5042] close(13) = -1 EBADF (Bad file descriptor) [pid 5042] close(14) = -1 EBADF (Bad file descriptor) [pid 5042] close(15) = -1 EBADF (Bad file descriptor) [pid 5042] close(16) = -1 EBADF (Bad file descriptor) [pid 5042] close(17) = -1 EBADF (Bad file descriptor) [pid 5042] close(18) = -1 EBADF (Bad file descriptor) [pid 5042] close(19) = -1 EBADF (Bad file descriptor) [pid 5042] close(20) = -1 EBADF (Bad file descriptor) [pid 5042] close(21) = -1 EBADF (Bad file descriptor) [pid 5042] close(22) = -1 EBADF (Bad file descriptor) [pid 5042] close(23) = -1 EBADF (Bad file descriptor) [pid 5042] close(24) = -1 EBADF (Bad file descriptor) [pid 5042] close(25) = -1 EBADF (Bad file descriptor) [pid 5042] close(26) = -1 EBADF (Bad file descriptor) [pid 5042] close(27) = -1 EBADF (Bad file descriptor) [pid 5042] close(28) = -1 EBADF (Bad file descriptor) [pid 5042] close(29) = -1 EBADF (Bad file descriptor) [pid 5042] exit_group(0) = ? [pid 5042] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 4994] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./39/binderfs") = 0 [pid 4994] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./39/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./39") = 0 [pid 4994] mkdir("./40", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 42 ./strace-static-x86_64: Process 5043 attached [pid 5043] chdir("./40") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5043] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5043] memfd_create("syzkaller", 0) = 4 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5043] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5043] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5043] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5043] close(4) = 0 [pid 5043] mkdir("./file0", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5043] chdir("./file0") = 0 [pid 5043] ioctl(5, LOOP_CLR_FD) = 0 [pid 5043] close(5) = 0 [pid 5043] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5043] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 116.813701][ T5043] loop0: detected capacity change from 0 to 4096 [ 116.823129][ T5043] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 116.841222][ T5043] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5043] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5043] open("./file0", O_RDONLY) = 7 [pid 5043] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 116.867582][ T27] audit: type=1800 audit(1683090858.781:82): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 116.890980][ T27] audit: type=1804 audit(1683090858.801:83): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/40/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5043] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5043] close(3) = 0 [pid 5043] close(4) = 0 [pid 5043] close(5) = 0 [pid 5043] close(6) = 0 [pid 5043] close(7) = 0 [pid 5043] close(8) = -1 EBADF (Bad file descriptor) [pid 5043] close(9) = -1 EBADF (Bad file descriptor) [pid 5043] close(10) = -1 EBADF (Bad file descriptor) [pid 5043] close(11) = -1 EBADF (Bad file descriptor) [pid 5043] close(12) = -1 EBADF (Bad file descriptor) [pid 5043] close(13) = -1 EBADF (Bad file descriptor) [pid 5043] close(14) = -1 EBADF (Bad file descriptor) [pid 5043] close(15) = -1 EBADF (Bad file descriptor) [pid 5043] close(16) = -1 EBADF (Bad file descriptor) [pid 5043] close(17) = -1 EBADF (Bad file descriptor) [pid 5043] close(18) = -1 EBADF (Bad file descriptor) [pid 5043] close(19) = -1 EBADF (Bad file descriptor) [pid 5043] close(20) = -1 EBADF (Bad file descriptor) [pid 5043] close(21) = -1 EBADF (Bad file descriptor) [pid 5043] close(22) = -1 EBADF (Bad file descriptor) [pid 5043] close(23) = -1 EBADF (Bad file descriptor) [pid 5043] close(24) = -1 EBADF (Bad file descriptor) [pid 5043] close(25) = -1 EBADF (Bad file descriptor) [pid 5043] close(26) = -1 EBADF (Bad file descriptor) [pid 5043] close(27) = -1 EBADF (Bad file descriptor) [pid 5043] close(28) = -1 EBADF (Bad file descriptor) [pid 5043] close(29) = -1 EBADF (Bad file descriptor) [pid 5043] exit_group(0) = ? [pid 5043] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=54 /* 0.54 s */} --- [pid 4994] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./40/binderfs") = 0 [pid 4994] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./40/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./40") = 0 [pid 4994] mkdir("./41", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 43 ./strace-static-x86_64: Process 5044 attached [pid 5044] chdir("./41") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5044] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5044] memfd_create("syzkaller", 0) = 4 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5044] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5044] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5044] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5044] close(4) = 0 [pid 5044] mkdir("./file0", 0777) = 0 [pid 5044] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5044] chdir("./file0") = 0 [pid 5044] ioctl(5, LOOP_CLR_FD) = 0 [pid 5044] close(5) = 0 [pid 5044] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5044] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5044] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [ 117.937933][ T5044] loop0: detected capacity change from 0 to 4096 [ 117.948784][ T5044] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 117.965442][ T5044] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5044] open("./file0", O_RDONLY) = 7 [pid 5044] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 117.995113][ T27] audit: type=1800 audit(1683090859.911:84): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 118.019423][ T27] audit: type=1804 audit(1683090859.911:85): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/41/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5044] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5044] close(3) = 0 [pid 5044] close(4) = 0 [pid 5044] close(5) = 0 [pid 5044] close(6) = 0 [pid 5044] close(7) = 0 [pid 5044] close(8) = -1 EBADF (Bad file descriptor) [pid 5044] close(9) = -1 EBADF (Bad file descriptor) [pid 5044] close(10) = -1 EBADF (Bad file descriptor) [pid 5044] close(11) = -1 EBADF (Bad file descriptor) [pid 5044] close(12) = -1 EBADF (Bad file descriptor) [pid 5044] close(13) = -1 EBADF (Bad file descriptor) [pid 5044] close(14) = -1 EBADF (Bad file descriptor) [pid 5044] close(15) = -1 EBADF (Bad file descriptor) [pid 5044] close(16) = -1 EBADF (Bad file descriptor) [pid 5044] close(17) = -1 EBADF (Bad file descriptor) [pid 5044] close(18) = -1 EBADF (Bad file descriptor) [pid 5044] close(19) = -1 EBADF (Bad file descriptor) [pid 5044] close(20) = -1 EBADF (Bad file descriptor) [pid 5044] close(21) = -1 EBADF (Bad file descriptor) [pid 5044] close(22) = -1 EBADF (Bad file descriptor) [pid 5044] close(23) = -1 EBADF (Bad file descriptor) [pid 5044] close(24) = -1 EBADF (Bad file descriptor) [pid 5044] close(25) = -1 EBADF (Bad file descriptor) [pid 5044] close(26) = -1 EBADF (Bad file descriptor) [pid 5044] close(27) = -1 EBADF (Bad file descriptor) [pid 5044] close(28) = -1 EBADF (Bad file descriptor) [pid 5044] close(29) = -1 EBADF (Bad file descriptor) [pid 5044] exit_group(0) = ? [pid 5044] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=57 /* 0.57 s */} --- [pid 4994] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./41/binderfs") = 0 [pid 4994] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./41/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./41") = 0 [pid 4994] mkdir("./42", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 44 ./strace-static-x86_64: Process 5045 attached [pid 5045] chdir("./42") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5045] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5045] memfd_create("syzkaller", 0) = 4 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5045] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5045] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5045] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5045] close(4) = 0 [pid 5045] mkdir("./file0", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5045] chdir("./file0") = 0 [pid 5045] ioctl(5, LOOP_CLR_FD) = 0 [pid 5045] close(5) = 0 [pid 5045] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5045] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 119.065050][ T5045] loop0: detected capacity change from 0 to 4096 [ 119.075981][ T5045] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 119.091428][ T5045] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5045] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5045] open("./file0", O_RDONLY) = 7 [pid 5045] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 119.104836][ T27] audit: type=1800 audit(1683090861.021:86): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 119.126271][ T27] audit: type=1804 audit(1683090861.041:87): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/42/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5045] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5045] close(3) = 0 [pid 5045] close(4) = 0 [pid 5045] close(5) = 0 [pid 5045] close(6) = 0 [pid 5045] close(7) = 0 [pid 5045] close(8) = -1 EBADF (Bad file descriptor) [pid 5045] close(9) = -1 EBADF (Bad file descriptor) [pid 5045] close(10) = -1 EBADF (Bad file descriptor) [pid 5045] close(11) = -1 EBADF (Bad file descriptor) [pid 5045] close(12) = -1 EBADF (Bad file descriptor) [pid 5045] close(13) = -1 EBADF (Bad file descriptor) [pid 5045] close(14) = -1 EBADF (Bad file descriptor) [pid 5045] close(15) = -1 EBADF (Bad file descriptor) [pid 5045] close(16) = -1 EBADF (Bad file descriptor) [pid 5045] close(17) = -1 EBADF (Bad file descriptor) [pid 5045] close(18) = -1 EBADF (Bad file descriptor) [pid 5045] close(19) = -1 EBADF (Bad file descriptor) [pid 5045] close(20) = -1 EBADF (Bad file descriptor) [pid 5045] close(21) = -1 EBADF (Bad file descriptor) [pid 5045] close(22) = -1 EBADF (Bad file descriptor) [pid 5045] close(23) = -1 EBADF (Bad file descriptor) [pid 5045] close(24) = -1 EBADF (Bad file descriptor) [pid 5045] close(25) = -1 EBADF (Bad file descriptor) [pid 5045] close(26) = -1 EBADF (Bad file descriptor) [pid 5045] close(27) = -1 EBADF (Bad file descriptor) [pid 5045] close(28) = -1 EBADF (Bad file descriptor) [pid 5045] close(29) = -1 EBADF (Bad file descriptor) [pid 5045] exit_group(0) = ? [pid 5045] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=55 /* 0.55 s */} --- [pid 4994] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./42/binderfs") = 0 [pid 4994] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./42/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./42") = 0 [pid 4994] mkdir("./43", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 45 ./strace-static-x86_64: Process 5046 attached [pid 5046] chdir("./43") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5046] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5046] memfd_create("syzkaller", 0) = 4 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5046] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5046] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5046] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5046] close(4) = 0 [pid 5046] mkdir("./file0", 0777) = 0 [pid 5046] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5046] chdir("./file0") = 0 [pid 5046] ioctl(5, LOOP_CLR_FD) = 0 [pid 5046] close(5) = 0 [pid 5046] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5046] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 120.152297][ T5046] loop0: detected capacity change from 0 to 4096 [ 120.162359][ T5046] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 120.179774][ T5046] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5046] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5046] open("./file0", O_RDONLY) = 7 [pid 5046] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 120.212572][ T27] audit: type=1800 audit(1683090862.121:88): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 120.232948][ T27] audit: type=1804 audit(1683090862.141:89): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/43/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5046] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5046] close(3) = 0 [pid 5046] close(4) = 0 [pid 5046] close(5) = 0 [pid 5046] close(6) = 0 [pid 5046] close(7) = 0 [pid 5046] close(8) = -1 EBADF (Bad file descriptor) [pid 5046] close(9) = -1 EBADF (Bad file descriptor) [pid 5046] close(10) = -1 EBADF (Bad file descriptor) [pid 5046] close(11) = -1 EBADF (Bad file descriptor) [pid 5046] close(12) = -1 EBADF (Bad file descriptor) [pid 5046] close(13) = -1 EBADF (Bad file descriptor) [pid 5046] close(14) = -1 EBADF (Bad file descriptor) [pid 5046] close(15) = -1 EBADF (Bad file descriptor) [pid 5046] close(16) = -1 EBADF (Bad file descriptor) [pid 5046] close(17) = -1 EBADF (Bad file descriptor) [pid 5046] close(18) = -1 EBADF (Bad file descriptor) [pid 5046] close(19) = -1 EBADF (Bad file descriptor) [pid 5046] close(20) = -1 EBADF (Bad file descriptor) [pid 5046] close(21) = -1 EBADF (Bad file descriptor) [pid 5046] close(22) = -1 EBADF (Bad file descriptor) [pid 5046] close(23) = -1 EBADF (Bad file descriptor) [pid 5046] close(24) = -1 EBADF (Bad file descriptor) [pid 5046] close(25) = -1 EBADF (Bad file descriptor) [pid 5046] close(26) = -1 EBADF (Bad file descriptor) [pid 5046] close(27) = -1 EBADF (Bad file descriptor) [pid 5046] close(28) = -1 EBADF (Bad file descriptor) [pid 5046] close(29) = -1 EBADF (Bad file descriptor) [pid 5046] exit_group(0) = ? [pid 5046] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=53 /* 0.53 s */} --- [pid 4994] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./43/binderfs") = 0 [pid 4994] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./43/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./43") = 0 [pid 4994] mkdir("./44", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 46 ./strace-static-x86_64: Process 5047 attached [pid 5047] chdir("./44") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5047] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5047] memfd_create("syzkaller", 0) = 4 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5047] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5047] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5047] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5047] close(4) = 0 [pid 5047] mkdir("./file0", 0777) = 0 [pid 5047] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5047] chdir("./file0") = 0 [pid 5047] ioctl(5, LOOP_CLR_FD) = 0 [pid 5047] close(5) = 0 [pid 5047] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5047] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5047] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [ 121.233019][ T5047] loop0: detected capacity change from 0 to 4096 [ 121.243912][ T5047] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 121.261480][ T5047] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5047] open("./file0", O_RDONLY) = 7 [pid 5047] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 121.281548][ T27] audit: type=1800 audit(1683090863.191:90): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 121.306939][ T27] audit: type=1804 audit(1683090863.191:91): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/44/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5047] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5047] close(3) = 0 [pid 5047] close(4) = 0 [pid 5047] close(5) = 0 [pid 5047] close(6) = 0 [pid 5047] close(7) = 0 [pid 5047] close(8) = -1 EBADF (Bad file descriptor) [pid 5047] close(9) = -1 EBADF (Bad file descriptor) [pid 5047] close(10) = -1 EBADF (Bad file descriptor) [pid 5047] close(11) = -1 EBADF (Bad file descriptor) [pid 5047] close(12) = -1 EBADF (Bad file descriptor) [pid 5047] close(13) = -1 EBADF (Bad file descriptor) [pid 5047] close(14) = -1 EBADF (Bad file descriptor) [pid 5047] close(15) = -1 EBADF (Bad file descriptor) [pid 5047] close(16) = -1 EBADF (Bad file descriptor) [pid 5047] close(17) = -1 EBADF (Bad file descriptor) [pid 5047] close(18) = -1 EBADF (Bad file descriptor) [pid 5047] close(19) = -1 EBADF (Bad file descriptor) [pid 5047] close(20) = -1 EBADF (Bad file descriptor) [pid 5047] close(21) = -1 EBADF (Bad file descriptor) [pid 5047] close(22) = -1 EBADF (Bad file descriptor) [pid 5047] close(23) = -1 EBADF (Bad file descriptor) [pid 5047] close(24) = -1 EBADF (Bad file descriptor) [pid 5047] close(25) = -1 EBADF (Bad file descriptor) [pid 5047] close(26) = -1 EBADF (Bad file descriptor) [pid 5047] close(27) = -1 EBADF (Bad file descriptor) [pid 5047] close(28) = -1 EBADF (Bad file descriptor) [pid 5047] close(29) = -1 EBADF (Bad file descriptor) [pid 5047] exit_group(0) = ? [pid 5047] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=63 /* 0.63 s */} --- [pid 4994] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./44/binderfs") = 0 [pid 4994] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./44/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./44") = 0 [pid 4994] mkdir("./45", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 47 ./strace-static-x86_64: Process 5048 attached [pid 5048] chdir("./45") = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 [pid 5048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5048] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5048] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5048] memfd_create("syzkaller", 0) = 4 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5048] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5048] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5048] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5048] close(4) = 0 [pid 5048] mkdir("./file0", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5048] chdir("./file0") = 0 [pid 5048] ioctl(5, LOOP_CLR_FD) = 0 [pid 5048] close(5) = 0 [pid 5048] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5048] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 122.349653][ T5048] loop0: detected capacity change from 0 to 4096 [ 122.359906][ T5048] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 122.379737][ T5048] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5048] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5048] open("./file0", O_RDONLY) = 7 [pid 5048] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 122.398580][ T27] audit: type=1800 audit(1683090864.311:92): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 122.419250][ T27] audit: type=1804 audit(1683090864.311:93): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/45/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5048] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5048] close(3) = 0 [pid 5048] close(4) = 0 [pid 5048] close(5) = 0 [pid 5048] close(6) = 0 [pid 5048] close(7) = 0 [pid 5048] close(8) = -1 EBADF (Bad file descriptor) [pid 5048] close(9) = -1 EBADF (Bad file descriptor) [pid 5048] close(10) = -1 EBADF (Bad file descriptor) [pid 5048] close(11) = -1 EBADF (Bad file descriptor) [pid 5048] close(12) = -1 EBADF (Bad file descriptor) [pid 5048] close(13) = -1 EBADF (Bad file descriptor) [pid 5048] close(14) = -1 EBADF (Bad file descriptor) [pid 5048] close(15) = -1 EBADF (Bad file descriptor) [pid 5048] close(16) = -1 EBADF (Bad file descriptor) [pid 5048] close(17) = -1 EBADF (Bad file descriptor) [pid 5048] close(18) = -1 EBADF (Bad file descriptor) [pid 5048] close(19) = -1 EBADF (Bad file descriptor) [pid 5048] close(20) = -1 EBADF (Bad file descriptor) [pid 5048] close(21) = -1 EBADF (Bad file descriptor) [pid 5048] close(22) = -1 EBADF (Bad file descriptor) [pid 5048] close(23) = -1 EBADF (Bad file descriptor) [pid 5048] close(24) = -1 EBADF (Bad file descriptor) [pid 5048] close(25) = -1 EBADF (Bad file descriptor) [pid 5048] close(26) = -1 EBADF (Bad file descriptor) [pid 5048] close(27) = -1 EBADF (Bad file descriptor) [pid 5048] close(28) = -1 EBADF (Bad file descriptor) [pid 5048] close(29) = -1 EBADF (Bad file descriptor) [pid 5048] exit_group(0) = ? [pid 5048] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=60 /* 0.60 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./45/binderfs") = 0 [pid 4994] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./45/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./45") = 0 [pid 4994] mkdir("./46", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x55555716c5d0) = 48 [pid 5049] chdir("./46") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5049] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5049] memfd_create("syzkaller", 0) = 4 [pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5049] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5049] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5049] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5049] close(4) = 0 [pid 5049] mkdir("./file0", 0777) = 0 [pid 5049] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5049] chdir("./file0") = 0 [pid 5049] ioctl(5, LOOP_CLR_FD) = 0 [pid 5049] close(5) = 0 [pid 5049] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5049] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 123.467354][ T5049] loop0: detected capacity change from 0 to 4096 [ 123.478943][ T5049] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 123.495398][ T5049] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5049] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5049] open("./file0", O_RDONLY) = 7 [pid 5049] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 123.514114][ T27] audit: type=1800 audit(1683090865.421:94): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 123.539350][ T27] audit: type=1804 audit(1683090865.451:95): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/46/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5049] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5049] close(3) = 0 [pid 5049] close(4) = 0 [pid 5049] close(5) = 0 [pid 5049] close(6) = 0 [pid 5049] close(7) = 0 [pid 5049] close(8) = -1 EBADF (Bad file descriptor) [pid 5049] close(9) = -1 EBADF (Bad file descriptor) [pid 5049] close(10) = -1 EBADF (Bad file descriptor) [pid 5049] close(11) = -1 EBADF (Bad file descriptor) [pid 5049] close(12) = -1 EBADF (Bad file descriptor) [pid 5049] close(13) = -1 EBADF (Bad file descriptor) [pid 5049] close(14) = -1 EBADF (Bad file descriptor) [pid 5049] close(15) = -1 EBADF (Bad file descriptor) [pid 5049] close(16) = -1 EBADF (Bad file descriptor) [pid 5049] close(17) = -1 EBADF (Bad file descriptor) [pid 5049] close(18) = -1 EBADF (Bad file descriptor) [pid 5049] close(19) = -1 EBADF (Bad file descriptor) [pid 5049] close(20) = -1 EBADF (Bad file descriptor) [pid 5049] close(21) = -1 EBADF (Bad file descriptor) [pid 5049] close(22) = -1 EBADF (Bad file descriptor) [pid 5049] close(23) = -1 EBADF (Bad file descriptor) [pid 5049] close(24) = -1 EBADF (Bad file descriptor) [pid 5049] close(25) = -1 EBADF (Bad file descriptor) [pid 5049] close(26) = -1 EBADF (Bad file descriptor) [pid 5049] close(27) = -1 EBADF (Bad file descriptor) [pid 5049] close(28) = -1 EBADF (Bad file descriptor) [pid 5049] close(29) = -1 EBADF (Bad file descriptor) [pid 5049] exit_group(0) = ? [pid 5049] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=55 /* 0.55 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./46/binderfs") = 0 [pid 4994] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./46/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./46") = 0 [pid 4994] mkdir("./47", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 49 ./strace-static-x86_64: Process 5050 attached [pid 5050] chdir("./47") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5050] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5050] memfd_create("syzkaller", 0) = 4 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5050] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5050] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5050] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5050] close(4) = 0 [pid 5050] mkdir("./file0", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5050] chdir("./file0") = 0 [pid 5050] ioctl(5, LOOP_CLR_FD) = 0 [pid 5050] close(5) = 0 [pid 5050] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5050] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 124.603816][ T5050] loop0: detected capacity change from 0 to 4096 [ 124.615272][ T5050] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 124.632863][ T5050] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5050] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5050] open("./file0", O_RDONLY) = 7 [pid 5050] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 124.656705][ T27] audit: type=1800 audit(1683090866.571:96): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 124.677840][ T27] audit: type=1804 audit(1683090866.581:97): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/47/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5050] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5050] close(3) = 0 [pid 5050] close(4) = 0 [pid 5050] close(5) = 0 [pid 5050] close(6) = 0 [pid 5050] close(7) = 0 [pid 5050] close(8) = -1 EBADF (Bad file descriptor) [pid 5050] close(9) = -1 EBADF (Bad file descriptor) [pid 5050] close(10) = -1 EBADF (Bad file descriptor) [pid 5050] close(11) = -1 EBADF (Bad file descriptor) [pid 5050] close(12) = -1 EBADF (Bad file descriptor) [pid 5050] close(13) = -1 EBADF (Bad file descriptor) [pid 5050] close(14) = -1 EBADF (Bad file descriptor) [pid 5050] close(15) = -1 EBADF (Bad file descriptor) [pid 5050] close(16) = -1 EBADF (Bad file descriptor) [pid 5050] close(17) = -1 EBADF (Bad file descriptor) [pid 5050] close(18) = -1 EBADF (Bad file descriptor) [pid 5050] close(19) = -1 EBADF (Bad file descriptor) [pid 5050] close(20) = -1 EBADF (Bad file descriptor) [pid 5050] close(21) = -1 EBADF (Bad file descriptor) [pid 5050] close(22) = -1 EBADF (Bad file descriptor) [pid 5050] close(23) = -1 EBADF (Bad file descriptor) [pid 5050] close(24) = -1 EBADF (Bad file descriptor) [pid 5050] close(25) = -1 EBADF (Bad file descriptor) [pid 5050] close(26) = -1 EBADF (Bad file descriptor) [pid 5050] close(27) = -1 EBADF (Bad file descriptor) [pid 5050] close(28) = -1 EBADF (Bad file descriptor) [pid 5050] close(29) = -1 EBADF (Bad file descriptor) [pid 5050] exit_group(0) = ? [pid 5050] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=63 /* 0.63 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./47/binderfs") = 0 [pid 4994] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./47/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./47") = 0 [pid 4994] mkdir("./48", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 50 ./strace-static-x86_64: Process 5051 attached [pid 5051] chdir("./48") = 0 [pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5051] setpgid(0, 0) = 0 [pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5051] write(3, "1000", 4) = 4 [pid 5051] close(3) = 0 [pid 5051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5051] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5051] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5051] memfd_create("syzkaller", 0) = 4 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5051] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5051] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5051] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5051] close(4) = 0 [pid 5051] mkdir("./file0", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5051] chdir("./file0") = 0 [pid 5051] ioctl(5, LOOP_CLR_FD) = 0 [pid 5051] close(5) = 0 [pid 5051] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5051] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 125.721965][ T5051] loop0: detected capacity change from 0 to 4096 [ 125.733310][ T5051] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 125.751304][ T5051] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5051] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5051] open("./file0", O_RDONLY) = 7 [pid 5051] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 125.781069][ T27] audit: type=1800 audit(1683090867.691:98): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 125.801854][ T27] audit: type=1804 audit(1683090867.701:99): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/48/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5051] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5051] close(3) = 0 [pid 5051] close(4) = 0 [pid 5051] close(5) = 0 [pid 5051] close(6) = 0 [pid 5051] close(7) = 0 [pid 5051] close(8) = -1 EBADF (Bad file descriptor) [pid 5051] close(9) = -1 EBADF (Bad file descriptor) [pid 5051] close(10) = -1 EBADF (Bad file descriptor) [pid 5051] close(11) = -1 EBADF (Bad file descriptor) [pid 5051] close(12) = -1 EBADF (Bad file descriptor) [pid 5051] close(13) = -1 EBADF (Bad file descriptor) [pid 5051] close(14) = -1 EBADF (Bad file descriptor) [pid 5051] close(15) = -1 EBADF (Bad file descriptor) [pid 5051] close(16) = -1 EBADF (Bad file descriptor) [pid 5051] close(17) = -1 EBADF (Bad file descriptor) [pid 5051] close(18) = -1 EBADF (Bad file descriptor) [pid 5051] close(19) = -1 EBADF (Bad file descriptor) [pid 5051] close(20) = -1 EBADF (Bad file descriptor) [pid 5051] close(21) = -1 EBADF (Bad file descriptor) [pid 5051] close(22) = -1 EBADF (Bad file descriptor) [pid 5051] close(23) = -1 EBADF (Bad file descriptor) [pid 5051] close(24) = -1 EBADF (Bad file descriptor) [pid 5051] close(25) = -1 EBADF (Bad file descriptor) [pid 5051] close(26) = -1 EBADF (Bad file descriptor) [pid 5051] close(27) = -1 EBADF (Bad file descriptor) [pid 5051] close(28) = -1 EBADF (Bad file descriptor) [pid 5051] close(29) = -1 EBADF (Bad file descriptor) [pid 5051] exit_group(0) = ? [pid 5051] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=54 /* 0.54 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./48/binderfs") = 0 [pid 4994] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./48/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./48") = 0 [pid 4994] mkdir("./49", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 51 ./strace-static-x86_64: Process 5052 attached [pid 5052] chdir("./49") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5052] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5052] memfd_create("syzkaller", 0) = 4 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5052] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5052] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5052] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5052] close(4) = 0 [pid 5052] mkdir("./file0", 0777) = 0 [pid 5052] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5052] chdir("./file0") = 0 [pid 5052] ioctl(5, LOOP_CLR_FD) = 0 [pid 5052] close(5) = 0 [pid 5052] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 126.871284][ T5052] loop0: detected capacity change from 0 to 4096 [ 126.880676][ T5052] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 126.896788][ T5052] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5052] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5052] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5052] open("./file0", O_RDONLY) = 7 [pid 5052] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 126.912522][ T27] audit: type=1800 audit(1683090868.821:100): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 126.941627][ T27] audit: type=1804 audit(1683090868.821:101): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/49/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5052] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5052] close(3) = 0 [pid 5052] close(4) = 0 [pid 5052] close(5) = 0 [pid 5052] close(6) = 0 [pid 5052] close(7) = 0 [pid 5052] close(8) = -1 EBADF (Bad file descriptor) [pid 5052] close(9) = -1 EBADF (Bad file descriptor) [pid 5052] close(10) = -1 EBADF (Bad file descriptor) [pid 5052] close(11) = -1 EBADF (Bad file descriptor) [pid 5052] close(12) = -1 EBADF (Bad file descriptor) [pid 5052] close(13) = -1 EBADF (Bad file descriptor) [pid 5052] close(14) = -1 EBADF (Bad file descriptor) [pid 5052] close(15) = -1 EBADF (Bad file descriptor) [pid 5052] close(16) = -1 EBADF (Bad file descriptor) [pid 5052] close(17) = -1 EBADF (Bad file descriptor) [pid 5052] close(18) = -1 EBADF (Bad file descriptor) [pid 5052] close(19) = -1 EBADF (Bad file descriptor) [pid 5052] close(20) = -1 EBADF (Bad file descriptor) [pid 5052] close(21) = -1 EBADF (Bad file descriptor) [pid 5052] close(22) = -1 EBADF (Bad file descriptor) [pid 5052] close(23) = -1 EBADF (Bad file descriptor) [pid 5052] close(24) = -1 EBADF (Bad file descriptor) [pid 5052] close(25) = -1 EBADF (Bad file descriptor) [pid 5052] close(26) = -1 EBADF (Bad file descriptor) [pid 5052] close(27) = -1 EBADF (Bad file descriptor) [pid 5052] close(28) = -1 EBADF (Bad file descriptor) [pid 5052] close(29) = -1 EBADF (Bad file descriptor) [pid 5052] exit_group(0) = ? [pid 5052] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=60 /* 0.60 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./49/binderfs") = 0 [pid 4994] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./49/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./49") = 0 [pid 4994] mkdir("./50", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 52 ./strace-static-x86_64: Process 5053 attached [pid 5053] chdir("./50") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5053] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5053] memfd_create("syzkaller", 0) = 4 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5053] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5053] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5053] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5053] close(4) = 0 [pid 5053] mkdir("./file0", 0777) = 0 [pid 5053] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5053] chdir("./file0") = 0 [pid 5053] ioctl(5, LOOP_CLR_FD) = 0 [pid 5053] close(5) = 0 [pid 5053] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 127.975899][ T5053] loop0: detected capacity change from 0 to 4096 [ 127.986166][ T5053] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 128.002486][ T5053] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5053] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5053] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5053] open("./file0", O_RDONLY) = 7 [pid 5053] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 128.016791][ T27] audit: type=1800 audit(1683090869.931:102): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 128.052525][ T27] audit: type=1804 audit(1683090869.931:103): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/50/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5053] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5053] close(3) = 0 [pid 5053] close(4) = 0 [pid 5053] close(5) = 0 [pid 5053] close(6) = 0 [pid 5053] close(7) = 0 [pid 5053] close(8) = -1 EBADF (Bad file descriptor) [pid 5053] close(9) = -1 EBADF (Bad file descriptor) [pid 5053] close(10) = -1 EBADF (Bad file descriptor) [pid 5053] close(11) = -1 EBADF (Bad file descriptor) [pid 5053] close(12) = -1 EBADF (Bad file descriptor) [pid 5053] close(13) = -1 EBADF (Bad file descriptor) [pid 5053] close(14) = -1 EBADF (Bad file descriptor) [pid 5053] close(15) = -1 EBADF (Bad file descriptor) [pid 5053] close(16) = -1 EBADF (Bad file descriptor) [pid 5053] close(17) = -1 EBADF (Bad file descriptor) [pid 5053] close(18) = -1 EBADF (Bad file descriptor) [pid 5053] close(19) = -1 EBADF (Bad file descriptor) [pid 5053] close(20) = -1 EBADF (Bad file descriptor) [pid 5053] close(21) = -1 EBADF (Bad file descriptor) [pid 5053] close(22) = -1 EBADF (Bad file descriptor) [pid 5053] close(23) = -1 EBADF (Bad file descriptor) [pid 5053] close(24) = -1 EBADF (Bad file descriptor) [pid 5053] close(25) = -1 EBADF (Bad file descriptor) [pid 5053] close(26) = -1 EBADF (Bad file descriptor) [pid 5053] close(27) = -1 EBADF (Bad file descriptor) [pid 5053] close(28) = -1 EBADF (Bad file descriptor) [pid 5053] close(29) = -1 EBADF (Bad file descriptor) [pid 5053] exit_group(0) = ? [pid 5053] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=54 /* 0.54 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./50/binderfs") = 0 [pid 4994] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./50/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./50") = 0 [pid 4994] mkdir("./51", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 53 ./strace-static-x86_64: Process 5054 attached [pid 5054] chdir("./51") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5054] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5054] memfd_create("syzkaller", 0) = 4 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5054] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5054] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5054] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5054] close(4) = 0 [pid 5054] mkdir("./file0", 0777) = 0 [pid 5054] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5054] chdir("./file0") = 0 [pid 5054] ioctl(5, LOOP_CLR_FD) = 0 [pid 5054] close(5) = 0 [pid 5054] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5054] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 129.069781][ T5054] loop0: detected capacity change from 0 to 4096 [ 129.079751][ T5054] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 129.097641][ T5054] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5054] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5054] open("./file0", O_RDONLY) = 7 [pid 5054] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 129.123824][ T27] audit: type=1800 audit(1683090871.031:104): pid=5054 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 129.147612][ T27] audit: type=1804 audit(1683090871.061:105): pid=5054 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/51/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5054] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5054] close(3) = 0 [pid 5054] close(4) = 0 [pid 5054] close(5) = 0 [pid 5054] close(6) = 0 [pid 5054] close(7) = 0 [pid 5054] close(8) = -1 EBADF (Bad file descriptor) [pid 5054] close(9) = -1 EBADF (Bad file descriptor) [pid 5054] close(10) = -1 EBADF (Bad file descriptor) [pid 5054] close(11) = -1 EBADF (Bad file descriptor) [pid 5054] close(12) = -1 EBADF (Bad file descriptor) [pid 5054] close(13) = -1 EBADF (Bad file descriptor) [pid 5054] close(14) = -1 EBADF (Bad file descriptor) [pid 5054] close(15) = -1 EBADF (Bad file descriptor) [pid 5054] close(16) = -1 EBADF (Bad file descriptor) [pid 5054] close(17) = -1 EBADF (Bad file descriptor) [pid 5054] close(18) = -1 EBADF (Bad file descriptor) [pid 5054] close(19) = -1 EBADF (Bad file descriptor) [pid 5054] close(20) = -1 EBADF (Bad file descriptor) [pid 5054] close(21) = -1 EBADF (Bad file descriptor) [pid 5054] close(22) = -1 EBADF (Bad file descriptor) [pid 5054] close(23) = -1 EBADF (Bad file descriptor) [pid 5054] close(24) = -1 EBADF (Bad file descriptor) [pid 5054] close(25) = -1 EBADF (Bad file descriptor) [pid 5054] close(26) = -1 EBADF (Bad file descriptor) [pid 5054] close(27) = -1 EBADF (Bad file descriptor) [pid 5054] close(28) = -1 EBADF (Bad file descriptor) [pid 5054] close(29) = -1 EBADF (Bad file descriptor) [pid 5054] exit_group(0) = ? [pid 5054] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./51/binderfs") = 0 [pid 4994] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./51/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./51") = 0 [pid 4994] mkdir("./52", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 54 ./strace-static-x86_64: Process 5055 attached [pid 5055] chdir("./52") = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5055] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5055] memfd_create("syzkaller", 0) = 4 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5055] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5055] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5055] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5055] close(4) = 0 [pid 5055] mkdir("./file0", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5055] chdir("./file0") = 0 [pid 5055] ioctl(5, LOOP_CLR_FD) = 0 [pid 5055] close(5) = 0 [ 130.178694][ T5055] loop0: detected capacity change from 0 to 4096 [ 130.189786][ T5055] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 130.207127][ T5055] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5055] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5055] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5055] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5055] open("./file0", O_RDONLY) = 7 [pid 5055] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 130.221338][ T27] audit: type=1800 audit(1683090872.131:106): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 130.253028][ T27] audit: type=1804 audit(1683090872.131:107): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/52/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5055] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5055] close(3) = 0 [pid 5055] close(4) = 0 [pid 5055] close(5) = 0 [pid 5055] close(6) = 0 [pid 5055] close(7) = 0 [pid 5055] close(8) = -1 EBADF (Bad file descriptor) [pid 5055] close(9) = -1 EBADF (Bad file descriptor) [pid 5055] close(10) = -1 EBADF (Bad file descriptor) [pid 5055] close(11) = -1 EBADF (Bad file descriptor) [pid 5055] close(12) = -1 EBADF (Bad file descriptor) [pid 5055] close(13) = -1 EBADF (Bad file descriptor) [pid 5055] close(14) = -1 EBADF (Bad file descriptor) [pid 5055] close(15) = -1 EBADF (Bad file descriptor) [pid 5055] close(16) = -1 EBADF (Bad file descriptor) [pid 5055] close(17) = -1 EBADF (Bad file descriptor) [pid 5055] close(18) = -1 EBADF (Bad file descriptor) [pid 5055] close(19) = -1 EBADF (Bad file descriptor) [pid 5055] close(20) = -1 EBADF (Bad file descriptor) [pid 5055] close(21) = -1 EBADF (Bad file descriptor) [pid 5055] close(22) = -1 EBADF (Bad file descriptor) [pid 5055] close(23) = -1 EBADF (Bad file descriptor) [pid 5055] close(24) = -1 EBADF (Bad file descriptor) [pid 5055] close(25) = -1 EBADF (Bad file descriptor) [pid 5055] close(26) = -1 EBADF (Bad file descriptor) [pid 5055] close(27) = -1 EBADF (Bad file descriptor) [pid 5055] close(28) = -1 EBADF (Bad file descriptor) [pid 5055] close(29) = -1 EBADF (Bad file descriptor) [pid 5055] exit_group(0) = ? [pid 5055] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=58 /* 0.58 s */} --- [pid 4994] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./52/binderfs") = 0 [pid 4994] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./52/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./52") = 0 [pid 4994] mkdir("./53", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 55 ./strace-static-x86_64: Process 5056 attached [pid 5056] chdir("./53") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5056] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5056] memfd_create("syzkaller", 0) = 4 [pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5056] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5056] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5056] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5056] close(4) = 0 [pid 5056] mkdir("./file0", 0777) = 0 [pid 5056] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5056] chdir("./file0") = 0 [pid 5056] ioctl(5, LOOP_CLR_FD) = 0 [pid 5056] close(5) = 0 [pid 5056] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5056] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 131.221289][ T5056] loop0: detected capacity change from 0 to 4096 [ 131.241272][ T5056] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 131.258615][ T5056] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5056] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5056] open("./file0", O_RDONLY) = 7 [pid 5056] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 131.283816][ T27] audit: type=1800 audit(1683090873.191:108): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 131.305576][ T27] audit: type=1804 audit(1683090873.221:109): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/53/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5056] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5056] close(3) = 0 [pid 5056] close(4) = 0 [pid 5056] close(5) = 0 [pid 5056] close(6) = 0 [pid 5056] close(7) = 0 [pid 5056] close(8) = -1 EBADF (Bad file descriptor) [pid 5056] close(9) = -1 EBADF (Bad file descriptor) [pid 5056] close(10) = -1 EBADF (Bad file descriptor) [pid 5056] close(11) = -1 EBADF (Bad file descriptor) [pid 5056] close(12) = -1 EBADF (Bad file descriptor) [pid 5056] close(13) = -1 EBADF (Bad file descriptor) [pid 5056] close(14) = -1 EBADF (Bad file descriptor) [pid 5056] close(15) = -1 EBADF (Bad file descriptor) [pid 5056] close(16) = -1 EBADF (Bad file descriptor) [pid 5056] close(17) = -1 EBADF (Bad file descriptor) [pid 5056] close(18) = -1 EBADF (Bad file descriptor) [pid 5056] close(19) = -1 EBADF (Bad file descriptor) [pid 5056] close(20) = -1 EBADF (Bad file descriptor) [pid 5056] close(21) = -1 EBADF (Bad file descriptor) [pid 5056] close(22) = -1 EBADF (Bad file descriptor) [pid 5056] close(23) = -1 EBADF (Bad file descriptor) [pid 5056] close(24) = -1 EBADF (Bad file descriptor) [pid 5056] close(25) = -1 EBADF (Bad file descriptor) [pid 5056] close(26) = -1 EBADF (Bad file descriptor) [pid 5056] close(27) = -1 EBADF (Bad file descriptor) [pid 5056] close(28) = -1 EBADF (Bad file descriptor) [pid 5056] close(29) = -1 EBADF (Bad file descriptor) [pid 5056] exit_group(0) = ? [pid 5056] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=63 /* 0.63 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./53/binderfs") = 0 [pid 4994] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./53/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./53") = 0 [pid 4994] mkdir("./54", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 56 ./strace-static-x86_64: Process 5057 attached [pid 5057] chdir("./54") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5057] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5057] memfd_create("syzkaller", 0) = 4 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5057] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5057] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5057] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5057] close(4) = 0 [pid 5057] mkdir("./file0", 0777) = 0 [pid 5057] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5057] chdir("./file0") = 0 [pid 5057] ioctl(5, LOOP_CLR_FD) = 0 [pid 5057] close(5) = 0 [pid 5057] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5057] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5057] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [ 132.342137][ T5057] loop0: detected capacity change from 0 to 4096 [ 132.352521][ T5057] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 132.368534][ T5057] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5057] open("./file0", O_RDONLY) = 7 [pid 5057] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 132.392851][ T27] audit: type=1800 audit(1683090874.301:110): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 132.413690][ T27] audit: type=1804 audit(1683090874.311:111): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/54/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5057] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5057] close(3) = 0 [pid 5057] close(4) = 0 [pid 5057] close(5) = 0 [pid 5057] close(6) = 0 [pid 5057] close(7) = 0 [pid 5057] close(8) = -1 EBADF (Bad file descriptor) [pid 5057] close(9) = -1 EBADF (Bad file descriptor) [pid 5057] close(10) = -1 EBADF (Bad file descriptor) [pid 5057] close(11) = -1 EBADF (Bad file descriptor) [pid 5057] close(12) = -1 EBADF (Bad file descriptor) [pid 5057] close(13) = -1 EBADF (Bad file descriptor) [pid 5057] close(14) = -1 EBADF (Bad file descriptor) [pid 5057] close(15) = -1 EBADF (Bad file descriptor) [pid 5057] close(16) = -1 EBADF (Bad file descriptor) [pid 5057] close(17) = -1 EBADF (Bad file descriptor) [pid 5057] close(18) = -1 EBADF (Bad file descriptor) [pid 5057] close(19) = -1 EBADF (Bad file descriptor) [pid 5057] close(20) = -1 EBADF (Bad file descriptor) [pid 5057] close(21) = -1 EBADF (Bad file descriptor) [pid 5057] close(22) = -1 EBADF (Bad file descriptor) [pid 5057] close(23) = -1 EBADF (Bad file descriptor) [pid 5057] close(24) = -1 EBADF (Bad file descriptor) [pid 5057] close(25) = -1 EBADF (Bad file descriptor) [pid 5057] close(26) = -1 EBADF (Bad file descriptor) [pid 5057] close(27) = -1 EBADF (Bad file descriptor) [pid 5057] close(28) = -1 EBADF (Bad file descriptor) [pid 5057] close(29) = -1 EBADF (Bad file descriptor) [pid 5057] exit_group(0) = ? [pid 5057] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=61 /* 0.61 s */} --- [pid 4994] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./54/binderfs") = 0 [pid 4994] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./54/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./54") = 0 [pid 4994] mkdir("./55", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 57 ./strace-static-x86_64: Process 5058 attached [pid 5058] chdir("./55") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5058] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5058] memfd_create("syzkaller", 0) = 4 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5058] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5058] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5058] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5058] close(4) = 0 [pid 5058] mkdir("./file0", 0777) = 0 [pid 5058] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5058] chdir("./file0") = 0 [ 133.430126][ T5058] loop0: detected capacity change from 0 to 4096 [ 133.439710][ T5058] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 133.455452][ T5058] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5058] ioctl(5, LOOP_CLR_FD) = 0 [pid 5058] close(5) = 0 [pid 5058] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5058] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5058] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5058] open("./file0", O_RDONLY) = 7 [pid 5058] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 133.470979][ T27] audit: type=1800 audit(1683090875.381:112): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 133.498249][ T27] audit: type=1804 audit(1683090875.381:113): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/55/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5058] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5058] close(3) = 0 [pid 5058] close(4) = 0 [pid 5058] close(5) = 0 [pid 5058] close(6) = 0 [pid 5058] close(7) = 0 [pid 5058] close(8) = -1 EBADF (Bad file descriptor) [pid 5058] close(9) = -1 EBADF (Bad file descriptor) [pid 5058] close(10) = -1 EBADF (Bad file descriptor) [pid 5058] close(11) = -1 EBADF (Bad file descriptor) [pid 5058] close(12) = -1 EBADF (Bad file descriptor) [pid 5058] close(13) = -1 EBADF (Bad file descriptor) [pid 5058] close(14) = -1 EBADF (Bad file descriptor) [pid 5058] close(15) = -1 EBADF (Bad file descriptor) [pid 5058] close(16) = -1 EBADF (Bad file descriptor) [pid 5058] close(17) = -1 EBADF (Bad file descriptor) [pid 5058] close(18) = -1 EBADF (Bad file descriptor) [pid 5058] close(19) = -1 EBADF (Bad file descriptor) [pid 5058] close(20) = -1 EBADF (Bad file descriptor) [pid 5058] close(21) = -1 EBADF (Bad file descriptor) [pid 5058] close(22) = -1 EBADF (Bad file descriptor) [pid 5058] close(23) = -1 EBADF (Bad file descriptor) [pid 5058] close(24) = -1 EBADF (Bad file descriptor) [pid 5058] close(25) = -1 EBADF (Bad file descriptor) [pid 5058] close(26) = -1 EBADF (Bad file descriptor) [pid 5058] close(27) = -1 EBADF (Bad file descriptor) [pid 5058] close(28) = -1 EBADF (Bad file descriptor) [pid 5058] close(29) = -1 EBADF (Bad file descriptor) [pid 5058] exit_group(0) = ? [pid 5058] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 4994] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./55/binderfs") = 0 [pid 4994] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./55/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./55") = 0 [pid 4994] mkdir("./56", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached [pid 5059] chdir("./56" [pid 4994] <... clone resumed>, child_tidptr=0x55555716c5d0) = 58 [pid 5059] <... chdir resumed>) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5059] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5059] memfd_create("syzkaller", 0) = 4 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5059] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5059] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5059] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5059] close(4) = 0 [pid 5059] mkdir("./file0", 0777) = 0 [pid 5059] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5059] chdir("./file0") = 0 [pid 5059] ioctl(5, LOOP_CLR_FD) = 0 [pid 5059] close(5) = 0 [pid 5059] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5059] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 134.505936][ T5059] loop0: detected capacity change from 0 to 4096 [ 134.515958][ T5059] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 134.532192][ T5059] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5059] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5059] open("./file0", O_RDONLY) = 7 [pid 5059] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 134.553961][ T27] audit: type=1800 audit(1683090876.461:114): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 134.575056][ T27] audit: type=1804 audit(1683090876.461:115): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/56/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5059] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5059] close(3) = 0 [pid 5059] close(4) = 0 [pid 5059] close(5) = 0 [pid 5059] close(6) = 0 [pid 5059] close(7) = 0 [pid 5059] close(8) = -1 EBADF (Bad file descriptor) [pid 5059] close(9) = -1 EBADF (Bad file descriptor) [pid 5059] close(10) = -1 EBADF (Bad file descriptor) [pid 5059] close(11) = -1 EBADF (Bad file descriptor) [pid 5059] close(12) = -1 EBADF (Bad file descriptor) [pid 5059] close(13) = -1 EBADF (Bad file descriptor) [pid 5059] close(14) = -1 EBADF (Bad file descriptor) [pid 5059] close(15) = -1 EBADF (Bad file descriptor) [pid 5059] close(16) = -1 EBADF (Bad file descriptor) [pid 5059] close(17) = -1 EBADF (Bad file descriptor) [pid 5059] close(18) = -1 EBADF (Bad file descriptor) [pid 5059] close(19) = -1 EBADF (Bad file descriptor) [pid 5059] close(20) = -1 EBADF (Bad file descriptor) [pid 5059] close(21) = -1 EBADF (Bad file descriptor) [pid 5059] close(22) = -1 EBADF (Bad file descriptor) [pid 5059] close(23) = -1 EBADF (Bad file descriptor) [pid 5059] close(24) = -1 EBADF (Bad file descriptor) [pid 5059] close(25) = -1 EBADF (Bad file descriptor) [pid 5059] close(26) = -1 EBADF (Bad file descriptor) [pid 5059] close(27) = -1 EBADF (Bad file descriptor) [pid 5059] close(28) = -1 EBADF (Bad file descriptor) [pid 5059] close(29) = -1 EBADF (Bad file descriptor) [pid 5059] exit_group(0) = ? [pid 5059] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./56/binderfs") = 0 [pid 4994] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./56/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./56") = 0 [pid 4994] mkdir("./57", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 59 ./strace-static-x86_64: Process 5060 attached [pid 5060] chdir("./57") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5060] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5060] memfd_create("syzkaller", 0) = 4 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5060] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5060] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5060] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5060] close(4) = 0 [pid 5060] mkdir("./file0", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(5, LOOP_CLR_FD) = 0 [pid 5060] close(5) = 0 [pid 5060] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5060] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 135.592963][ T5060] loop0: detected capacity change from 0 to 4096 [ 135.603426][ T5060] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 135.621124][ T5060] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5060] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5060] open("./file0", O_RDONLY) = 7 [pid 5060] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 135.652287][ T27] audit: type=1800 audit(1683090877.561:116): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 135.672835][ T27] audit: type=1804 audit(1683090877.571:117): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/57/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5060] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5060] close(3) = 0 [pid 5060] close(4) = 0 [pid 5060] close(5) = 0 [pid 5060] close(6) = 0 [pid 5060] close(7) = 0 [pid 5060] close(8) = -1 EBADF (Bad file descriptor) [pid 5060] close(9) = -1 EBADF (Bad file descriptor) [pid 5060] close(10) = -1 EBADF (Bad file descriptor) [pid 5060] close(11) = -1 EBADF (Bad file descriptor) [pid 5060] close(12) = -1 EBADF (Bad file descriptor) [pid 5060] close(13) = -1 EBADF (Bad file descriptor) [pid 5060] close(14) = -1 EBADF (Bad file descriptor) [pid 5060] close(15) = -1 EBADF (Bad file descriptor) [pid 5060] close(16) = -1 EBADF (Bad file descriptor) [pid 5060] close(17) = -1 EBADF (Bad file descriptor) [pid 5060] close(18) = -1 EBADF (Bad file descriptor) [pid 5060] close(19) = -1 EBADF (Bad file descriptor) [pid 5060] close(20) = -1 EBADF (Bad file descriptor) [pid 5060] close(21) = -1 EBADF (Bad file descriptor) [pid 5060] close(22) = -1 EBADF (Bad file descriptor) [pid 5060] close(23) = -1 EBADF (Bad file descriptor) [pid 5060] close(24) = -1 EBADF (Bad file descriptor) [pid 5060] close(25) = -1 EBADF (Bad file descriptor) [pid 5060] close(26) = -1 EBADF (Bad file descriptor) [pid 5060] close(27) = -1 EBADF (Bad file descriptor) [pid 5060] close(28) = -1 EBADF (Bad file descriptor) [pid 5060] close(29) = -1 EBADF (Bad file descriptor) [pid 5060] exit_group(0) = ? [pid 5060] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./57/binderfs") = 0 [pid 4994] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./57/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./57") = 0 [pid 4994] mkdir("./58", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 60 ./strace-static-x86_64: Process 5061 attached [pid 5061] chdir("./58") = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5061] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5061] memfd_create("syzkaller", 0) = 4 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5061] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5061] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5061] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5061] close(4) = 0 [pid 5061] mkdir("./file0", 0777) = 0 [pid 5061] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5061] chdir("./file0") = 0 [pid 5061] ioctl(5, LOOP_CLR_FD) = 0 [pid 5061] close(5) = 0 [pid 5061] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5061] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 136.706487][ T5061] loop0: detected capacity change from 0 to 4096 [ 136.715956][ T5061] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 136.733726][ T5061] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5061] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5061] open("./file0", O_RDONLY) = 7 [pid 5061] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 136.749951][ T27] audit: type=1800 audit(1683090878.661:118): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 136.772388][ T27] audit: type=1804 audit(1683090878.681:119): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/58/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5061] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5061] close(3) = 0 [pid 5061] close(4) = 0 [pid 5061] close(5) = 0 [pid 5061] close(6) = 0 [pid 5061] close(7) = 0 [pid 5061] close(8) = -1 EBADF (Bad file descriptor) [pid 5061] close(9) = -1 EBADF (Bad file descriptor) [pid 5061] close(10) = -1 EBADF (Bad file descriptor) [pid 5061] close(11) = -1 EBADF (Bad file descriptor) [pid 5061] close(12) = -1 EBADF (Bad file descriptor) [pid 5061] close(13) = -1 EBADF (Bad file descriptor) [pid 5061] close(14) = -1 EBADF (Bad file descriptor) [pid 5061] close(15) = -1 EBADF (Bad file descriptor) [pid 5061] close(16) = -1 EBADF (Bad file descriptor) [pid 5061] close(17) = -1 EBADF (Bad file descriptor) [pid 5061] close(18) = -1 EBADF (Bad file descriptor) [pid 5061] close(19) = -1 EBADF (Bad file descriptor) [pid 5061] close(20) = -1 EBADF (Bad file descriptor) [pid 5061] close(21) = -1 EBADF (Bad file descriptor) [pid 5061] close(22) = -1 EBADF (Bad file descriptor) [pid 5061] close(23) = -1 EBADF (Bad file descriptor) [pid 5061] close(24) = -1 EBADF (Bad file descriptor) [pid 5061] close(25) = -1 EBADF (Bad file descriptor) [pid 5061] close(26) = -1 EBADF (Bad file descriptor) [pid 5061] close(27) = -1 EBADF (Bad file descriptor) [pid 5061] close(28) = -1 EBADF (Bad file descriptor) [pid 5061] close(29) = -1 EBADF (Bad file descriptor) [pid 5061] exit_group(0) = ? [pid 5061] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./58/binderfs") = 0 [pid 4994] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./58/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./58") = 0 [pid 4994] mkdir("./59", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 61 ./strace-static-x86_64: Process 5062 attached [pid 5062] chdir("./59") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5062] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5062] memfd_create("syzkaller", 0) = 4 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5062] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5062] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5062] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5062] close(4) = 0 [pid 5062] mkdir("./file0", 0777) = 0 [pid 5062] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5062] chdir("./file0") = 0 [pid 5062] ioctl(5, LOOP_CLR_FD) = 0 [pid 5062] close(5) = 0 [ 137.856277][ T5062] loop0: detected capacity change from 0 to 4096 [ 137.866908][ T5062] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 137.884889][ T5062] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5062] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5062] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5062] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5062] open("./file0", O_RDONLY) = 7 [pid 5062] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 137.899429][ T27] audit: type=1800 audit(1683090879.811:120): pid=5062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 137.932311][ T27] audit: type=1804 audit(1683090879.811:121): pid=5062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/59/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5062] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5062] close(3) = 0 [pid 5062] close(4) = 0 [pid 5062] close(5) = 0 [pid 5062] close(6) = 0 [pid 5062] close(7) = 0 [pid 5062] close(8) = -1 EBADF (Bad file descriptor) [pid 5062] close(9) = -1 EBADF (Bad file descriptor) [pid 5062] close(10) = -1 EBADF (Bad file descriptor) [pid 5062] close(11) = -1 EBADF (Bad file descriptor) [pid 5062] close(12) = -1 EBADF (Bad file descriptor) [pid 5062] close(13) = -1 EBADF (Bad file descriptor) [pid 5062] close(14) = -1 EBADF (Bad file descriptor) [pid 5062] close(15) = -1 EBADF (Bad file descriptor) [pid 5062] close(16) = -1 EBADF (Bad file descriptor) [pid 5062] close(17) = -1 EBADF (Bad file descriptor) [pid 5062] close(18) = -1 EBADF (Bad file descriptor) [pid 5062] close(19) = -1 EBADF (Bad file descriptor) [pid 5062] close(20) = -1 EBADF (Bad file descriptor) [pid 5062] close(21) = -1 EBADF (Bad file descriptor) [pid 5062] close(22) = -1 EBADF (Bad file descriptor) [pid 5062] close(23) = -1 EBADF (Bad file descriptor) [pid 5062] close(24) = -1 EBADF (Bad file descriptor) [pid 5062] close(25) = -1 EBADF (Bad file descriptor) [pid 5062] close(26) = -1 EBADF (Bad file descriptor) [pid 5062] close(27) = -1 EBADF (Bad file descriptor) [pid 5062] close(28) = -1 EBADF (Bad file descriptor) [pid 5062] close(29) = -1 EBADF (Bad file descriptor) [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./59/binderfs") = 0 [pid 4994] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./59/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./59") = 0 [pid 4994] mkdir("./60", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 62 ./strace-static-x86_64: Process 5063 attached [pid 5063] chdir("./60") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5063] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5063] memfd_create("syzkaller", 0) = 4 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5063] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5063] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5063] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5063] close(4) = 0 [pid 5063] mkdir("./file0", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5063] chdir("./file0") = 0 [pid 5063] ioctl(5, LOOP_CLR_FD) = 0 [pid 5063] close(5) = 0 [pid 5063] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5063] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 139.033702][ T5063] loop0: detected capacity change from 0 to 4096 [ 139.045133][ T5063] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 139.064628][ T5063] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5063] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5063] open("./file0", O_RDONLY) = 7 [pid 5063] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 139.083627][ T27] audit: type=1800 audit(1683090880.991:122): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 139.104518][ T27] audit: type=1804 audit(1683090880.991:123): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/60/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5063] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5063] close(3) = 0 [pid 5063] close(4) = 0 [pid 5063] close(5) = 0 [pid 5063] close(6) = 0 [pid 5063] close(7) = 0 [pid 5063] close(8) = -1 EBADF (Bad file descriptor) [pid 5063] close(9) = -1 EBADF (Bad file descriptor) [pid 5063] close(10) = -1 EBADF (Bad file descriptor) [pid 5063] close(11) = -1 EBADF (Bad file descriptor) [pid 5063] close(12) = -1 EBADF (Bad file descriptor) [pid 5063] close(13) = -1 EBADF (Bad file descriptor) [pid 5063] close(14) = -1 EBADF (Bad file descriptor) [pid 5063] close(15) = -1 EBADF (Bad file descriptor) [pid 5063] close(16) = -1 EBADF (Bad file descriptor) [pid 5063] close(17) = -1 EBADF (Bad file descriptor) [pid 5063] close(18) = -1 EBADF (Bad file descriptor) [pid 5063] close(19) = -1 EBADF (Bad file descriptor) [pid 5063] close(20) = -1 EBADF (Bad file descriptor) [pid 5063] close(21) = -1 EBADF (Bad file descriptor) [pid 5063] close(22) = -1 EBADF (Bad file descriptor) [pid 5063] close(23) = -1 EBADF (Bad file descriptor) [pid 5063] close(24) = -1 EBADF (Bad file descriptor) [pid 5063] close(25) = -1 EBADF (Bad file descriptor) [pid 5063] close(26) = -1 EBADF (Bad file descriptor) [pid 5063] close(27) = -1 EBADF (Bad file descriptor) [pid 5063] close(28) = -1 EBADF (Bad file descriptor) [pid 5063] close(29) = -1 EBADF (Bad file descriptor) [pid 5063] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./60/binderfs") = 0 [pid 4994] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./60/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./60") = 0 [pid 4994] mkdir("./61", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 63 ./strace-static-x86_64: Process 5064 attached [pid 5064] chdir("./61") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5064] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5064] memfd_create("syzkaller", 0) = 4 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5064] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5064] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5064] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5064] close(4) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(5, LOOP_CLR_FD) = 0 [pid 5064] close(5) = 0 [pid 5064] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5064] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 140.154156][ T5064] loop0: detected capacity change from 0 to 4096 [ 140.165441][ T5064] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 140.183373][ T5064] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5064] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5064] open("./file0", O_RDONLY) = 7 [pid 5064] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 140.211565][ T27] audit: type=1800 audit(1683090882.121:124): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 140.232285][ T27] audit: type=1804 audit(1683090882.121:125): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/61/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5064] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5064] close(3) = 0 [pid 5064] close(4) = 0 [pid 5064] close(5) = 0 [pid 5064] close(6) = 0 [pid 5064] close(7) = 0 [pid 5064] close(8) = -1 EBADF (Bad file descriptor) [pid 5064] close(9) = -1 EBADF (Bad file descriptor) [pid 5064] close(10) = -1 EBADF (Bad file descriptor) [pid 5064] close(11) = -1 EBADF (Bad file descriptor) [pid 5064] close(12) = -1 EBADF (Bad file descriptor) [pid 5064] close(13) = -1 EBADF (Bad file descriptor) [pid 5064] close(14) = -1 EBADF (Bad file descriptor) [pid 5064] close(15) = -1 EBADF (Bad file descriptor) [pid 5064] close(16) = -1 EBADF (Bad file descriptor) [pid 5064] close(17) = -1 EBADF (Bad file descriptor) [pid 5064] close(18) = -1 EBADF (Bad file descriptor) [pid 5064] close(19) = -1 EBADF (Bad file descriptor) [pid 5064] close(20) = -1 EBADF (Bad file descriptor) [pid 5064] close(21) = -1 EBADF (Bad file descriptor) [pid 5064] close(22) = -1 EBADF (Bad file descriptor) [pid 5064] close(23) = -1 EBADF (Bad file descriptor) [pid 5064] close(24) = -1 EBADF (Bad file descriptor) [pid 5064] close(25) = -1 EBADF (Bad file descriptor) [pid 5064] close(26) = -1 EBADF (Bad file descriptor) [pid 5064] close(27) = -1 EBADF (Bad file descriptor) [pid 5064] close(28) = -1 EBADF (Bad file descriptor) [pid 5064] close(29) = -1 EBADF (Bad file descriptor) [pid 5064] exit_group(0) = ? [pid 5064] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=55 /* 0.55 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./61/binderfs") = 0 [pid 4994] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./61/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./61") = 0 [pid 4994] mkdir("./62", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 64 ./strace-static-x86_64: Process 5065 attached [pid 5065] chdir("./62") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5065] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5065] memfd_create("syzkaller", 0) = 4 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5065] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5065] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5065] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(5, LOOP_CLR_FD) = 0 [pid 5065] close(5) = 0 [pid 5065] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5065] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 141.267623][ T5065] loop0: detected capacity change from 0 to 4096 [ 141.277756][ T5065] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 141.294196][ T5065] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5065] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5065] open("./file0", O_RDONLY) = 7 [pid 5065] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 141.319269][ T27] audit: type=1800 audit(1683090883.231:126): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 141.341015][ T27] audit: type=1804 audit(1683090883.231:127): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/62/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5065] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5065] close(3) = 0 [pid 5065] close(4) = 0 [pid 5065] close(5) = 0 [pid 5065] close(6) = 0 [pid 5065] close(7) = 0 [pid 5065] close(8) = -1 EBADF (Bad file descriptor) [pid 5065] close(9) = -1 EBADF (Bad file descriptor) [pid 5065] close(10) = -1 EBADF (Bad file descriptor) [pid 5065] close(11) = -1 EBADF (Bad file descriptor) [pid 5065] close(12) = -1 EBADF (Bad file descriptor) [pid 5065] close(13) = -1 EBADF (Bad file descriptor) [pid 5065] close(14) = -1 EBADF (Bad file descriptor) [pid 5065] close(15) = -1 EBADF (Bad file descriptor) [pid 5065] close(16) = -1 EBADF (Bad file descriptor) [pid 5065] close(17) = -1 EBADF (Bad file descriptor) [pid 5065] close(18) = -1 EBADF (Bad file descriptor) [pid 5065] close(19) = -1 EBADF (Bad file descriptor) [pid 5065] close(20) = -1 EBADF (Bad file descriptor) [pid 5065] close(21) = -1 EBADF (Bad file descriptor) [pid 5065] close(22) = -1 EBADF (Bad file descriptor) [pid 5065] close(23) = -1 EBADF (Bad file descriptor) [pid 5065] close(24) = -1 EBADF (Bad file descriptor) [pid 5065] close(25) = -1 EBADF (Bad file descriptor) [pid 5065] close(26) = -1 EBADF (Bad file descriptor) [pid 5065] close(27) = -1 EBADF (Bad file descriptor) [pid 5065] close(28) = -1 EBADF (Bad file descriptor) [pid 5065] close(29) = -1 EBADF (Bad file descriptor) [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=54 /* 0.54 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./62/binderfs") = 0 [pid 4994] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./62/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./62") = 0 [pid 4994] mkdir("./63", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 65 ./strace-static-x86_64: Process 5066 attached [pid 5066] chdir("./63") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5066] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5066] memfd_create("syzkaller", 0) = 4 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5066] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5066] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5066] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5066] close(4) = 0 [pid 5066] mkdir("./file0", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5066] chdir("./file0") = 0 [pid 5066] ioctl(5, LOOP_CLR_FD) = 0 [pid 5066] close(5) = 0 [pid 5066] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5066] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 142.378375][ T5066] loop0: detected capacity change from 0 to 4096 [ 142.388368][ T5066] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 142.405827][ T5066] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5066] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5066] open("./file0", O_RDONLY) = 7 [pid 5066] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 142.433314][ T27] audit: type=1800 audit(1683090884.341:128): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 142.464935][ T27] audit: type=1804 audit(1683090884.341:129): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/63/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5066] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5066] close(3) = 0 [pid 5066] close(4) = 0 [pid 5066] close(5) = 0 [pid 5066] close(6) = 0 [pid 5066] close(7) = 0 [pid 5066] close(8) = -1 EBADF (Bad file descriptor) [pid 5066] close(9) = -1 EBADF (Bad file descriptor) [pid 5066] close(10) = -1 EBADF (Bad file descriptor) [pid 5066] close(11) = -1 EBADF (Bad file descriptor) [pid 5066] close(12) = -1 EBADF (Bad file descriptor) [pid 5066] close(13) = -1 EBADF (Bad file descriptor) [pid 5066] close(14) = -1 EBADF (Bad file descriptor) [pid 5066] close(15) = -1 EBADF (Bad file descriptor) [pid 5066] close(16) = -1 EBADF (Bad file descriptor) [pid 5066] close(17) = -1 EBADF (Bad file descriptor) [pid 5066] close(18) = -1 EBADF (Bad file descriptor) [pid 5066] close(19) = -1 EBADF (Bad file descriptor) [pid 5066] close(20) = -1 EBADF (Bad file descriptor) [pid 5066] close(21) = -1 EBADF (Bad file descriptor) [pid 5066] close(22) = -1 EBADF (Bad file descriptor) [pid 5066] close(23) = -1 EBADF (Bad file descriptor) [pid 5066] close(24) = -1 EBADF (Bad file descriptor) [pid 5066] close(25) = -1 EBADF (Bad file descriptor) [pid 5066] close(26) = -1 EBADF (Bad file descriptor) [pid 5066] close(27) = -1 EBADF (Bad file descriptor) [pid 5066] close(28) = -1 EBADF (Bad file descriptor) [pid 5066] close(29) = -1 EBADF (Bad file descriptor) [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 4994] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./63/binderfs") = 0 [pid 4994] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./63/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./63") = 0 [pid 4994] mkdir("./64", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 66 ./strace-static-x86_64: Process 5067 attached [pid 5067] chdir("./64") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5067] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5067] memfd_create("syzkaller", 0) = 4 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5067] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5067] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5067] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5067] close(4) = 0 [pid 5067] mkdir("./file0", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(5, LOOP_CLR_FD) = 0 [pid 5067] close(5) = 0 [pid 5067] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5067] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 143.498176][ T5067] loop0: detected capacity change from 0 to 4096 [ 143.508038][ T5067] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 143.525075][ T5067] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5067] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5067] open("./file0", O_RDONLY) = 7 [pid 5067] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 143.549509][ T27] audit: type=1800 audit(1683090885.461:130): pid=5067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 143.571356][ T27] audit: type=1804 audit(1683090885.481:131): pid=5067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/64/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5067] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5067] close(3) = 0 [pid 5067] close(4) = 0 [pid 5067] close(5) = 0 [pid 5067] close(6) = 0 [pid 5067] close(7) = 0 [pid 5067] close(8) = -1 EBADF (Bad file descriptor) [pid 5067] close(9) = -1 EBADF (Bad file descriptor) [pid 5067] close(10) = -1 EBADF (Bad file descriptor) [pid 5067] close(11) = -1 EBADF (Bad file descriptor) [pid 5067] close(12) = -1 EBADF (Bad file descriptor) [pid 5067] close(13) = -1 EBADF (Bad file descriptor) [pid 5067] close(14) = -1 EBADF (Bad file descriptor) [pid 5067] close(15) = -1 EBADF (Bad file descriptor) [pid 5067] close(16) = -1 EBADF (Bad file descriptor) [pid 5067] close(17) = -1 EBADF (Bad file descriptor) [pid 5067] close(18) = -1 EBADF (Bad file descriptor) [pid 5067] close(19) = -1 EBADF (Bad file descriptor) [pid 5067] close(20) = -1 EBADF (Bad file descriptor) [pid 5067] close(21) = -1 EBADF (Bad file descriptor) [pid 5067] close(22) = -1 EBADF (Bad file descriptor) [pid 5067] close(23) = -1 EBADF (Bad file descriptor) [pid 5067] close(24) = -1 EBADF (Bad file descriptor) [pid 5067] close(25) = -1 EBADF (Bad file descriptor) [pid 5067] close(26) = -1 EBADF (Bad file descriptor) [pid 5067] close(27) = -1 EBADF (Bad file descriptor) [pid 5067] close(28) = -1 EBADF (Bad file descriptor) [pid 5067] close(29) = -1 EBADF (Bad file descriptor) [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=57 /* 0.57 s */} --- [pid 4994] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./64/binderfs") = 0 [pid 4994] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./64/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./64") = 0 [pid 4994] mkdir("./65", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 67 ./strace-static-x86_64: Process 5068 attached [pid 5068] chdir("./65") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5068] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5068] memfd_create("syzkaller", 0) = 4 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5068] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5068] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5068] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5068] close(4) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [pid 5068] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(5, LOOP_CLR_FD) = 0 [pid 5068] close(5) = 0 [pid 5068] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5068] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5068] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5068] open("./file0", O_RDONLY) = 7 [pid 5068] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 144.599505][ T5068] loop0: detected capacity change from 0 to 4096 [ 144.610429][ T5068] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 144.627386][ T5068] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 144.646606][ T27] audit: type=1800 audit(1683090886.551:132): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 144.680985][ T27] audit: type=1804 audit(1683090886.561:133): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/65/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5068] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5068] close(3) = 0 [pid 5068] close(4) = 0 [pid 5068] close(5) = 0 [pid 5068] close(6) = 0 [pid 5068] close(7) = 0 [pid 5068] close(8) = -1 EBADF (Bad file descriptor) [pid 5068] close(9) = -1 EBADF (Bad file descriptor) [pid 5068] close(10) = -1 EBADF (Bad file descriptor) [pid 5068] close(11) = -1 EBADF (Bad file descriptor) [pid 5068] close(12) = -1 EBADF (Bad file descriptor) [pid 5068] close(13) = -1 EBADF (Bad file descriptor) [pid 5068] close(14) = -1 EBADF (Bad file descriptor) [pid 5068] close(15) = -1 EBADF (Bad file descriptor) [pid 5068] close(16) = -1 EBADF (Bad file descriptor) [pid 5068] close(17) = -1 EBADF (Bad file descriptor) [pid 5068] close(18) = -1 EBADF (Bad file descriptor) [pid 5068] close(19) = -1 EBADF (Bad file descriptor) [pid 5068] close(20) = -1 EBADF (Bad file descriptor) [pid 5068] close(21) = -1 EBADF (Bad file descriptor) [pid 5068] close(22) = -1 EBADF (Bad file descriptor) [pid 5068] close(23) = -1 EBADF (Bad file descriptor) [pid 5068] close(24) = -1 EBADF (Bad file descriptor) [pid 5068] close(25) = -1 EBADF (Bad file descriptor) [pid 5068] close(26) = -1 EBADF (Bad file descriptor) [pid 5068] close(27) = -1 EBADF (Bad file descriptor) [pid 5068] close(28) = -1 EBADF (Bad file descriptor) [pid 5068] close(29) = -1 EBADF (Bad file descriptor) [pid 5068] exit_group(0) = ? [pid 5068] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=64 /* 0.64 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./65/binderfs") = 0 [pid 4994] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./65/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./65") = 0 [pid 4994] mkdir("./66", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 68 ./strace-static-x86_64: Process 5069 attached [pid 5069] chdir("./66") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5069] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5069] memfd_create("syzkaller", 0) = 4 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5069] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5069] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5069] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./file0", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5069] chdir("./file0") = 0 [pid 5069] ioctl(5, LOOP_CLR_FD) = 0 [pid 5069] close(5) = 0 [pid 5069] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5069] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 145.689372][ T5069] loop0: detected capacity change from 0 to 4096 [ 145.699634][ T5069] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 145.717260][ T5069] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5069] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5069] open("./file0", O_RDONLY) = 7 [pid 5069] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 145.741808][ T27] audit: type=1800 audit(1683090887.651:134): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 145.766020][ T27] audit: type=1804 audit(1683090887.681:135): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/66/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5069] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5069] close(3) = 0 [pid 5069] close(4) = 0 [pid 5069] close(5) = 0 [pid 5069] close(6) = 0 [pid 5069] close(7) = 0 [pid 5069] close(8) = -1 EBADF (Bad file descriptor) [pid 5069] close(9) = -1 EBADF (Bad file descriptor) [pid 5069] close(10) = -1 EBADF (Bad file descriptor) [pid 5069] close(11) = -1 EBADF (Bad file descriptor) [pid 5069] close(12) = -1 EBADF (Bad file descriptor) [pid 5069] close(13) = -1 EBADF (Bad file descriptor) [pid 5069] close(14) = -1 EBADF (Bad file descriptor) [pid 5069] close(15) = -1 EBADF (Bad file descriptor) [pid 5069] close(16) = -1 EBADF (Bad file descriptor) [pid 5069] close(17) = -1 EBADF (Bad file descriptor) [pid 5069] close(18) = -1 EBADF (Bad file descriptor) [pid 5069] close(19) = -1 EBADF (Bad file descriptor) [pid 5069] close(20) = -1 EBADF (Bad file descriptor) [pid 5069] close(21) = -1 EBADF (Bad file descriptor) [pid 5069] close(22) = -1 EBADF (Bad file descriptor) [pid 5069] close(23) = -1 EBADF (Bad file descriptor) [pid 5069] close(24) = -1 EBADF (Bad file descriptor) [pid 5069] close(25) = -1 EBADF (Bad file descriptor) [pid 5069] close(26) = -1 EBADF (Bad file descriptor) [pid 5069] close(27) = -1 EBADF (Bad file descriptor) [pid 5069] close(28) = -1 EBADF (Bad file descriptor) [pid 5069] close(29) = -1 EBADF (Bad file descriptor) [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=63 /* 0.63 s */} --- [pid 4994] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./66/binderfs") = 0 [pid 4994] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./66/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./66") = 0 [pid 4994] mkdir("./67", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 69 ./strace-static-x86_64: Process 5070 attached [pid 5070] chdir("./67") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5070] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5070] memfd_create("syzkaller", 0) = 4 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5070] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5070] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5070] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5070] close(4) = 0 [pid 5070] mkdir("./file0", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(5, LOOP_CLR_FD) = 0 [pid 5070] close(5) = 0 [pid 5070] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5070] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 146.826425][ T5070] loop0: detected capacity change from 0 to 4096 [ 146.836242][ T5070] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 146.851315][ T5070] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5070] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5070] open("./file0", O_RDONLY) = 7 [pid 5070] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 146.878152][ T27] audit: type=1800 audit(1683090888.791:136): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 146.899566][ T27] audit: type=1804 audit(1683090888.791:137): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/67/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5070] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5070] close(3) = 0 [pid 5070] close(4) = 0 [pid 5070] close(5) = 0 [pid 5070] close(6) = 0 [pid 5070] close(7) = 0 [pid 5070] close(8) = -1 EBADF (Bad file descriptor) [pid 5070] close(9) = -1 EBADF (Bad file descriptor) [pid 5070] close(10) = -1 EBADF (Bad file descriptor) [pid 5070] close(11) = -1 EBADF (Bad file descriptor) [pid 5070] close(12) = -1 EBADF (Bad file descriptor) [pid 5070] close(13) = -1 EBADF (Bad file descriptor) [pid 5070] close(14) = -1 EBADF (Bad file descriptor) [pid 5070] close(15) = -1 EBADF (Bad file descriptor) [pid 5070] close(16) = -1 EBADF (Bad file descriptor) [pid 5070] close(17) = -1 EBADF (Bad file descriptor) [pid 5070] close(18) = -1 EBADF (Bad file descriptor) [pid 5070] close(19) = -1 EBADF (Bad file descriptor) [pid 5070] close(20) = -1 EBADF (Bad file descriptor) [pid 5070] close(21) = -1 EBADF (Bad file descriptor) [pid 5070] close(22) = -1 EBADF (Bad file descriptor) [pid 5070] close(23) = -1 EBADF (Bad file descriptor) [pid 5070] close(24) = -1 EBADF (Bad file descriptor) [pid 5070] close(25) = -1 EBADF (Bad file descriptor) [pid 5070] close(26) = -1 EBADF (Bad file descriptor) [pid 5070] close(27) = -1 EBADF (Bad file descriptor) [pid 5070] close(28) = -1 EBADF (Bad file descriptor) [pid 5070] close(29) = -1 EBADF (Bad file descriptor) [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- [pid 4994] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./67/binderfs") = 0 [pid 4994] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./67/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./67") = 0 [pid 4994] mkdir("./68", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 70 ./strace-static-x86_64: Process 5071 attached [pid 5071] chdir("./68") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5071] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5071] memfd_create("syzkaller", 0) = 4 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5071] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5071] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5071] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5071] close(4) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(5, LOOP_CLR_FD) = 0 [pid 5071] close(5) = 0 [pid 5071] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5071] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 147.897044][ T5071] loop0: detected capacity change from 0 to 4096 [ 147.906928][ T5071] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 147.924032][ T5071] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5071] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5071] open("./file0", O_RDONLY) = 7 [pid 5071] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 147.941235][ T27] audit: type=1800 audit(1683090889.851:138): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 147.963237][ T27] audit: type=1804 audit(1683090889.851:139): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/68/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5071] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5071] close(3) = 0 [pid 5071] close(4) = 0 [pid 5071] close(5) = 0 [pid 5071] close(6) = 0 [pid 5071] close(7) = 0 [pid 5071] close(8) = -1 EBADF (Bad file descriptor) [pid 5071] close(9) = -1 EBADF (Bad file descriptor) [pid 5071] close(10) = -1 EBADF (Bad file descriptor) [pid 5071] close(11) = -1 EBADF (Bad file descriptor) [pid 5071] close(12) = -1 EBADF (Bad file descriptor) [pid 5071] close(13) = -1 EBADF (Bad file descriptor) [pid 5071] close(14) = -1 EBADF (Bad file descriptor) [pid 5071] close(15) = -1 EBADF (Bad file descriptor) [pid 5071] close(16) = -1 EBADF (Bad file descriptor) [pid 5071] close(17) = -1 EBADF (Bad file descriptor) [pid 5071] close(18) = -1 EBADF (Bad file descriptor) [pid 5071] close(19) = -1 EBADF (Bad file descriptor) [pid 5071] close(20) = -1 EBADF (Bad file descriptor) [pid 5071] close(21) = -1 EBADF (Bad file descriptor) [pid 5071] close(22) = -1 EBADF (Bad file descriptor) [pid 5071] close(23) = -1 EBADF (Bad file descriptor) [pid 5071] close(24) = -1 EBADF (Bad file descriptor) [pid 5071] close(25) = -1 EBADF (Bad file descriptor) [pid 5071] close(26) = -1 EBADF (Bad file descriptor) [pid 5071] close(27) = -1 EBADF (Bad file descriptor) [pid 5071] close(28) = -1 EBADF (Bad file descriptor) [pid 5071] close(29) = -1 EBADF (Bad file descriptor) [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 4994] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./68/binderfs") = 0 [pid 4994] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./68/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./68") = 0 [pid 4994] mkdir("./69", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 71 ./strace-static-x86_64: Process 5072 attached [pid 5072] chdir("./69") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5072] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5072] memfd_create("syzkaller", 0) = 4 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5072] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5072] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5072] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5072] close(4) = 0 [pid 5072] mkdir("./file0", 0777) = 0 [pid 5072] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5072] chdir("./file0") = 0 [pid 5072] ioctl(5, LOOP_CLR_FD) = 0 [pid 5072] close(5) = 0 [pid 5072] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 148.961168][ T5072] loop0: detected capacity change from 0 to 4096 [ 148.971397][ T5072] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 148.988984][ T5072] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5072] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5072] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5072] open("./file0", O_RDONLY) = 7 [pid 5072] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 149.009305][ T27] audit: type=1800 audit(1683090890.921:140): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 149.030210][ T27] audit: type=1804 audit(1683090890.921:141): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/69/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5072] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5072] close(3) = 0 [pid 5072] close(4) = 0 [pid 5072] close(5) = 0 [pid 5072] close(6) = 0 [pid 5072] close(7) = 0 [pid 5072] close(8) = -1 EBADF (Bad file descriptor) [pid 5072] close(9) = -1 EBADF (Bad file descriptor) [pid 5072] close(10) = -1 EBADF (Bad file descriptor) [pid 5072] close(11) = -1 EBADF (Bad file descriptor) [pid 5072] close(12) = -1 EBADF (Bad file descriptor) [pid 5072] close(13) = -1 EBADF (Bad file descriptor) [pid 5072] close(14) = -1 EBADF (Bad file descriptor) [pid 5072] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] close(16) = -1 EBADF (Bad file descriptor) [pid 5072] close(17) = -1 EBADF (Bad file descriptor) [pid 5072] close(18) = -1 EBADF (Bad file descriptor) [pid 5072] close(19) = -1 EBADF (Bad file descriptor) [pid 5072] close(20) = -1 EBADF (Bad file descriptor) [pid 5072] close(21) = -1 EBADF (Bad file descriptor) [pid 5072] close(22) = -1 EBADF (Bad file descriptor) [pid 5072] close(23) = -1 EBADF (Bad file descriptor) [pid 5072] close(24) = -1 EBADF (Bad file descriptor) [pid 5072] close(25) = -1 EBADF (Bad file descriptor) [pid 5072] close(26) = -1 EBADF (Bad file descriptor) [pid 5072] close(27) = -1 EBADF (Bad file descriptor) [pid 5072] close(28) = -1 EBADF (Bad file descriptor) [pid 5072] close(29) = -1 EBADF (Bad file descriptor) [pid 5072] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=53 /* 0.53 s */} --- [pid 4994] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./69/binderfs") = 0 [pid 4994] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./69/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./69") = 0 [pid 4994] mkdir("./70", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 72 ./strace-static-x86_64: Process 5073 attached [pid 5073] chdir("./70") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5073] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5073] memfd_create("syzkaller", 0) = 4 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5073] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5073] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5073] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5073] close(4) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(5, LOOP_CLR_FD) = 0 [pid 5073] close(5) = 0 [pid 5073] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 150.074056][ T5073] loop0: detected capacity change from 0 to 4096 [ 150.083824][ T5073] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 150.101047][ T5073] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5073] renameat2(5, "./file0", 5, "./bus", 0) = 0 [pid 5073] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5073] open("./file0", O_RDONLY) = 7 [pid 5073] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 150.113901][ T27] audit: type=1800 audit(1683090892.021:142): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 150.147516][ T27] audit: type=1804 audit(1683090892.021:143): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/70/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5073] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5073] close(3) = 0 [pid 5073] close(4) = 0 [pid 5073] close(5) = 0 [pid 5073] close(6) = 0 [pid 5073] close(7) = 0 [pid 5073] close(8) = -1 EBADF (Bad file descriptor) [pid 5073] close(9) = -1 EBADF (Bad file descriptor) [pid 5073] close(10) = -1 EBADF (Bad file descriptor) [pid 5073] close(11) = -1 EBADF (Bad file descriptor) [pid 5073] close(12) = -1 EBADF (Bad file descriptor) [pid 5073] close(13) = -1 EBADF (Bad file descriptor) [pid 5073] close(14) = -1 EBADF (Bad file descriptor) [pid 5073] close(15) = -1 EBADF (Bad file descriptor) [pid 5073] close(16) = -1 EBADF (Bad file descriptor) [pid 5073] close(17) = -1 EBADF (Bad file descriptor) [pid 5073] close(18) = -1 EBADF (Bad file descriptor) [pid 5073] close(19) = -1 EBADF (Bad file descriptor) [pid 5073] close(20) = -1 EBADF (Bad file descriptor) [pid 5073] close(21) = -1 EBADF (Bad file descriptor) [pid 5073] close(22) = -1 EBADF (Bad file descriptor) [pid 5073] close(23) = -1 EBADF (Bad file descriptor) [pid 5073] close(24) = -1 EBADF (Bad file descriptor) [pid 5073] close(25) = -1 EBADF (Bad file descriptor) [pid 5073] close(26) = -1 EBADF (Bad file descriptor) [pid 5073] close(27) = -1 EBADF (Bad file descriptor) [pid 5073] close(28) = -1 EBADF (Bad file descriptor) [pid 5073] close(29) = -1 EBADF (Bad file descriptor) [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=72, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=58 /* 0.58 s */} --- [pid 4994] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./70/binderfs") = 0 [pid 4994] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./70/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./70") = 0 [pid 4994] mkdir("./71", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 73 ./strace-static-x86_64: Process 5074 attached [pid 5074] chdir("./71") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5074] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5074] memfd_create("syzkaller", 0) = 4 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5074] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5074] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5074] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5074] close(4) = 0 [pid 5074] mkdir("./file0", 0777) = 0 [pid 5074] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(5, LOOP_CLR_FD) = 0 [pid 5074] close(5) = 0 [pid 5074] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5074] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 151.158670][ T5074] loop0: detected capacity change from 0 to 4096 [ 151.168954][ T5074] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 151.186711][ T5074] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5074] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5074] open("./file0", O_RDONLY) = 7 [pid 5074] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 151.212964][ T27] audit: type=1800 audit(1683090893.121:144): pid=5074 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 151.233637][ T27] audit: type=1804 audit(1683090893.131:145): pid=5074 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/71/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5074] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5074] close(3) = 0 [pid 5074] close(4) = 0 [pid 5074] close(5) = 0 [pid 5074] close(6) = 0 [pid 5074] close(7) = 0 [pid 5074] close(8) = -1 EBADF (Bad file descriptor) [pid 5074] close(9) = -1 EBADF (Bad file descriptor) [pid 5074] close(10) = -1 EBADF (Bad file descriptor) [pid 5074] close(11) = -1 EBADF (Bad file descriptor) [pid 5074] close(12) = -1 EBADF (Bad file descriptor) [pid 5074] close(13) = -1 EBADF (Bad file descriptor) [pid 5074] close(14) = -1 EBADF (Bad file descriptor) [pid 5074] close(15) = -1 EBADF (Bad file descriptor) [pid 5074] close(16) = -1 EBADF (Bad file descriptor) [pid 5074] close(17) = -1 EBADF (Bad file descriptor) [pid 5074] close(18) = -1 EBADF (Bad file descriptor) [pid 5074] close(19) = -1 EBADF (Bad file descriptor) [pid 5074] close(20) = -1 EBADF (Bad file descriptor) [pid 5074] close(21) = -1 EBADF (Bad file descriptor) [pid 5074] close(22) = -1 EBADF (Bad file descriptor) [pid 5074] close(23) = -1 EBADF (Bad file descriptor) [pid 5074] close(24) = -1 EBADF (Bad file descriptor) [pid 5074] close(25) = -1 EBADF (Bad file descriptor) [pid 5074] close(26) = -1 EBADF (Bad file descriptor) [pid 5074] close(27) = -1 EBADF (Bad file descriptor) [pid 5074] close(28) = -1 EBADF (Bad file descriptor) [pid 5074] close(29) = -1 EBADF (Bad file descriptor) [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=63 /* 0.63 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./71/binderfs") = 0 [pid 4994] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./71/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./71") = 0 [pid 4994] mkdir("./72", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 74 ./strace-static-x86_64: Process 5075 attached [pid 5075] chdir("./72") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5075] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5075] memfd_create("syzkaller", 0) = 4 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5075] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5075] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5075] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(5, LOOP_CLR_FD) = 0 [pid 5075] close(5) = 0 [pid 5075] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5075] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 152.273311][ T5075] loop0: detected capacity change from 0 to 4096 [ 152.283140][ T5075] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 152.300838][ T5075] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5075] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5075] open("./file0", O_RDONLY) = 7 [pid 5075] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 152.318247][ T27] audit: type=1800 audit(1683090894.231:146): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 152.344547][ T27] audit: type=1804 audit(1683090894.231:147): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/72/file0/file0" dev="loop0" ino=33 res=1 errno=0 [pid 5075] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5075] close(3) = 0 [pid 5075] close(4) = 0 [pid 5075] close(5) = 0 [pid 5075] close(6) = 0 [pid 5075] close(7) = 0 [pid 5075] close(8) = -1 EBADF (Bad file descriptor) [pid 5075] close(9) = -1 EBADF (Bad file descriptor) [pid 5075] close(10) = -1 EBADF (Bad file descriptor) [pid 5075] close(11) = -1 EBADF (Bad file descriptor) [pid 5075] close(12) = -1 EBADF (Bad file descriptor) [pid 5075] close(13) = -1 EBADF (Bad file descriptor) [pid 5075] close(14) = -1 EBADF (Bad file descriptor) [pid 5075] close(15) = -1 EBADF (Bad file descriptor) [pid 5075] close(16) = -1 EBADF (Bad file descriptor) [pid 5075] close(17) = -1 EBADF (Bad file descriptor) [pid 5075] close(18) = -1 EBADF (Bad file descriptor) [pid 5075] close(19) = -1 EBADF (Bad file descriptor) [pid 5075] close(20) = -1 EBADF (Bad file descriptor) [pid 5075] close(21) = -1 EBADF (Bad file descriptor) [pid 5075] close(22) = -1 EBADF (Bad file descriptor) [pid 5075] close(23) = -1 EBADF (Bad file descriptor) [pid 5075] close(24) = -1 EBADF (Bad file descriptor) [pid 5075] close(25) = -1 EBADF (Bad file descriptor) [pid 5075] close(26) = -1 EBADF (Bad file descriptor) [pid 5075] close(27) = -1 EBADF (Bad file descriptor) [pid 5075] close(28) = -1 EBADF (Bad file descriptor) [pid 5075] close(29) = -1 EBADF (Bad file descriptor) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=74, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=53 /* 0.53 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./72/binderfs") = 0 [pid 4994] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4994] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555557175660 /* 2 entries */, 32768) = 48 [pid 4994] getdents64(4, 0x555557175660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./72/file0") = 0 [pid 4994] getdents64(3, 0x55555716d620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./72") = 0 [pid 4994] mkdir("./73", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555716c5d0) = 75 ./strace-static-x86_64: Process 5076 attached [pid 5076] chdir("./73") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] openat(AT_FDCWD, "/dev/dlm_plock", O_RDONLY) = 3 [pid 5076] fstat(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(0xa, 0x7a), ...}) = 0 [pid 5076] memfd_create("syzkaller", 0) = 4 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f222ed5e000 [pid 5076] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5076] munmap(0x7f222ed5e000, 2097152) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5076] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5076] close(4) = 0 [pid 5076] mkdir("./file0", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file0", "ntfs3", MS_NOEXEC|MS_RELATIME|MS_LAZYTIME, "") = 0 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5076] chdir("./file0") = 0 [pid 5076] ioctl(5, LOOP_CLR_FD) = 0 [pid 5076] close(5) = 0 [pid 5076] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5076] renameat2(5, "./file0", 5, "./bus", 0) = 0 [ 153.342232][ T5076] loop0: detected capacity change from 0 to 4096 [ 153.352725][ T5076] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 153.371197][ T5076] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5076] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_DIRECT|O_NOFOLLOW, 000) = 6 [pid 5076] open("./file0", O_RDONLY) = 7 [pid 5076] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = 512 [ 153.388999][ T27] audit: type=1800 audit(1683090895.301:148): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor715" name="file0" dev="loop0" ino=33 res=0 errno=0 [ 153.410048][ T27] audit: type=1804 audit(1683090895.301:149): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor715" name="/root/syzkaller.Amv2pL/73/file0/file0" dev="loop0" ino=33 res=1 errno=0 [ 154.179145][ C1] ================================================================== [ 154.187308][ C1] BUG: KASAN: out-of-bounds in end_buffer_read_sync+0xc1/0xd0 [ 154.194848][ C1] Write of size 4 at addr ffffc90003b5f180 by task ksoftirqd/1/21 [ 154.202780][ C1] [ 154.205145][ C1] CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.3.0-syzkaller-12570-g7df047b3f0aa #0 [ 154.214737][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 154.224837][ C1] Call Trace: [ 154.228158][ C1] [ 154.231137][ C1] dump_stack_lvl+0x1e7/0x2d0 [ 154.235908][ C1] ? irq_work_queue+0xca/0x150 [ 154.240736][ C1] ? nf_tcp_handle_invalid+0x650/0x650 [ 154.246259][ C1] ? panic+0x770/0x770 [ 154.250470][ C1] ? _printk+0xd5/0x120 [ 154.254683][ C1] print_report+0x163/0x540 [ 154.259333][ C1] ? wake_up_bit+0x226/0x2c0 [ 154.263984][ C1] ? rcu_lock_release+0x5/0x30 [ 154.268815][ C1] ? __virt_addr_valid+0xbd/0x2e0 [ 154.273903][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 154.279166][ C1] kasan_report+0x176/0x1b0 [ 154.283918][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 154.289194][ C1] ? __wait_on_buffer+0x90/0x90 [ 154.294110][ C1] kasan_check_range+0x283/0x290 [ 154.299109][ C1] end_buffer_read_sync+0xc1/0xd0 [ 154.304203][ C1] end_bio_bh_io_sync+0xb7/0x110 [ 154.309200][ C1] blk_update_request+0x53f/0x1020 [ 154.314383][ C1] blk_mq_end_request+0x50/0x310 [ 154.319424][ C1] ? lo_complete_rq+0x11b/0x250 [ 154.324427][ C1] blk_done_softirq+0xfc/0x150 [pid 5076] sendfile(6, 7, NULL, 2147483647) = 847360 [pid 5076] close(3) = 0 [pid 5076] close(4) = 0 [pid 5076] close(5) = 0 [pid 5076] close(6) = 0 [pid 5076] close(7) = 0 [pid 5076] close(8) = -1 EBADF (Bad file descriptor) [pid 5076] close(9) = -1 EBADF (Bad file descriptor) [ 154.329243][ C1] __do_softirq+0x2ab/0x908 [ 154.333804][ C1] ? run_ksoftirqd+0xc5/0x120 [ 154.338556][ C1] ? __lock_text_end+0xc/0xc [ 154.343209][ C1] run_ksoftirqd+0xc5/0x120 [ 154.347771][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 154.353467][ C1] ? smpboot_thread_fn+0x2cd/0x9f0 [ 154.358630][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 154.363871][ C1] smpboot_thread_fn+0x533/0x9f0 [ 154.368871][ C1] kthread+0x2b8/0x350 [ 154.373001][ C1] ? cpu_report_death+0x2c0/0x2c0 [pid 5076] close(10) = -1 EBADF (Bad file descriptor) [pid 5076] close(11) = -1 EBADF (Bad file descriptor) [pid 5076] close(12) = -1 EBADF (Bad file descriptor) [pid 5076] close(13) = -1 EBADF (Bad file descriptor) [pid 5076] close(14) = -1 EBADF (Bad file descriptor) [pid 5076] close(15) = -1 EBADF (Bad file descriptor) [pid 5076] close(16) = -1 EBADF (Bad file descriptor) [pid 5076] close(17) = -1 EBADF (Bad file descriptor) [pid 5076] close(18) = -1 EBADF (Bad file descriptor) [ 154.378084][ C1] ? kthread_blkcg+0xd0/0xd0 [ 154.382745][ C1] ret_from_fork+0x1f/0x30 [ 154.387229][ C1] [ 154.390288][ C1] [ 154.392647][ C1] The buggy address belongs to the virtual mapping at [ 154.392647][ C1] [ffffc90003b58000, ffffc90003b61000) created by: [ 154.392647][ C1] copy_process+0x5c8/0x42f0 [ 154.410318][ C1] [ 154.412643][ C1] The buggy address belongs to the physical page: [ 154.419074][ C1] page:ffffea0000a6b4c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29ad3 [ 154.429310][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 154.436417][ C1] page_type: 0xffffffff() [ 154.440742][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 154.449409][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 154.458088][ C1] page dumped because: kasan: bad access detected [ 154.464491][ C1] page_owner tracks the page as allocated [ 154.470198][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4994, tgid 4994 (syz-executor715), ts 111129527575, free_ts 111099930510 [ 154.489831][ C1] post_alloc_hook+0x1e6/0x210 [ 154.494619][ C1] get_page_from_freelist+0x321c/0x33a0 [ 154.500188][ C1] __alloc_pages+0x255/0x670 [ 154.504823][ C1] __vmalloc_node_range+0x9ab/0x14e0 [ 154.510149][ C1] dup_task_struct+0x3e5/0x7d0 [ 154.514933][ C1] copy_process+0x5c8/0x42f0 [ 154.519552][ C1] kernel_clone+0x222/0x800 [ 154.524098][ C1] __x64_sys_clone+0x258/0x2a0 [ 154.528916][ C1] do_syscall_64+0x41/0xc0 [ 154.533347][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.539252][ C1] page last free stack trace: [ 154.543923][ C1] free_unref_page_prepare+0x903/0xa30 [ 154.549477][ C1] free_unref_page_list+0x596/0x830 [ 154.554702][ C1] release_pages+0x2193/0x2470 [ 154.559474][ C1] __pagevec_release+0x84/0x100 [ 154.564320][ C1] truncate_inode_pages_range+0x45d/0x11b0 [ 154.570132][ C1] blkdev_flush_mapping+0x15a/0x2b0 [ 154.575349][ C1] blkdev_put+0x4b8/0x750 [ 154.580822][ C1] deactivate_locked_super+0xa4/0x110 [ 154.586199][ C1] cleanup_mnt+0x426/0x4c0 [ 154.590657][ C1] task_work_run+0x24a/0x300 [ 154.595262][ C1] ptrace_notify+0x2cd/0x380 [ 154.599888][ C1] syscall_exit_to_user_mode+0x157/0x280 [ 154.605534][ C1] do_syscall_64+0x4d/0xc0 [ 154.610041][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.615937][ C1] [ 154.618256][ C1] Memory state around the buggy address: [ 154.623876][ C1] ffffc90003b5f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.631935][ C1] ffffc90003b5f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.640006][ C1] >ffffc90003b5f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.648065][ C1] ^ [ 154.652406][ C1] ffffc90003b5f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.660473][ C1] ffffc90003b5f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 154.668529][ C1] ================================================================== [ 154.676654][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 154.683877][ C1] CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.3.0-syzkaller-12570-g7df047b3f0aa #0 [ 154.693478][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 154.703541][ C1] Call Trace: [ 154.706842][ C1] [ 154.709772][ C1] dump_stack_lvl+0x1e7/0x2d0 [ 154.714550][ C1] ? nf_tcp_handle_invalid+0x650/0x650 [ 154.720042][ C1] ? panic+0x770/0x770 [ 154.724229][ C1] ? vscnprintf+0x5d/0x80 [ 154.728564][ C1] panic+0x30f/0x770 [ 154.732473][ C1] ? check_panic_on_warn+0x21/0xa0 [ 154.737627][ C1] ? __memcpy_flushcache+0x2b0/0x2b0 [ 154.743140][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 154.753934][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 154.759941][ C1] ? _raw_spin_unlock+0x40/0x40 [ 154.764827][ C1] ? print_report+0x4fb/0x540 [ 154.769722][ C1] check_panic_on_warn+0x82/0xa0 [ 154.774682][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 154.779900][ C1] end_report+0x63/0x110 [ 154.784154][ C1] kasan_report+0x183/0x1b0 [ 154.788672][ C1] ? end_buffer_read_sync+0xc1/0xd0 [ 154.794052][ C1] ? __wait_on_buffer+0x90/0x90 [ 154.798915][ C1] kasan_check_range+0x283/0x290 [ 154.803852][ C1] end_buffer_read_sync+0xc1/0xd0 [ 154.808880][ C1] end_bio_bh_io_sync+0xb7/0x110 [ 154.813817][ C1] blk_update_request+0x53f/0x1020 [ 154.818941][ C1] blk_mq_end_request+0x50/0x310 [ 154.823884][ C1] ? lo_complete_rq+0x11b/0x250 [ 154.828742][ C1] blk_done_softirq+0xfc/0x150 [ 154.833507][ C1] __do_softirq+0x2ab/0x908 [ 154.838020][ C1] ? run_ksoftirqd+0xc5/0x120 [ 154.842703][ C1] ? __lock_text_end+0xc/0xc [ 154.847311][ C1] run_ksoftirqd+0xc5/0x120 [ 154.851832][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 154.857053][ C1] ? smpboot_thread_fn+0x2cd/0x9f0 [ 154.862270][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 154.867470][ C1] smpboot_thread_fn+0x533/0x9f0 [ 154.872413][ C1] kthread+0x2b8/0x350 [ 154.876483][ C1] ? cpu_report_death+0x2c0/0x2c0 [ 154.881505][ C1] ? kthread_blkcg+0xd0/0xd0 [ 154.886111][ C1] ret_from_fork+0x1f/0x30 [ 154.890545][ C1] [ 154.893911][ C1] Kernel Offset: disabled [ 154.898242][ C1] Rebooting in 86400 seconds..