./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3709056788 <...> Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts. execve("./syz-executor3709056788", ["./syz-executor3709056788"], 0x7ffcd84245e0 /* 10 vars */) = 0 brk(NULL) = 0x55557f632000 brk(0x55557f632d40) = 0x55557f632d40 arch_prctl(ARCH_SET_FS, 0x55557f6323c0) = 0 set_tid_address(0x55557f632690) = 5089 set_robust_list(0x55557f6326a0, 24) = 0 rseq(0x55557f632ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3709056788", 4096) = 28 getrandom("\x68\x02\xbd\xfa\x27\x9b\xbb\x25", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557f632d40 brk(0x55557f653d40) = 0x55557f653d40 brk(0x55557f654000) = 0x55557f654000 mprotect(0x7f2454df8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.F3GryS", 0700) = 0 chmod("./syzkaller.F3GryS", 0777) = 0 chdir("./syzkaller.F3GryS") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x55557f632690) = 5090 [pid 5090] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5090] chdir("./0") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] write(1, "executing program\n", 18executing program ) = 18 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5090] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5092 attached [pid 5092] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5090] <... clone3 resumed> => {parent_tid=[5092]}, 88) = 5092 [pid 5092] <... rseq resumed>) = 0 [pid 5092] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5092] munmap(0x7f244c800000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file2", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5092] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file2") = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 54.191203][ T5092] loop0: detected capacity change from 0 to 4096 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... openat resumed>) = 4 [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... openat resumed>) = 5 [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5092] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5090] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... mmap resumed>) = 0x20000000 [pid 5092] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5090] exit_group(0 [pid 5092] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5090] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5093] chdir("./1" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5093 [pid 5093] <... chdir resumed>) = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5093] write(1, "executing program\n", 18) = 18 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5093] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5094 attached => {parent_tid=[5094]}, 88) = 5094 [pid 5094] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... rseq resumed>) = 0 [pid 5094] set_robust_list(0x7f2454d0d9a0, 24 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f244c800000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file2", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 54.590318][ T5094] loop0: detected capacity change from 0 to 4096 [pid 5094] chdir("./file2") = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... openat resumed>) = 4 [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5094] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... openat resumed>) = 5 [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... write resumed>) = 1036288 [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5094] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5093] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... mmap resumed>) = 0x20000000 [pid 5094] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5095 [pid 5095] chdir("./2") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] write(1, "executing program\n", 18executing program ) = 18 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5095] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5096 attached => {parent_tid=[5096]}, 88) = 5096 [pid 5096] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5096] munmap(0x7f244c800000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file2", 0777) = 0 [ 55.023788][ T5096] loop0: detected capacity change from 0 to 4096 [pid 5096] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file2") = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 4 [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] <... openat resumed>) = 5 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... write resumed>) = 1036288 [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5095] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... mmap resumed>) = 0x20000000 [pid 5096] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached , child_tidptr=0x55557f632690) = 5097 [pid 5097] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5097] chdir("./3") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] write(1, "executing program\n", 18executing program ) = 18 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5097] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5098 attached => {parent_tid=[5098]}, 88) = 5098 [pid 5098] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5098] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5098] munmap(0x7f244c800000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file2", 0777) = 0 [pid 5098] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5098] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file2") = 0 [ 55.542385][ T5098] loop0: detected capacity change from 0 to 4096 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... openat resumed>) = 4 [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5097] <... futex resumed>) = 0 [pid 5098] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... openat resumed>) = 5 [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... write resumed>) = 1036288 [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... mmap resumed>) = 0x20000000 [pid 5098] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5097] <... exit_group resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x55557f632690) = 5099 [pid 5099] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5099] chdir("./4") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] write(1, "executing program\n", 18executing program ) = 18 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5099] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5099] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5100] set_robust_list(0x7f2454d0d9a0, 24 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] <... set_robust_list resumed>) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5100] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5100] munmap(0x7f244c800000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] close(4) = 0 [pid 5100] mkdir("./file2", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5100] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file2") = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 56.009495][ T5100] loop0: detected capacity change from 0 to 4096 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 4 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 5 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5100] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... write resumed>) = 1036288 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5099] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5100] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] exit_group(0 [pid 5100] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x55557f632690) = 5101 [pid 5101] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5101] chdir("./5") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5101] write(1, "executing program\n", 18) = 18 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5101] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5102 attached [pid 5102] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5102] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5101] <... clone3 resumed> => {parent_tid=[5102]}, 88) = 5102 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5102] munmap(0x7f244c800000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file2", 0777) = 0 [ 56.418635][ T5102] loop0: detected capacity change from 0 to 4096 [pid 5102] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file2") = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... openat resumed>) = 4 [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5102] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... openat resumed>) = 5 [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... write resumed>) = 1036288 [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5101] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... mmap resumed>) = 0x20000000 [pid 5102] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached , child_tidptr=0x55557f632690) = 5103 [pid 5103] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5103] chdir("./6") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5103] write(1, "executing program\n", 18) = 18 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5103] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5104 attached => {parent_tid=[5104]}, 88) = 5104 [pid 5104] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] <... rseq resumed>) = 0 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... futex resumed>) = 0 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5104] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5104] munmap(0x7f244c800000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] close(4) = 0 [pid 5104] mkdir("./file2", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5104] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file2") = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [ 56.865575][ T5104] loop0: detected capacity change from 0 to 4096 [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... openat resumed>) = 4 [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5104] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... openat resumed>) = 5 [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5104] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... write resumed>) = 1036288 [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5104] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5103] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... mmap resumed>) = 0x20000000 [pid 5104] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5103] exit_group(0) = ? [pid 5104] <... futex resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x55557f632690) = 5105 [pid 5105] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5105] chdir("./7") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5105] write(1, "executing program\n", 18) = 18 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5105] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5106 attached [pid 5106] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5105] <... clone3 resumed> => {parent_tid=[5106]}, 88) = 5106 [pid 5106] <... rseq resumed>) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] set_robust_list(0x7f2454d0d9a0, 24 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... futex resumed>) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5106] munmap(0x7f244c800000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./file2", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5106] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file2") = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [ 57.359080][ T5106] loop0: detected capacity change from 0 to 4096 [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 4 [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5106] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 5 [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... write resumed>) = 1036288 [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5105] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... mmap resumed>) = 0x20000000 [pid 5106] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] <... exit_group resumed>) = ? [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x55557f632690) = 5107 [pid 5107] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5107] chdir("./8") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] write(1, "executing program\n", 18executing program ) = 18 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5107] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5107] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... rseq resumed>) = 0 [pid 5108] set_robust_list(0x7f2454d0d9a0, 24 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5108] munmap(0x7f244c800000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./file2", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file2") = 0 [ 57.844120][ T5108] loop0: detected capacity change from 0 to 4096 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... openat resumed>) = 4 [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... openat resumed>) = 5 [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5108] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... write resumed>) = 1036288 [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5108] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5107] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... mmap resumed>) = 0x20000000 [pid 5108] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] exit_group(0 [pid 5108] <... futex resumed>) = ? [pid 5107] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5109] chdir("./9") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] write(1, "executing program\n", 18executing program ) = 18 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5109] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5110 attached [pid 5110] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5109] <... clone3 resumed> => {parent_tid=[5110]}, 88) = 5110 [pid 5110] <... rseq resumed>) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5110] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5110] munmap(0x7f244c800000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file2", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5110] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file2") = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 58.363969][ T5110] loop0: detected capacity change from 0 to 4096 [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... openat resumed>) = 4 [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5109] <... futex resumed>) = 0 [pid 5110] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... openat resumed>) = 5 [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... write resumed>) = 1036288 [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5109] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5110] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5109] exit_group(0) = ? [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x55557f632690) = 5111 [pid 5111] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5111] chdir("./10") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5111] write(1, "executing program\n", 18) = 18 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5111] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5112 attached [pid 5112] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5111] <... clone3 resumed> => {parent_tid=[5112]}, 88) = 5112 [pid 5112] <... rseq resumed>) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5112] munmap(0x7f244c800000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] close(4) = 0 [pid 5112] mkdir("./file2", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file2") = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 58.889693][ T5112] loop0: detected capacity change from 0 to 4096 [pid 5112] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... openat resumed>) = 4 [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5112] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5111] <... futex resumed>) = 1 [pid 5112] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... openat resumed>) = 5 [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... write resumed>) = 1036288 [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5112] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5111] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... mmap resumed>) = 0x20000000 [pid 5112] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5111] exit_group(0) = ? [pid 5112] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55557f632690) = 5113 [pid 5113] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5113] chdir("./11") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] write(1, "executing program\n", 18executing program ) = 18 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5113] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f244c800000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] close(4) = 0 [pid 5114] mkdir("./file2", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5114] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file2") = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.333262][ T5114] loop0: detected capacity change from 0 to 4096 [pid 5114] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... openat resumed>) = 5 [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... write resumed>) = 1036288 [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5114] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0 [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x55557f632690) = 5115 [pid 5115] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5115] chdir("./12") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5115] write(1, "executing program\n", 18) = 18 [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5115] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5116 attached => {parent_tid=[5116]}, 88) = 5116 [pid 5116] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] <... rseq resumed>) = 0 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] set_robust_list(0x7f2454d0d9a0, 24 [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5116] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5116] munmap(0x7f244c800000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./file2", 0777) = 0 [pid 5116] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5116] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 59.775563][ T5116] loop0: detected capacity change from 0 to 4096 [pid 5116] chdir("./file2") = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... openat resumed>) = 4 [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... openat resumed>) = 5 [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5116] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... write resumed>) = 1036288 [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... mmap resumed>) = 0x20000000 [pid 5116] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0 [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5117] chdir("./13" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5117 [pid 5117] <... chdir resumed>) = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] write(1, "executing program\n", 18executing program ) = 18 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5117] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5117] <... clone3 resumed> => {parent_tid=[5118]}, 88) = 5118 [pid 5118] <... rseq resumed>) = 0 [pid 5118] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5118] munmap(0x7f244c800000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] close(4) = 0 [pid 5118] mkdir("./file2", 0777) = 0 [ 60.238534][ T5118] loop0: detected capacity change from 0 to 4096 [pid 5118] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5118] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file2") = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 4 [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 5 [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5118] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5118] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5117] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... mmap resumed>) = 0x20000000 [pid 5118] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5117] <... exit_group resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x55557f632690) = 5119 [pid 5119] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5119] chdir("./14") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] write(1, "executing program\n", 18executing program ) = 18 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5119] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5119] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5120] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5120] munmap(0x7f244c800000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] close(4) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5119] <... futex resumed>) = 0 [ 60.679918][ T5120] loop0: detected capacity change from 0 to 4096 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 4 [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 5 [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5120] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached , child_tidptr=0x55557f632690) = 5121 [pid 5121] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5121] chdir("./15") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5121] write(1, "executing program\n", 18) = 18 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5121] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5122 attached [pid 5122] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5122] set_robust_list(0x7f2454d0d9a0, 24 [pid 5121] <... clone3 resumed> => {parent_tid=[5122]}, 88) = 5122 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5122] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5122] munmap(0x7f244c800000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] close(4) = 0 [pid 5122] mkdir("./file2", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5122] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file2") = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.140425][ T5122] loop0: detected capacity change from 0 to 4096 [pid 5122] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... openat resumed>) = 5 [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... write resumed>) = 1036288 [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5122] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5121] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... mmap resumed>) = 0x20000000 [pid 5122] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5121] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5123 [pid 5123] <... set_robust_list resumed>) = 0 [pid 5123] chdir("./16") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5123] write(1, "executing program\n", 18) = 18 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5123] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5124 attached [pid 5124] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5123] <... clone3 resumed> => {parent_tid=[5124]}, 88) = 5124 [pid 5124] <... rseq resumed>) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] set_robust_list(0x7f2454d0d9a0, 24 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... futex resumed>) = 0 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5124] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5124] munmap(0x7f244c800000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./file2", 0777) = 0 [pid 5124] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5124] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file2") = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 4 [ 61.604957][ T5124] loop0: detected capacity change from 0 to 4096 [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 5 [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5124] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... write resumed>) = 1036288 [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5123] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... mmap resumed>) = 0x20000000 [pid 5124] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] exit_group(0 [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x55557f632690) = 5125 [pid 5125] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5125] chdir("./17") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5125] write(1, "executing program\n", 18) = 18 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5125] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5126 attached [pid 5126] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5125] <... clone3 resumed> => {parent_tid=[5126]}, 88) = 5126 [pid 5126] <... rseq resumed>) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] set_robust_list(0x7f2454d0d9a0, 24 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5126] munmap(0x7f244c800000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] close(4) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [ 62.031997][ T5126] loop0: detected capacity change from 0 to 4096 [pid 5126] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 4 [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 5 [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... write resumed>) = 1036288 [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5125] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... mmap resumed>) = 0x20000000 [pid 5126] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x55557f632690) = 5127 [pid 5127] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5127] chdir("./18") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5127] write(1, "executing program\n", 18) = 18 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5127] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5127] <... clone3 resumed> => {parent_tid=[5128]}, 88) = 5128 [pid 5128] set_robust_list(0x7f2454d0d9a0, 24 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... set_robust_list resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5128] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5128] munmap(0x7f244c800000, 138412032) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] close(4) = 0 [pid 5128] mkdir("./file2", 0777) = 0 [pid 5128] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file2") = 0 [ 62.502734][ T5128] loop0: detected capacity change from 0 to 4096 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... openat resumed>) = 4 [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] <... futex resumed>) = 0 [pid 5128] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... openat resumed>) = 5 [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... write resumed>) = 1036288 [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5128] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5127] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... mmap resumed>) = 0x20000000 [pid 5128] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] <... exit_group resumed>) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x55557f632690) = 5129 [pid 5129] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5129] chdir("./19") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] write(1, "executing program\n", 18executing program ) = 18 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5129] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5129] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] set_robust_list(0x7f2454d0d9a0, 24 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5130] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5130] munmap(0x7f244c800000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] close(4) = 0 [pid 5130] mkdir("./file2", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5130] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file2") = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 62.978537][ T5130] loop0: detected capacity change from 0 to 4096 [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5129] <... futex resumed>) = 0 [pid 5130] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... openat resumed>) = 5 [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5130] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... write resumed>) = 1036288 [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5130] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5129] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... mmap resumed>) = 0x20000000 [pid 5130] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] exit_group(0 [pid 5130] <... futex resumed>) = ? [pid 5129] <... exit_group resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x55557f632690) = 5131 [pid 5131] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5131] chdir("./20") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] write(1, "executing program\n", 18executing program ) = 18 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5131] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5132 attached [pid 5132] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5131] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5132] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] memfd_create("syzkaller", 0 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] <... memfd_create resumed>) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5132] munmap(0x7f244c800000, 138412032) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] close(4) = 0 [pid 5132] mkdir("./file2", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file2") = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... openat resumed>) = 4 [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 63.497373][ T5132] loop0: detected capacity change from 0 to 4096 [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... openat resumed>) = 5 [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... write resumed>) = 1036288 [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5132] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] exit_group(0 [pid 5132] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x55557f632690) = 5133 [pid 5133] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5133] chdir("./21") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5133] write(1, "executing program\n", 18) = 18 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5133] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5134 attached [pid 5134] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5133] <... clone3 resumed> => {parent_tid=[5134]}, 88) = 5134 [pid 5134] <... rseq resumed>) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] set_robust_list(0x7f2454d0d9a0, 24 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... futex resumed>) = 0 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5134] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5134] munmap(0x7f244c800000, 138412032) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] close(4) = 0 [pid 5134] mkdir("./file2", 0777) = 0 [pid 5134] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5134] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 63.940069][ T5134] loop0: detected capacity change from 0 to 4096 [pid 5134] chdir("./file2") = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5134] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5134] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... openat resumed>) = 5 [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... write resumed>) = 1036288 [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5133] <... futex resumed>) = 1 [pid 5134] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5133] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... mmap resumed>) = 0x20000000 [pid 5134] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0 [pid 5134] <... futex resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5133] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x55557f632690) = 5135 [pid 5135] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5135] chdir("./22") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5135] write(1, "executing program\n", 18) = 18 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5135] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5136 attached => {parent_tid=[5136]}, 88) = 5136 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] set_robust_list(0x7f2454d0d9a0, 24 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] <... set_robust_list resumed>) = 0 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5136] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5136] munmap(0x7f244c800000, 138412032) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] close(4) = 0 [pid 5136] mkdir("./file2", 0777) = 0 [pid 5136] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 64.394001][ T5136] loop0: detected capacity change from 0 to 4096 [pid 5136] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file2") = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 4 [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5135] <... futex resumed>) = 0 [pid 5136] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] <... futex resumed>) = 0 [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 5 [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] <... futex resumed>) = 0 [pid 5136] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... write resumed>) = 1036288 [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] <... futex resumed>) = 0 [pid 5136] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5135] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... mmap resumed>) = 0x20000000 [pid 5136] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0) = ? [pid 5136] <... futex resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x55557f632690) = 5137 [pid 5137] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5137] chdir("./23") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5137] write(1, "executing program\n", 18) = 18 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5137] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5138 attached [pid 5138] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5137] <... clone3 resumed> => {parent_tid=[5138]}, 88) = 5138 [pid 5138] <... rseq resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] set_robust_list(0x7f2454d0d9a0, 24 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... futex resumed>) = 0 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5138] munmap(0x7f244c800000, 138412032) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] close(4) = 0 [pid 5138] mkdir("./file2", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file2") = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 64.870278][ T5138] loop0: detected capacity change from 0 to 4096 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... openat resumed>) = 4 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... openat resumed>) = 5 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... write resumed>) = 1036288 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5137] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... mmap resumed>) = 0x20000000 [pid 5138] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0) = ? [pid 5138] <... futex resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5139 [pid 5139] chdir("./24") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] write(1, "executing program\n", 18executing program ) = 18 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5139] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5140 attached [pid 5140] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5140] set_robust_list(0x7f2454d0d9a0, 24 [pid 5139] <... clone3 resumed> => {parent_tid=[5140]}, 88) = 5140 [pid 5140] <... set_robust_list resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5140] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5140] munmap(0x7f244c800000, 138412032) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] close(4) = 0 [pid 5140] mkdir("./file2", 0777) = 0 [ 65.292773][ T5140] loop0: detected capacity change from 0 to 4096 [pid 5140] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5140] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file2") = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5139] <... futex resumed>) = 0 [pid 5140] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... openat resumed>) = 5 [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... write resumed>) = 1036288 [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5139] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... mmap resumed>) = 0x20000000 [pid 5140] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] exit_group(0) = ? [pid 5140] <... futex resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached , child_tidptr=0x55557f632690) = 5141 [pid 5141] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5141] chdir("./25") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] write(1, "executing program\n", 18executing program ) = 18 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5141] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5142 attached [pid 5142] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5142] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5142] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5142] munmap(0x7f244c800000, 138412032) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] close(4) = 0 [pid 5142] mkdir("./file2", 0777) = 0 [pid 5142] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5142] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file2") = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [ 65.822319][ T5142] loop0: detected capacity change from 0 to 4096 [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... openat resumed>) = 4 [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] <... futex resumed>) = 0 [pid 5142] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... write resumed>) = 1036288 [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5142] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5141] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... mmap resumed>) = 0x20000000 [pid 5142] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5141] exit_group(0 [pid 5142] <... futex resumed>) = ? [pid 5141] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x55557f632690) = 5143 [pid 5143] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5143] chdir("./26") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5143] write(1, "executing program\n", 18) = 18 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5143] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5144 attached [pid 5144] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5143] <... clone3 resumed> => {parent_tid=[5144]}, 88) = 5144 [pid 5144] set_robust_list(0x7f2454d0d9a0, 24 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] <... set_robust_list resumed>) = 0 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] memfd_create("syzkaller", 0 [pid 5143] <... futex resumed>) = 0 [pid 5144] <... memfd_create resumed>) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5144] munmap(0x7f244c800000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] close(4) = 0 [pid 5144] mkdir("./file2", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 66.304794][ T5144] loop0: detected capacity change from 0 to 4096 [pid 5144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file2") = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 4 [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 5 [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... write resumed>) = 1036288 [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5144] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0) = ? [pid 5144] <... futex resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5145] chdir("./27") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5145 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5145] write(1, "executing program\n", 18) = 18 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5145] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5146 attached [pid 5146] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5145] <... clone3 resumed> => {parent_tid=[5146]}, 88) = 5146 [pid 5146] set_robust_list(0x7f2454d0d9a0, 24 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] <... set_robust_list resumed>) = 0 [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5146] memfd_create("syzkaller", 0 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] <... memfd_create resumed>) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5146] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5146] munmap(0x7f244c800000, 138412032) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] close(4) = 0 [pid 5146] mkdir("./file2", 0777) = 0 [pid 5146] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5146] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./file2") = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [ 66.812755][ T5146] loop0: detected capacity change from 0 to 4096 [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... openat resumed>) = 4 [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5145] <... futex resumed>) = 1 [pid 5146] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... openat resumed>) = 5 [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5146] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... write resumed>) = 1036288 [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5146] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] exit_group(0 [pid 5146] <... futex resumed>) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x55557f632690) = 5147 [pid 5147] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5147] chdir("./28") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] write(1, "executing program\n", 18executing program ) = 18 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5147] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5147] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 [pid 5148] <... rseq resumed>) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] set_robust_list(0x7f2454d0d9a0, 24 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5148] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5148] munmap(0x7f244c800000, 138412032) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] close(4) = 0 [pid 5148] mkdir("./file2", 0777) = 0 [pid 5148] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5148] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./file2") = 0 [ 67.279608][ T5148] loop0: detected capacity change from 0 to 4096 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5148] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... openat resumed>) = 4 [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5148] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] <... openat resumed>) = 5 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5148] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... write resumed>) = 1036288 [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5148] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5147] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... mmap resumed>) = 0x20000000 [pid 5148] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x55557f632690) = 5149 [pid 5149] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5149] chdir("./29") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] write(1, "executing program\n", 18executing program ) = 18 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5149] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5150] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] set_robust_list(0x7f2454d0d9a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5150] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5150] munmap(0x7f244c800000, 138412032) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] close(4) = 0 [pid 5150] mkdir("./file2", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 67.789874][ T5150] loop0: detected capacity change from 0 to 4096 [pid 5150] chdir("./file2") = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... openat resumed>) = 4 [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] <... openat resumed>) = 5 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... write resumed>) = 1036288 [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5150] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5149] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5150] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] <... exit_group resumed>) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x55557f632690) = 5151 [pid 5151] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5151] chdir("./30") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] write(1, "executing program\n", 18executing program ) = 18 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5151] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5152 attached [pid 5152] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5152] set_robust_list(0x7f2454d0d9a0, 24 [pid 5151] <... clone3 resumed> => {parent_tid=[5152]}, 88) = 5152 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5152] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5152] munmap(0x7f244c800000, 138412032) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] close(4) = 0 [pid 5152] mkdir("./file2", 0777) = 0 [pid 5152] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5152] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./file2") = 0 [ 68.274788][ T5152] loop0: detected capacity change from 0 to 4096 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5152] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... openat resumed>) = 5 [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5152] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... write resumed>) = 1036288 [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5152] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5151] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... mmap resumed>) = 0x20000000 [pid 5152] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] exit_group(0 [pid 5152] <... futex resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5151] <... exit_group resumed>) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x55557f632690) = 5153 [pid 5153] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5153] chdir("./31") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5153] write(1, "executing program\n", 18) = 18 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5153] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5154 attached => {parent_tid=[5154]}, 88) = 5154 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] set_robust_list(0x7f2454d0d9a0, 24 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5154] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5154] munmap(0x7f244c800000, 138412032) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] close(4) = 0 [pid 5154] mkdir("./file2", 0777) = 0 [ 68.710134][ T5154] loop0: detected capacity change from 0 to 4096 [pid 5154] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5154] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file2") = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... openat resumed>) = 4 [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... openat resumed>) = 5 [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... write resumed>) = 1036288 [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5154] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5153] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... mmap resumed>) = 0x20000000 [pid 5154] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5153] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x55557f632690) = 5155 [pid 5155] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5155] chdir("./32") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] write(1, "executing program\n", 18executing program ) = 18 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5155] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5156 attached [pid 5156] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5155] <... clone3 resumed> => {parent_tid=[5156]}, 88) = 5156 [pid 5156] <... rseq resumed>) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] set_robust_list(0x7f2454d0d9a0, 24 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] <... set_robust_list resumed>) = 0 [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... futex resumed>) = 0 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5156] munmap(0x7f244c800000, 138412032) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] close(4) = 0 [pid 5156] mkdir("./file2", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5156] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file2") = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5156] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 69.160264][ T5156] loop0: detected capacity change from 0 to 4096 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... openat resumed>) = 4 [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... openat resumed>) = 5 [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... write resumed>) = 1036288 [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5156] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5155] <... futex resumed>) = 1 [pid 5155] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5156] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5155] exit_group(0 [pid 5156] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x55557f632690) = 5157 [pid 5157] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5157] chdir("./33") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] write(1, "executing program\n", 18executing program ) = 18 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5157] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5158 attached [pid 5158] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5157] <... clone3 resumed> => {parent_tid=[5158]}, 88) = 5158 [pid 5158] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] memfd_create("syzkaller", 0 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5158] <... memfd_create resumed>) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5158] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5158] munmap(0x7f244c800000, 138412032) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] close(4) = 0 [pid 5158] mkdir("./file2", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5158] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file2") = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5157] <... futex resumed>) = 0 [ 69.619719][ T5158] loop0: detected capacity change from 0 to 4096 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... openat resumed>) = 4 [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 0 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... openat resumed>) = 5 [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5158] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... write resumed>) = 1036288 [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5158] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5157] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... mmap resumed>) = 0x20000000 [pid 5158] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5158] <... futex resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] <... exit_group resumed>) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x55557f632690) = 5159 [pid 5159] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5159] chdir("./34") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5159] write(1, "executing program\n", 18) = 18 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5159] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5159] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5160] <... rseq resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] set_robust_list(0x7f2454d0d9a0, 24 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5160] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5160] munmap(0x7f244c800000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] close(4) = 0 [pid 5160] mkdir("./file2", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5160] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file2") = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [ 70.042312][ T5160] loop0: detected capacity change from 0 to 4096 [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... openat resumed>) = 4 [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5159] <... futex resumed>) = 0 [pid 5160] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5160] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... openat resumed>) = 5 [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... write resumed>) = 1036288 [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... mmap resumed>) = 0x20000000 [pid 5160] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] exit_group(0) = ? [pid 5160] <... futex resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x55557f632690) = 5161 [pid 5161] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5161] chdir("./35") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5161] write(1, "executing program\n", 18) = 18 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5161] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5162 attached [pid 5162] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5161] <... clone3 resumed> => {parent_tid=[5162]}, 88) = 5162 [pid 5162] set_robust_list(0x7f2454d0d9a0, 24 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], [pid 5162] <... set_robust_list resumed>) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5162] munmap(0x7f244c800000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] close(4) = 0 [pid 5162] mkdir("./file2", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5162] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file2") = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5161] <... futex resumed>) = 0 [ 70.520370][ T5162] loop0: detected capacity change from 0 to 4096 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... openat resumed>) = 4 [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5162] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... openat resumed>) = 5 [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5162] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... write resumed>) = 1036288 [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5162] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5161] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... mmap resumed>) = 0x20000000 [pid 5162] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5163] chdir("./36") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5163] write(1, "executing program\n", 18) = 18 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5163] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5163] <... clone3 resumed> => {parent_tid=[5164]}, 88) = 5164 [pid 5164] set_robust_list(0x7f2454d0d9a0, 24 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... set_robust_list resumed>) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5164] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5164] munmap(0x7f244c800000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./file2", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5164] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file2") = 0 [ 70.963230][ T5164] loop0: detected capacity change from 0 to 4096 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 4 [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5163] <... futex resumed>) = 0 [pid 5164] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 5 [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... write resumed>) = 1036288 [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5163] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... mmap resumed>) = 0x20000000 [pid 5164] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] exit_group(0) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x55557f632690) = 5165 [pid 5165] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5165] chdir("./37") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5165] write(1, "executing program\n", 18) = 18 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5165] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5166 attached [pid 5166] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5165] <... clone3 resumed> => {parent_tid=[5166]}, 88) = 5166 [pid 5166] set_robust_list(0x7f2454d0d9a0, 24 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] <... set_robust_list resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5166] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5166] munmap(0x7f244c800000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] close(4) = 0 [pid 5166] mkdir("./file2", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file2") = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [ 71.417457][ T5166] loop0: detected capacity change from 0 to 4096 [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... openat resumed>) = 4 [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5166] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... openat resumed>) = 5 [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... write resumed>) = 1036288 [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... mmap resumed>) = 0x20000000 [pid 5166] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] exit_group(0 [pid 5166] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5167] chdir("./38") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5167] write(1, "executing program\n", 18) = 18 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5167] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0} => {parent_tid=[5168]}, 88) = 5168 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5168] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5168] munmap(0x7f244c800000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] close(4) = 0 [pid 5168] mkdir("./file2", 0777) = 0 [ 71.936500][ T5168] loop0: detected capacity change from 0 to 4096 [pid 5168] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5168] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file2") = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... openat resumed>) = 4 [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5168] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5168] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] exit_group(0 [pid 5168] <... futex resumed>) = ? [pid 5167] <... exit_group resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x55557f632690) = 5169 [pid 5169] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5169] chdir("./39") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5169] write(1, "executing program\n", 18) = 18 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5169] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5170 attached => {parent_tid=[5170]}, 88) = 5170 [pid 5170] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5170] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5170] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5170] munmap(0x7f244c800000, 138412032) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] close(4) = 0 [pid 5170] mkdir("./file2", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5170] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file2") = 0 [ 72.389702][ T5170] loop0: detected capacity change from 0 to 4096 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 4 [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 5 [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5170] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... write resumed>) = 1036288 [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5169] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... mmap resumed>) = 0x20000000 [pid 5170] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0 [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] <... exit_group resumed>) = ? [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x55557f632690) = 5171 [pid 5171] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5171] chdir("./40") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5171] write(1, "executing program\n", 18) = 18 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5171] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5172 attached [pid 5172] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5171] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5172] <... rseq resumed>) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] set_robust_list(0x7f2454d0d9a0, 24 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] <... futex resumed>) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5172] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5172] munmap(0x7f244c800000, 138412032) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] close(4) = 0 [pid 5172] mkdir("./file2", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5172] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file2") = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 72.874070][ T5172] loop0: detected capacity change from 0 to 4096 [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... openat resumed>) = 4 [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5171] <... futex resumed>) = 0 [pid 5172] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... write resumed>) = 1036288 [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5171] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... mmap resumed>) = 0x20000000 [pid 5172] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] exit_group(0 [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5171] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached , child_tidptr=0x55557f632690) = 5173 [pid 5173] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5173] chdir("./41") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5173] write(1, "executing program\n", 18) = 18 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5173] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5174 attached [pid 5174] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5173] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5174] <... rseq resumed>) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] set_robust_list(0x7f2454d0d9a0, 24 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] <... set_robust_list resumed>) = 0 [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5174] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5174] munmap(0x7f244c800000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file2", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5174] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 73.301456][ T5174] loop0: detected capacity change from 0 to 4096 [pid 5174] chdir("./file2") = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... openat resumed>) = 4 [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5174] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... openat resumed>) = 5 [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... write resumed>) = 1036288 [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5174] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5173] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... mmap resumed>) = 0x20000000 [pid 5174] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] exit_group(0) = ? [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x55557f632690) = 5175 [pid 5175] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5175] chdir("./42") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5175] write(1, "executing program\n", 18) = 18 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5175] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5176 attached [pid 5176] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5176] set_robust_list(0x7f2454d0d9a0, 24 [pid 5175] <... clone3 resumed> => {parent_tid=[5176]}, 88) = 5176 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] memfd_create("syzkaller", 0 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] <... memfd_create resumed>) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5176] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5176] munmap(0x7f244c800000, 138412032) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] close(4) = 0 [pid 5176] mkdir("./file2", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5176] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file2") = 0 [ 73.801754][ T5176] loop0: detected capacity change from 0 to 4096 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... openat resumed>) = 4 [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5175] <... futex resumed>) = 0 [pid 5176] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... openat resumed>) = 5 [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... write resumed>) = 1036288 [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5175] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... mmap resumed>) = 0x20000000 [pid 5176] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] exit_group(0 [pid 5176] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5175] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5177] chdir("./43") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] write(1, "executing program\n", 18executing program ) = 18 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5177] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5178 attached [pid 5178] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5177] <... clone3 resumed> => {parent_tid=[5178]}, 88) = 5178 [pid 5178] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5178] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5178] munmap(0x7f244c800000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./file2", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5178] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file2") = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [ 74.227550][ T5178] loop0: detected capacity change from 0 to 4096 [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... openat resumed>) = 4 [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5177] <... futex resumed>) = 0 [pid 5178] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5178] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... write resumed>) = 1036288 [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5178] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5177] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... mmap resumed>) = 0x20000000 [pid 5178] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] <... exit_group resumed>) = ? [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5179 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5179] chdir("./44") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] write(1, "executing program\n", 18executing program ) = 18 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5179] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5180 attached [pid 5180] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5179] <... clone3 resumed> => {parent_tid=[5180]}, 88) = 5180 [pid 5180] <... rseq resumed>) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] set_robust_list(0x7f2454d0d9a0, 24 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] <... set_robust_list resumed>) = 0 [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] <... futex resumed>) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5180] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5180] munmap(0x7f244c800000, 138412032) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] close(4) = 0 [pid 5180] mkdir("./file2", 0777) = 0 [pid 5180] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5180] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 74.675270][ T5180] loop0: detected capacity change from 0 to 4096 [pid 5180] chdir("./file2") = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 4 [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 5 [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... write resumed>) = 1036288 [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5179] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... mmap resumed>) = 0x20000000 [pid 5180] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0 [pid 5180] <... futex resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x55557f632690) = 5181 [pid 5181] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5181] chdir("./45") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5181] write(1, "executing program\n", 18) = 18 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5181] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5181] <... clone3 resumed> => {parent_tid=[5182]}, 88) = 5182 [pid 5182] <... rseq resumed>) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] set_robust_list(0x7f2454d0d9a0, 24 [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] <... futex resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5182] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5182] munmap(0x7f244c800000, 138412032) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] close(4) = 0 [pid 5182] mkdir("./file2", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 75.104192][ T5182] loop0: detected capacity change from 0 to 4096 [pid 5182] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] chdir("./file2") = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... openat resumed>) = 4 [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5181] <... futex resumed>) = 0 [pid 5182] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5182] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... openat resumed>) = 5 [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... write resumed>) = 1036288 [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5181] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... mmap resumed>) = 0x20000000 [pid 5182] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] exit_group(0) = ? [pid 5182] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x55557f632690) = 5183 [pid 5183] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5183] chdir("./46") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] write(1, "executing program\n", 18executing program ) = 18 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5183] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5183] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] set_robust_list(0x7f2454d0d9a0, 24 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... memfd_create resumed>) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5184] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5184] munmap(0x7f244c800000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file2", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5184] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file2") = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.583033][ T5184] loop0: detected capacity change from 0 to 4096 [pid 5184] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] <... openat resumed>) = 5 [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... mmap resumed>) = 0x20000000 [pid 5184] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] exit_group(0 [pid 5184] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x55557f632690) = 5185 [pid 5185] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5185] chdir("./47") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5185] write(1, "executing program\n", 18) = 18 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5185] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5186 attached [pid 5186] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5185] <... clone3 resumed> => {parent_tid=[5186]}, 88) = 5186 [pid 5186] <... rseq resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] set_robust_list(0x7f2454d0d9a0, 24 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] <... futex resumed>) = 0 [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5186] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5186] munmap(0x7f244c800000, 138412032) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] close(4) = 0 [pid 5186] mkdir("./file2", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5186] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file2") = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 4 [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 5 [ 76.037309][ T5186] loop0: detected capacity change from 0 to 4096 [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... write resumed>) = 1036288 [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5185] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... mmap resumed>) = 0x20000000 [pid 5186] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] exit_group(0 [pid 5186] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5185] <... exit_group resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x55557f632690) = 5187 [pid 5187] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5187] chdir("./48") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5187] write(1, "executing program\n", 18) = 18 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5187] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5187] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5188 attached [pid 5188] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5187] <... clone3 resumed> => {parent_tid=[5188]}, 88) = 5188 [pid 5188] set_robust_list(0x7f2454d0d9a0, 24 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] <... set_robust_list resumed>) = 0 [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5188] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5188] munmap(0x7f244c800000, 138412032) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] close(4) = 0 [pid 5188] mkdir("./file2", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5188] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file2") = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... openat resumed>) = 4 [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 76.455055][ T5188] loop0: detected capacity change from 0 to 4096 [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... futex resumed>) = 0 [pid 5188] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... openat resumed>) = 5 [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... write resumed>) = 1036288 [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... mmap resumed>) = 0x20000000 [pid 5188] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] exit_group(0 [pid 5188] <... futex resumed>) = ? [pid 5187] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x55557f632690) = 5189 [pid 5189] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5189] chdir("./49") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] write(1, "executing program\n", 18executing program ) = 18 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 76.767888][ T784] cfg80211: failed to load regulatory.db [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5189] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5191 attached [pid 5191] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5191] set_robust_list(0x7f2454d0d9a0, 24 [pid 5189] <... clone3 resumed> => {parent_tid=[5191]}, 88) = 5191 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5191] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5191] munmap(0x7f244c800000, 138412032) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] close(4) = 0 [pid 5191] mkdir("./file2", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5191] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file2") = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5191] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 76.893495][ T5191] loop0: detected capacity change from 0 to 4096 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... openat resumed>) = 4 [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5191] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... futex resumed>) = 0 [pid 5191] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5191] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... write resumed>) = 1036288 [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5191] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5189] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... mmap resumed>) = 0x20000000 [pid 5191] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0) = ? [pid 5191] <... futex resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5192] chdir("./50" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5192 [pid 5192] <... chdir resumed>) = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] write(1, "executing program\n", 18executing program ) = 18 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5192] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] <... clone3 resumed> => {parent_tid=[5193]}, 88) = 5193 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5193] memfd_create("syzkaller", 0 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] <... memfd_create resumed>) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5193] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5193] munmap(0x7f244c800000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./file2", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5193] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 77.328884][ T5193] loop0: detected capacity change from 0 to 4096 [pid 5193] chdir("./file2") = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... openat resumed>) = 5 [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5193] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5192] <... futex resumed>) = 1 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... write resumed>) = 1036288 [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5193] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5192] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... mmap resumed>) = 0x20000000 [pid 5193] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x55557f632690) = 5194 [pid 5194] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5194] chdir("./51") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5194] write(1, "executing program\n", 18) = 18 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5194] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5195 attached [pid 5195] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5194] <... clone3 resumed> => {parent_tid=[5195]}, 88) = 5195 [pid 5195] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] memfd_create("syzkaller", 0 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] <... memfd_create resumed>) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5195] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5195] munmap(0x7f244c800000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./file2", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5195] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file2") = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [ 77.792390][ T5195] loop0: detected capacity change from 0 to 4096 [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 4 [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5194] <... futex resumed>) = 0 [pid 5195] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 5 [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... write resumed>) = 1036288 [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5194] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... mmap resumed>) = 0x20000000 [pid 5195] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached , child_tidptr=0x55557f632690) = 5196 [pid 5196] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5196] chdir("./52") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] write(1, "executing program\n", 18executing program ) = 18 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5196] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5197 attached [pid 5197] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5196] <... clone3 resumed> => {parent_tid=[5197]}, 88) = 5197 [pid 5197] <... rseq resumed>) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] set_robust_list(0x7f2454d0d9a0, 24 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5197] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5197] munmap(0x7f244c800000, 138412032) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] close(4) = 0 [pid 5197] mkdir("./file2", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5197] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file2") = 0 [ 78.262113][ T5197] loop0: detected capacity change from 0 to 4096 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... openat resumed>) = 4 [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] <... futex resumed>) = 0 [pid 5197] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] <... futex resumed>) = 0 [pid 5197] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... openat resumed>) = 5 [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... write resumed>) = 1036288 [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5196] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... mmap resumed>) = 0x20000000 [pid 5197] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5196] <... exit_group resumed>) = ? [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x55557f632690) = 5198 [pid 5198] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5198] chdir("./53") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5198] write(1, "executing program\n", 18) = 18 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5198] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5199] set_robust_list(0x7f2454d0d9a0, 24 [pid 5198] <... clone3 resumed> => {parent_tid=[5199]}, 88) = 5199 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] memfd_create("syzkaller", 0 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... memfd_create resumed>) = 3 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5199] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5199] munmap(0x7f244c800000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] close(4) = 0 [pid 5199] mkdir("./file2", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5199] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file2") = 0 [ 78.675643][ T5199] loop0: detected capacity change from 0 to 4096 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... openat resumed>) = 4 [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... openat resumed>) = 5 [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5199] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... write resumed>) = 1036288 [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... mmap resumed>) = 0x20000000 [pid 5199] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] exit_group(0) = ? [pid 5199] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached , child_tidptr=0x55557f632690) = 5200 [pid 5200] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5200] chdir("./54") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5200] write(1, "executing program\n", 18) = 18 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5200] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5200] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5201 attached [pid 5201] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5200] <... clone3 resumed> => {parent_tid=[5201]}, 88) = 5201 [pid 5201] <... rseq resumed>) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] set_robust_list(0x7f2454d0d9a0, 24 [pid 5200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] <... set_robust_list resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5201] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5201] munmap(0x7f244c800000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] close(4) = 0 [pid 5201] mkdir("./file2", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5201] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file2") = 0 [ 79.106387][ T5201] loop0: detected capacity change from 0 to 4096 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... openat resumed>) = 4 [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5201] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] <... futex resumed>) = 0 [pid 5201] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... openat resumed>) = 5 [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... write resumed>) = 1036288 [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5200] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5201] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5201] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] exit_group(0 [pid 5201] <... futex resumed>) = ? [pid 5200] <... exit_group resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached , child_tidptr=0x55557f632690) = 5202 [pid 5202] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5202] chdir("./55") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] write(1, "executing program\n", 18executing program ) = 18 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5202] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5203 attached [pid 5203] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5202] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5203] <... rseq resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] set_robust_list(0x7f2454d0d9a0, 24 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... futex resumed>) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5203] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5203] munmap(0x7f244c800000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] close(4) = 0 [pid 5203] mkdir("./file2", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5203] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file2") = 0 [ 79.619537][ T5203] loop0: detected capacity change from 0 to 4096 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] <... futex resumed>) = 0 [pid 5203] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... openat resumed>) = 4 [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] <... openat resumed>) = 5 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... write resumed>) = 1036288 [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5202] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5203] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] exit_group(0) = ? [pid 5203] <... futex resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x55557f632690) = 5204 [pid 5204] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5204] chdir("./56") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] write(1, "executing program\n", 18executing program ) = 18 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5204] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5204] <... clone3 resumed> => {parent_tid=[5205]}, 88) = 5205 [pid 5205] set_robust_list(0x7f2454d0d9a0, 24 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] <... set_robust_list resumed>) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] memfd_create("syzkaller", 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] <... memfd_create resumed>) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5205] munmap(0x7f244c800000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./file2", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5205] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file2") = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.079921][ T5205] loop0: detected capacity change from 0 to 4096 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... openat resumed>) = 4 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... openat resumed>) = 5 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5205] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... write resumed>) = 1036288 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5204] <... futex resumed>) = 1 [pid 5204] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... mmap resumed>) = 0x20000000 [pid 5205] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5205] <... futex resumed>) = 1 [pid 5204] exit_group(0 [pid 5205] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached , child_tidptr=0x55557f632690) = 5206 [pid 5206] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5206] chdir("./57") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5206] write(1, "executing program\n", 18) = 18 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5206] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5206] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5207 attached => {parent_tid=[5207]}, 88) = 5207 [pid 5207] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5207] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5207] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5207] munmap(0x7f244c800000, 138412032) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] close(4) = 0 [pid 5207] mkdir("./file2", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5207] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file2") = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.573562][ T5207] loop0: detected capacity change from 0 to 4096 [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... openat resumed>) = 4 [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5206] <... futex resumed>) = 0 [pid 5207] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5206] <... futex resumed>) = 0 [pid 5207] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... openat resumed>) = 5 [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5206] <... futex resumed>) = 0 [pid 5207] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5206] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... mmap resumed>) = 0x20000000 [pid 5207] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] exit_group(0 [pid 5207] <... futex resumed>) = ? [pid 5206] <... exit_group resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x55557f632690) = 5208 [pid 5208] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5208] chdir("./58") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5208] write(1, "executing program\n", 18) = 18 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5208] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5209 attached [pid 5209] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5208] <... clone3 resumed> => {parent_tid=[5209]}, 88) = 5209 [pid 5209] <... rseq resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] set_robust_list(0x7f2454d0d9a0, 24 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] <... set_robust_list resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5209] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5209] munmap(0x7f244c800000, 138412032) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] close(4) = 0 [pid 5209] mkdir("./file2", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5209] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file2") = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.045127][ T5209] loop0: detected capacity change from 0 to 4096 [pid 5209] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5209] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... openat resumed>) = 5 [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... write resumed>) = 1036288 [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5209] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5208] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... mmap resumed>) = 0x20000000 [pid 5209] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached , child_tidptr=0x55557f632690) = 5210 [pid 5210] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5210] chdir("./59") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] write(1, "executing program\n", 18executing program ) = 18 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5210] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5211 attached [pid 5211] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5210] <... clone3 resumed> => {parent_tid=[5211]}, 88) = 5211 [pid 5211] set_robust_list(0x7f2454d0d9a0, 24 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] <... set_robust_list resumed>) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5211] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5211] munmap(0x7f244c800000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] close(4) = 0 [pid 5211] mkdir("./file2", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5211] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file2") = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.494290][ T5211] loop0: detected capacity change from 0 to 4096 [pid 5211] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5211] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... write resumed>) = 1036288 [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... futex resumed>) = 0 [pid 5211] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5210] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... mmap resumed>) = 0x20000000 [pid 5211] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] exit_group(0 [pid 5211] <... futex resumed>) = ? [pid 5210] <... exit_group resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x55557f632690) = 5212 [pid 5212] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5212] chdir("./60") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5212] write(1, "executing program\n", 18) = 18 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5212] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5213 attached [pid 5213] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5212] <... clone3 resumed> => {parent_tid=[5213]}, 88) = 5213 [pid 5213] <... rseq resumed>) = 0 [pid 5213] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5213] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5213] munmap(0x7f244c800000, 138412032) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file2", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5213] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 81.911928][ T5213] loop0: detected capacity change from 0 to 4096 [pid 5213] chdir("./file2") = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5213] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = 4 [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5212] <... futex resumed>) = 0 [pid 5213] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] <... futex resumed>) = 0 [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5212] <... futex resumed>) = 0 [pid 5213] <... openat resumed>) = 5 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] <... futex resumed>) = 0 [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... write resumed>) = 1036288 [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... mmap resumed>) = 0x20000000 [pid 5213] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5214] chdir("./61" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5214 [pid 5214] <... chdir resumed>) = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5214] write(1, "executing program\n", 18) = 18 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5214] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5215 attached [pid 5215] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5214] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5215] <... rseq resumed>) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] set_robust_list(0x7f2454d0d9a0, 24 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] <... futex resumed>) = 0 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5215] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5215] munmap(0x7f244c800000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./file2", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5215] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file2") = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [ 82.385194][ T5215] loop0: detected capacity change from 0 to 4096 [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 4 [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5214] <... futex resumed>) = 0 [pid 5215] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 5 [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... write resumed>) = 1036288 [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5214] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... mmap resumed>) = 0x20000000 [pid 5215] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5215] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5214] <... exit_group resumed>) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x55557f632690) = 5216 [pid 5216] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5216] chdir("./62") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] write(1, "executing program\n", 18executing program ) = 18 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5216] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5217 attached => {parent_tid=[5217]}, 88) = 5217 [pid 5217] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5217] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5217] memfd_create("syzkaller", 0 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] <... memfd_create resumed>) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5217] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5217] munmap(0x7f244c800000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] close(4) = 0 [pid 5217] mkdir("./file2", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5217] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file2") = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5217] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 82.834798][ T5217] loop0: detected capacity change from 0 to 4096 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... openat resumed>) = 4 [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... write resumed>) = 1036288 [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5216] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5216] <... futex resumed>) = 0 [pid 5217] <... mmap resumed>) = 0x20000000 [pid 5216] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] exit_group(0) = ? [pid 5217] <... futex resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5219 [pid 5219] <... set_robust_list resumed>) = 0 [pid 5219] chdir("./63") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5219] write(1, "executing program\n", 18) = 18 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5219] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5220 attached => {parent_tid=[5220]}, 88) = 5220 [pid 5220] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] set_robust_list(0x7f2454d0d9a0, 24 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... futex resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5220] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5220] munmap(0x7f244c800000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./file2", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5220] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file2") = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 83.276262][ T5220] loop0: detected capacity change from 0 to 4096 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... openat resumed>) = 4 [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... mmap resumed>) = 0x20000000 [pid 5219] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] exit_group(0) = ? [pid 5220] <... futex resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached , child_tidptr=0x55557f632690) = 5221 [pid 5221] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5221] chdir("./64") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5221] write(1, "executing program\n", 18) = 18 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5221] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5222 attached [pid 5222] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5222] set_robust_list(0x7f2454d0d9a0, 24 [pid 5221] <... clone3 resumed> => {parent_tid=[5222]}, 88) = 5222 [pid 5222] <... set_robust_list resumed>) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] memfd_create("syzkaller", 0 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5222] <... memfd_create resumed>) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5222] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5222] munmap(0x7f244c800000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file2", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5222] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file2") = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 83.705778][ T5222] loop0: detected capacity change from 0 to 4096 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... openat resumed>) = 4 [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5221] <... futex resumed>) = 0 [pid 5222] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] <... futex resumed>) = 0 [pid 5222] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... openat resumed>) = 5 [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... write resumed>) = 1036288 [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5221] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... mmap resumed>) = 0x20000000 [pid 5222] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5221] exit_group(0) = ? [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5223] chdir("./65") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] write(1, "executing program\n", 18executing program ) = 18 [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5223] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5224 attached [pid 5224] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5223] <... clone3 resumed> => {parent_tid=[5224]}, 88) = 5224 [pid 5224] set_robust_list(0x7f2454d0d9a0, 24 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] <... set_robust_list resumed>) = 0 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5224] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5224] munmap(0x7f244c800000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file2", 0777) = 0 [ 84.159130][ T5224] loop0: detected capacity change from 0 to 4096 [pid 5224] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5224] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file2") = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... openat resumed>) = 4 [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... write resumed>) = 1036288 [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5223] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... mmap resumed>) = 0x20000000 [pid 5224] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5223] exit_group(0 [pid 5224] exit_group(0 [pid 5223] <... exit_group resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x55557f632690) = 5225 [pid 5225] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5225] chdir("./66") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5225] write(1, "executing program\n", 18) = 18 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5225] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5225] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5226] <... rseq resumed>) = 0 [pid 5226] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5226] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5226] munmap(0x7f244c800000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file2", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5226] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file2") = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [ 84.672491][ T5226] loop0: detected capacity change from 0 to 4096 [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... openat resumed>) = 5 [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5226] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... write resumed>) = 1036288 [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5226] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5225] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... mmap resumed>) = 0x20000000 [pid 5226] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] exit_group(0 [pid 5226] <... futex resumed>) = ? [pid 5225] <... exit_group resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x55557f632690) = 5227 [pid 5227] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5227] chdir("./67") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5227] write(1, "executing program\n", 18) = 18 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5227] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5228 attached [pid 5228] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5227] <... clone3 resumed> => {parent_tid=[5228]}, 88) = 5228 [pid 5228] <... rseq resumed>) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] set_robust_list(0x7f2454d0d9a0, 24 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] <... futex resumed>) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5228] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5228] munmap(0x7f244c800000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file2", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5228] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file2") = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [ 85.142528][ T5228] loop0: detected capacity change from 0 to 4096 [pid 5228] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5228] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5227] <... futex resumed>) = 1 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... openat resumed>) = 5 [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... write resumed>) = 1036288 [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] <... futex resumed>) = 0 [pid 5228] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5227] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... mmap resumed>) = 0x20000000 [pid 5228] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] exit_group(0 [pid 5228] <... futex resumed>) = ? [pid 5227] <... exit_group resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x55557f632690) = 5229 [pid 5229] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5229] chdir("./68") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] write(1, "executing program\n", 18executing program ) = 18 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5229] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5230 attached [pid 5230] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5229] <... clone3 resumed> => {parent_tid=[5230]}, 88) = 5230 [pid 5230] set_robust_list(0x7f2454d0d9a0, 24 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... set_robust_list resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] memfd_create("syzkaller", 0 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] <... memfd_create resumed>) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5230] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5230] munmap(0x7f244c800000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file2", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5230] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 85.590463][ T5230] loop0: detected capacity change from 0 to 4096 [pid 5230] chdir("./file2") = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... openat resumed>) = 4 [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... openat resumed>) = 5 [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... write resumed>) = 1036288 [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5229] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... mmap resumed>) = 0x20000000 [pid 5230] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] exit_group(0) = ? [pid 5230] <... futex resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5231 [pid 5231] <... set_robust_list resumed>) = 0 [pid 5231] chdir("./69") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] write(1, "executing program\n", 18executing program ) = 18 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5231] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5232] set_robust_list(0x7f2454d0d9a0, 24 [pid 5231] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] memfd_create("syzkaller", 0 [pid 5231] <... futex resumed>) = 0 [pid 5232] <... memfd_create resumed>) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5232] munmap(0x7f244c800000, 138412032) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] close(4) = 0 [pid 5232] mkdir("./file2", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5232] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file2") = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... openat resumed>) = 4 [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 86.085126][ T5232] loop0: detected capacity change from 0 to 4096 [pid 5231] <... futex resumed>) = 0 [pid 5232] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... openat resumed>) = 5 [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 0 [pid 5232] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5231] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5232] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] exit_group(0 [pid 5232] <... futex resumed>) = ? [pid 5231] <... exit_group resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x55557f632690) = 5233 [pid 5233] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5233] chdir("./70") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5233] write(1, "executing program\n", 18) = 18 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5233] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5233] <... clone3 resumed> => {parent_tid=[5234]}, 88) = 5234 [pid 5234] <... rseq resumed>) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5234] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5234] munmap(0x7f244c800000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file2", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5234] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file2") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5233] <... futex resumed>) = 0 [ 86.511601][ T5234] loop0: detected capacity change from 0 to 4096 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... openat resumed>) = 4 [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5233] <... futex resumed>) = 1 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... openat resumed>) = 5 [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... write resumed>) = 1036288 [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5233] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... mmap resumed>) = 0x20000000 [pid 5234] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5233] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x55557f632690) = 5235 [pid 5235] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5235] chdir("./71") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5235] write(1, "executing program\n", 18) = 18 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5235] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5236 attached [pid 5236] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5235] <... clone3 resumed> => {parent_tid=[5236]}, 88) = 5236 [pid 5236] <... rseq resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] set_robust_list(0x7f2454d0d9a0, 24 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] <... set_robust_list resumed>) = 0 [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5236] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5236] munmap(0x7f244c800000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] close(4) = 0 [pid 5236] mkdir("./file2", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5236] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 86.985218][ T5236] loop0: detected capacity change from 0 to 4096 [pid 5236] chdir("./file2") = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5236] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5236] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5235] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... mmap resumed>) = 0x20000000 [pid 5236] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0 [pid 5236] <... futex resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5235] <... exit_group resumed>) = ? [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5237] chdir("./72") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5237] write(1, "executing program\n", 18) = 18 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5237] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5237] <... clone3 resumed> => {parent_tid=[5238]}, 88) = 5238 [pid 5238] set_robust_list(0x7f2454d0d9a0, 24 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... set_robust_list resumed>) = 0 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] <... futex resumed>) = 0 [pid 5238] memfd_create("syzkaller", 0 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] <... memfd_create resumed>) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5238] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5238] munmap(0x7f244c800000, 138412032) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] close(4) = 0 [pid 5238] mkdir("./file2", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5238] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file2") = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5237] <... futex resumed>) = 1 [pid 5238] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5237] <... futex resumed>) = 0 [ 87.481548][ T5238] loop0: detected capacity change from 0 to 4096 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... write resumed>) = 1036288 [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5237] <... futex resumed>) = 1 [pid 5237] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... mmap resumed>) = 0x20000000 [pid 5238] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5239] chdir("./73" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5239 [pid 5239] <... chdir resumed>) = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5239] write(1, "executing program\n", 18) = 18 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5239] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5240 attached [pid 5240] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5239] <... clone3 resumed> => {parent_tid=[5240]}, 88) = 5240 [pid 5240] <... rseq resumed>) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] set_robust_list(0x7f2454d0d9a0, 24 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... futex resumed>) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5240] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5240] munmap(0x7f244c800000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./file2", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5240] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file2") = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 87.883200][ T5240] loop0: detected capacity change from 0 to 4096 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5240] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... openat resumed>) = 5 [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... write resumed>) = 1036288 [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5240] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5239] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... mmap resumed>) = 0x20000000 [pid 5240] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached , child_tidptr=0x55557f632690) = 5241 [pid 5241] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5241] chdir("./74") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5241] write(1, "executing program\n", 18) = 18 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5241] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5242 attached [pid 5242] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5241] <... clone3 resumed> => {parent_tid=[5242]}, 88) = 5242 [pid 5242] set_robust_list(0x7f2454d0d9a0, 24 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] <... set_robust_list resumed>) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5242] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5242] munmap(0x7f244c800000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] close(4) = 0 [pid 5242] mkdir("./file2", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5242] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file2") = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.377231][ T5242] loop0: detected capacity change from 0 to 4096 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... openat resumed>) = 4 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... write resumed>) = 1036288 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... mmap resumed>) = 0x20000000 [pid 5242] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0 [pid 5242] <... futex resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5241] <... exit_group resumed>) = ? [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached , child_tidptr=0x55557f632690) = 5243 [pid 5243] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5243] chdir("./75") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] write(1, "executing program\n", 18executing program ) = 18 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5243] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5244 attached [pid 5244] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5243] <... clone3 resumed> => {parent_tid=[5244]}, 88) = 5244 [pid 5244] <... rseq resumed>) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] set_robust_list(0x7f2454d0d9a0, 24 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5244] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5244] munmap(0x7f244c800000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] close(4) = 0 [pid 5244] mkdir("./file2", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5244] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file2") = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.801464][ T5244] loop0: detected capacity change from 0 to 4096 [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... openat resumed>) = 4 [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5243] <... futex resumed>) = 0 [pid 5244] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5244] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... openat resumed>) = 5 [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... write resumed>) = 1036288 [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5243] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5244] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] exit_group(0 [pid 5244] <... futex resumed>) = ? [pid 5243] <... exit_group resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached , child_tidptr=0x55557f632690) = 5245 [pid 5245] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5245] chdir("./76") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5245] write(1, "executing program\n", 18) = 18 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5245] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5246 attached [pid 5246] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5245] <... clone3 resumed> => {parent_tid=[5246]}, 88) = 5246 [pid 5246] <... rseq resumed>) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] set_robust_list(0x7f2454d0d9a0, 24 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] <... set_robust_list resumed>) = 0 [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] <... futex resumed>) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5246] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5246] munmap(0x7f244c800000, 138412032) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] close(4) = 0 [pid 5246] mkdir("./file2", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5246] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 89.243501][ T5246] loop0: detected capacity change from 0 to 4096 [pid 5246] chdir("./file2") = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 4 [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 5 [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... mmap resumed>) = 0x20000000 [pid 5246] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x55557f632690) = 5247 [pid 5247] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5247] chdir("./77") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5247] write(1, "executing program\n", 18) = 18 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5247] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5247] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] <... rseq resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] set_robust_list(0x7f2454d0d9a0, 24 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... futex resumed>) = 0 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5248] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5248] munmap(0x7f244c800000, 138412032) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] close(4) = 0 [pid 5248] mkdir("./file2", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 89.720276][ T5248] loop0: detected capacity change from 0 to 4096 [pid 5248] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file2") = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... openat resumed>) = 4 [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5248] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5247] <... futex resumed>) = 0 [pid 5248] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... openat resumed>) = 5 [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... write resumed>) = 1036288 [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5247] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... mmap resumed>) = 0x20000000 [pid 5248] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] exit_group(0 [pid 5248] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5249 [pid 5249] chdir("./78") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5249] write(1, "executing program\n", 18) = 18 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5249] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5249] <... clone3 resumed> => {parent_tid=[5250]}, 88) = 5250 [pid 5250] set_robust_list(0x7f2454d0d9a0, 24 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... set_robust_list resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5250] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5250] munmap(0x7f244c800000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./file2", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5250] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file2") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 90.191427][ T5250] loop0: detected capacity change from 0 to 4096 [pid 5250] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5250] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... openat resumed>) = 5 [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... write resumed>) = 1036288 [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... mmap resumed>) = 0x20000000 [pid 5250] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0 [pid 5250] <... futex resumed>) = ? [pid 5249] <... exit_group resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5251] chdir("./79") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] write(1, "executing program\n", 18executing program ) = 18 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5251] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5252 attached => {parent_tid=[5252]}, 88) = 5252 [pid 5252] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5252] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5252] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5252] munmap(0x7f244c800000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] mkdir("./file2", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5252] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file2") = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.656693][ T5252] loop0: detected capacity change from 0 to 4096 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] <... futex resumed>) = 0 [pid 5252] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = 4 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5252] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = 5 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... write resumed>) = 1036288 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5251] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... mmap resumed>) = 0x20000000 [pid 5252] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x55557f632690) = 5253 [pid 5253] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5253] chdir("./80") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5253] write(1, "executing program\n", 18) = 18 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5253] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5253] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] <... rseq resumed>) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] set_robust_list(0x7f2454d0d9a0, 24 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5254] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5254] munmap(0x7f244c800000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] close(4) = 0 [pid 5254] mkdir("./file2", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5254] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file2") = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [ 91.091450][ T5254] loop0: detected capacity change from 0 to 4096 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] <... futex resumed>) = 0 [pid 5254] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... openat resumed>) = 5 [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5254] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5253] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... mmap resumed>) = 0x20000000 [pid 5254] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0 [pid 5254] <... futex resumed>) = ? [pid 5253] <... exit_group resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached , child_tidptr=0x55557f632690) = 5255 [pid 5255] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5255] chdir("./81") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] write(1, "executing program\n", 18executing program ) = 18 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5255] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5255] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5256] <... rseq resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] set_robust_list(0x7f2454d0d9a0, 24 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5256] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5256] munmap(0x7f244c800000, 138412032) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] close(4) = 0 [pid 5256] mkdir("./file2", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file2") = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5255] <... futex resumed>) = 0 [ 91.530764][ T5256] loop0: detected capacity change from 0 to 4096 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... openat resumed>) = 4 [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5255] <... futex resumed>) = 0 [pid 5256] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] <... futex resumed>) = 0 [pid 5256] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... openat resumed>) = 5 [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 0 [pid 5256] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 0 [pid 5256] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5256] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] exit_group(0) = ? [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5257 attached , child_tidptr=0x55557f632690) = 5257 [pid 5257] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5257] chdir("./82") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5257] write(1, "executing program\n", 18) = 18 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5257] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5258 attached [pid 5258] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5257] <... clone3 resumed> => {parent_tid=[5258]}, 88) = 5258 [pid 5258] <... rseq resumed>) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] set_robust_list(0x7f2454d0d9a0, 24 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] <... set_robust_list resumed>) = 0 [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... futex resumed>) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5258] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5258] munmap(0x7f244c800000, 138412032) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] close(4) = 0 [pid 5258] mkdir("./file2", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5258] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file2") = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.001784][ T5258] loop0: detected capacity change from 0 to 4096 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5258] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5258] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... openat resumed>) = 5 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5258] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5257] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... mmap resumed>) = 0x20000000 [pid 5258] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] exit_group(0 [pid 5258] <... futex resumed>) = ? [pid 5257] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5259] chdir("./83") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5259 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5259] write(1, "executing program\n", 18) = 18 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5259] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5260 attached [pid 5260] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5259] <... clone3 resumed> => {parent_tid=[5260]}, 88) = 5260 [pid 5260] <... rseq resumed>) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] set_robust_list(0x7f2454d0d9a0, 24 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5260] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5260] munmap(0x7f244c800000, 138412032) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] close(4) = 0 [pid 5260] mkdir("./file2", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5260] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 92.434634][ T5260] loop0: detected capacity change from 0 to 4096 [pid 5260] chdir("./file2") = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5260] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... openat resumed>) = 4 [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5260] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5260] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... openat resumed>) = 5 [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... mmap resumed>) = 0x20000000 [pid 5260] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5259] exit_group(0 [pid 5260] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5259] <... exit_group resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x55557f632690) = 5261 [pid 5261] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5261] chdir("./84") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] write(1, "executing program\n", 18executing program ) = 18 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5261] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5262] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5262] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5262] munmap(0x7f244c800000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] close(4) = 0 [pid 5262] mkdir("./file2", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5262] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file2") = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5261] <... futex resumed>) = 0 [ 92.882419][ T5262] loop0: detected capacity change from 0 to 4096 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... openat resumed>) = 4 [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... openat resumed>) = 5 [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... write resumed>) = 1036288 [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5261] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... mmap resumed>) = 0x20000000 [pid 5262] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0 [pid 5262] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x55557f632690) = 5263 [pid 5263] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5263] chdir("./85") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5263] write(1, "executing program\n", 18) = 18 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5263] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5263] <... clone3 resumed> => {parent_tid=[5264]}, 88) = 5264 [pid 5264] <... rseq resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] set_robust_list(0x7f2454d0d9a0, 24 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] <... set_robust_list resumed>) = 0 [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5264] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5264] munmap(0x7f244c800000, 138412032) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] close(4) = 0 [pid 5264] mkdir("./file2", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5264] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file2") = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5263] <... futex resumed>) = 0 [ 93.322404][ T5264] loop0: detected capacity change from 0 to 4096 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... openat resumed>) = 4 [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5263] <... futex resumed>) = 0 [pid 5264] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... openat resumed>) = 5 [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... write resumed>) = 1036288 [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5264] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5263] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... mmap resumed>) = 0x20000000 [pid 5264] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0) = ? [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x55557f632690) = 5266 [pid 5266] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5266] chdir("./86") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] write(1, "executing program\n", 18executing program ) = 18 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5266] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5266] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5268] set_robust_list(0x7f2454d0d9a0, 24 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... set_robust_list resumed>) = 0 [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5268] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5268] munmap(0x7f244c800000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] close(4) = 0 [pid 5268] mkdir("./file2", 0777) = 0 [ 93.767046][ T5268] loop0: detected capacity change from 0 to 4096 [pid 5268] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5268] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./file2") = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 4 [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... futex resumed>) = 0 [pid 5268] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 5 [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... write resumed>) = 1036288 [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5266] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5268] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] exit_group(0 [pid 5268] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5270 attached , child_tidptr=0x55557f632690) = 5270 [pid 5270] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5270] chdir("./87") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] write(1, "executing program\n", 18executing program ) = 18 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5270] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5271 attached => {parent_tid=[5271]}, 88) = 5271 [pid 5271] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5271] <... rseq resumed>) = 0 [pid 5271] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5271] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5271] munmap(0x7f244c800000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] close(4) = 0 [pid 5271] mkdir("./file2", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5271] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 94.264696][ T5271] loop0: detected capacity change from 0 to 4096 [pid 5271] chdir("./file2") = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... openat resumed>) = 4 [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5271] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5270] <... futex resumed>) = 0 [pid 5271] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5271] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... openat resumed>) = 5 [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... write resumed>) = 1036288 [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5270] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... mmap resumed>) = 0x20000000 [pid 5271] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] exit_group(0) = ? [pid 5271] <... futex resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached , child_tidptr=0x55557f632690) = 5273 [pid 5273] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5273] chdir("./88") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5273] write(1, "executing program\n", 18) = 18 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5273] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5273] <... clone3 resumed> => {parent_tid=[5274]}, 88) = 5274 [pid 5274] set_robust_list(0x7f2454d0d9a0, 24 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] <... set_robust_list resumed>) = 0 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5274] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5274] munmap(0x7f244c800000, 138412032) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] close(4) = 0 [pid 5274] mkdir("./file2", 0777) = 0 [pid 5274] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5274] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file2") = 0 [ 94.734207][ T5274] loop0: detected capacity change from 0 to 4096 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... openat resumed>) = 4 [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = 1 [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5273] <... futex resumed>) = 0 [pid 5274] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... openat resumed>) = 5 [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... write resumed>) = 1036288 [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5273] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... mmap resumed>) = 0x20000000 [pid 5274] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] exit_group(0 [pid 5274] <... futex resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5273] <... exit_group resumed>) = ? [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x55557f632690) = 5275 [pid 5275] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5275] chdir("./89") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] write(1, "executing program\n", 18executing program ) = 18 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5275] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5276 attached [pid 5276] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5275] <... clone3 resumed> => {parent_tid=[5276]}, 88) = 5276 [pid 5276] <... rseq resumed>) = 0 [pid 5276] set_robust_list(0x7f2454d0d9a0, 24 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... set_robust_list resumed>) = 0 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] memfd_create("syzkaller", 0 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] <... memfd_create resumed>) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5276] munmap(0x7f244c800000, 138412032) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] close(4) = 0 [pid 5276] mkdir("./file2", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5276] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file2") = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5276] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 95.192011][ T5276] loop0: detected capacity change from 0 to 4096 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... openat resumed>) = 4 [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = 1 [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5275] <... futex resumed>) = 0 [pid 5276] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... openat resumed>) = 5 [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... write resumed>) = 1036288 [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5276] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5275] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... mmap resumed>) = 0x20000000 [pid 5276] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0 [pid 5276] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5277] chdir("./90") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5277 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5277] write(1, "executing program\n", 18) = 18 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5277] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] set_robust_list(0x7f2454d0d9a0, 24 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... set_robust_list resumed>) = 0 [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... futex resumed>) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5278] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5278] munmap(0x7f244c800000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] mkdir("./file2", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5278] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file2") = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 95.635970][ T5278] loop0: detected capacity change from 0 to 4096 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... openat resumed>) = 4 [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... openat resumed>) = 5 [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 1 [pid 5278] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5277] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... mmap resumed>) = 0x20000000 [pid 5278] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0 [pid 5278] <... futex resumed>) = ? [pid 5277] <... exit_group resumed>) = ? [pid 5278] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5279 attached , child_tidptr=0x55557f632690) = 5279 [pid 5279] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5279] chdir("./91") = 0 [pid 5279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5279] setpgid(0, 0) = 0 [pid 5279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5279] write(3, "1000", 4) = 4 [pid 5279] close(3) = 0 [pid 5279] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5279] write(1, "executing program\n", 18) = 18 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5279] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5280 attached [pid 5280] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5279] <... clone3 resumed> => {parent_tid=[5280]}, 88) = 5280 [pid 5280] set_robust_list(0x7f2454d0d9a0, 24 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] <... set_robust_list resumed>) = 0 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5280] memfd_create("syzkaller", 0) = 3 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5280] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5280] munmap(0x7f244c800000, 138412032) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5280] close(3) = 0 [pid 5280] close(4) = 0 [pid 5280] mkdir("./file2", 0777) = 0 [ 96.125658][ T5280] loop0: detected capacity change from 0 to 4096 [pid 5280] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5280] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5280] chdir("./file2") = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] <... openat resumed>) = 4 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5280] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... openat resumed>) = 5 [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5280] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... write resumed>) = 1036288 [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5280] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5279] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... mmap resumed>) = 0x20000000 [pid 5280] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5280] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] exit_group(0 [pid 5280] <... futex resumed>) = ? [pid 5279] <... exit_group resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5279, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached , child_tidptr=0x55557f632690) = 5282 [pid 5282] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5282] chdir("./92") = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5282] write(1, "executing program\n", 18executing program ) = 18 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5282] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5283 attached => {parent_tid=[5283]}, 88) = 5283 [pid 5283] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5283] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5283] memfd_create("syzkaller", 0 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5283] <... memfd_create resumed>) = 3 [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5283] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5283] munmap(0x7f244c800000, 138412032) = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5283] close(3) = 0 [pid 5283] close(4) = 0 [pid 5283] mkdir("./file2", 0777) = 0 [pid 5283] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5283] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 96.620786][ T5283] loop0: detected capacity change from 0 to 4096 [pid 5283] chdir("./file2") = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... openat resumed>) = 4 [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... openat resumed>) = 5 [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] <... futex resumed>) = 0 [pid 5283] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... write resumed>) = 1036288 [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5283] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] <... futex resumed>) = 0 [pid 5283] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5282] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... mmap resumed>) = 0x20000000 [pid 5283] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... futex resumed>) = 0 [pid 5282] exit_group(0) = ? [pid 5283] <... futex resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5285 attached , child_tidptr=0x55557f632690) = 5285 [pid 5285] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5285] chdir("./93") = 0 [pid 5285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5285] setpgid(0, 0) = 0 [pid 5285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5285] write(3, "1000", 4) = 4 [pid 5285] close(3) = 0 [pid 5285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5285] write(1, "executing program\n", 18executing program ) = 18 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5285] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5286 attached [pid 5286] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5285] <... clone3 resumed> => {parent_tid=[5286]}, 88) = 5286 [pid 5286] <... rseq resumed>) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] set_robust_list(0x7f2454d0d9a0, 24 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] <... set_robust_list resumed>) = 0 [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5286] memfd_create("syzkaller", 0) = 3 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5286] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5286] munmap(0x7f244c800000, 138412032) = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5286] close(3) = 0 [pid 5286] close(4) = 0 [pid 5286] mkdir("./file2", 0777) = 0 [pid 5286] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5286] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5286] chdir("./file2") = 0 [ 97.099672][ T5286] loop0: detected capacity change from 0 to 4096 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5286] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... openat resumed>) = 4 [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5285] <... futex resumed>) = 0 [pid 5286] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5286] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... write resumed>) = 1036288 [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = 0 [pid 5285] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5286] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5285] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... mmap resumed>) = 0x20000000 [pid 5286] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... futex resumed>) = 0 [pid 5285] exit_group(0 [pid 5286] <... futex resumed>) = ? [pid 5285] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5285, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x55557f632690) = 5287 [pid 5287] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5287] chdir("./94") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5287] write(1, "executing program\n", 18) = 18 [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5287] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5288 attached => {parent_tid=[5288]}, 88) = 5288 [pid 5288] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] <... rseq resumed>) = 0 [pid 5288] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5288] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5288] munmap(0x7f244c800000, 138412032) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] close(4) = 0 [pid 5288] mkdir("./file2", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5288] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file2") = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.569989][ T5288] loop0: detected capacity change from 0 to 4096 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] <... futex resumed>) = 0 [pid 5288] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... openat resumed>) = 5 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5287] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... mmap resumed>) = 0x20000000 [pid 5288] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5287] <... exit_group resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5289] chdir("./95" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5289 [pid 5289] <... chdir resumed>) = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5289] write(1, "executing program\n", 18) = 18 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5289] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5290 attached [pid 5290] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5289] <... clone3 resumed> => {parent_tid=[5290]}, 88) = 5290 [pid 5290] <... rseq resumed>) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] set_robust_list(0x7f2454d0d9a0, 24 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] <... set_robust_list resumed>) = 0 [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... futex resumed>) = 0 [pid 5290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5290] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5290] munmap(0x7f244c800000, 138412032) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] close(4) = 0 [pid 5290] mkdir("./file2", 0777) = 0 [ 97.985000][ T5290] loop0: detected capacity change from 0 to 4096 [pid 5290] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5290] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file2") = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... openat resumed>) = 4 [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5289] <... futex resumed>) = 0 [pid 5290] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5289] <... futex resumed>) = 1 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... openat resumed>) = 5 [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... write resumed>) = 1036288 [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5290] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5289] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... mmap resumed>) = 0x20000000 [pid 5290] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] exit_group(0) = ? [pid 5290] <... futex resumed>) = ? [pid 5290] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5291 ./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5291] chdir("./96") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5291] write(1, "executing program\n", 18) = 18 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5291] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5292 attached [pid 5292] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5292] set_robust_list(0x7f2454d0d9a0, 24 [pid 5291] <... clone3 resumed> => {parent_tid=[5292]}, 88) = 5292 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] memfd_create("syzkaller", 0 [pid 5291] <... futex resumed>) = 0 [pid 5292] <... memfd_create resumed>) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5292] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5292] munmap(0x7f244c800000, 138412032) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5292] close(3) = 0 [pid 5292] close(4) = 0 [pid 5292] mkdir("./file2", 0777) = 0 [pid 5292] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5292] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file2") = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [ 98.449086][ T5292] loop0: detected capacity change from 0 to 4096 [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... openat resumed>) = 4 [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5291] <... futex resumed>) = 0 [pid 5292] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 0 [pid 5291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] <... futex resumed>) = 0 [pid 5292] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... openat resumed>) = 5 [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5291] <... futex resumed>) = 1 [pid 5292] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... write resumed>) = 1036288 [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5291] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... mmap resumed>) = 0x20000000 [pid 5292] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] exit_group(0) = ? [pid 5292] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5293 [pid 5293] chdir("./97") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] write(1, "executing program\n", 18executing program ) = 18 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5293] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5293] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5294] <... rseq resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f2454d0d9a0, 24 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... futex resumed>) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5294] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5294] munmap(0x7f244c800000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] close(4) = 0 [pid 5294] mkdir("./file2", 0777) = 0 [pid 5294] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file2") = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5293] <... futex resumed>) = 0 [ 98.883960][ T5294] loop0: detected capacity change from 0 to 4096 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 4 [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5294] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 5 [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5294] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... write resumed>) = 1036288 [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5294] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5293] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... mmap resumed>) = 0x20000000 [pid 5294] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] exit_group(0 [pid 5294] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5295 [pid 5295] <... set_robust_list resumed>) = 0 [pid 5295] chdir("./98") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 executing program [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] write(1, "executing program\n", 18) = 18 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5295] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0} => {parent_tid=[5296]}, 88) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... rseq resumed>) = 0 [pid 5295] <... futex resumed>) = 0 [pid 5296] set_robust_list(0x7f2454d0d9a0, 24 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5296] <... set_robust_list resumed>) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5296] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5296] munmap(0x7f244c800000, 138412032) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] close(4) = 0 [pid 5296] mkdir("./file2", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5296] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file2") = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [ 99.312850][ T5296] loop0: detected capacity change from 0 to 4096 [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... openat resumed>) = 4 [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 0 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... write resumed>) = 1036288 [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5296] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0 [pid 5296] <... futex resumed>) = ? [pid 5295] <... exit_group resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x55557f632690) = 5297 [pid 5297] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5297] chdir("./99") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] write(1, "executing program\n", 18executing program ) = 18 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5297] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5298 attached [pid 5298] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5297] <... clone3 resumed> => {parent_tid=[5298]}, 88) = 5298 [pid 5298] <... rseq resumed>) = 0 [pid 5298] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5298] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5298] munmap(0x7f244c800000, 138412032) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] close(4) = 0 [pid 5298] mkdir("./file2", 0777) = 0 [pid 5298] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 99.798017][ T5298] loop0: detected capacity change from 0 to 4096 [pid 5298] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file2") = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... openat resumed>) = 4 [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5297] <... futex resumed>) = 0 [pid 5298] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... openat resumed>) = 5 [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... write resumed>) = 1036288 [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5297] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... mmap resumed>) = 0x20000000 [pid 5298] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] exit_group(0 [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5299 attached , child_tidptr=0x55557f632690) = 5299 [pid 5299] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5299] chdir("./100") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] write(1, "executing program\n", 18executing program ) = 18 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5299] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5299] <... clone3 resumed> => {parent_tid=[5300]}, 88) = 5300 [pid 5300] <... rseq resumed>) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] set_robust_list(0x7f2454d0d9a0, 24 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... futex resumed>) = 0 [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5300] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5300] munmap(0x7f244c800000, 138412032) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] close(4) = 0 [pid 5300] mkdir("./file2", 0777) = 0 [pid 5300] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5300] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file2") = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 100.280930][ T5300] loop0: detected capacity change from 0 to 4096 [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] <... futex resumed>) = 0 [pid 5300] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... openat resumed>) = 4 [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5299] <... futex resumed>) = 0 [pid 5300] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] <... openat resumed>) = 5 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] <... futex resumed>) = 0 [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... write resumed>) = 1036288 [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5300] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5299] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... mmap resumed>) = 0x20000000 [pid 5300] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] exit_group(0 [pid 5300] <... futex resumed>) = ? [pid 5299] <... exit_group resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x55557f632690) = 5301 [pid 5301] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5301] chdir("./101") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] write(1, "executing program\n", 18executing program ) = 18 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5301] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5301] <... clone3 resumed> => {parent_tid=[5302]}, 88) = 5302 [pid 5302] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5302] memfd_create("syzkaller", 0) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5302] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5302] munmap(0x7f244c800000, 138412032) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] close(4) = 0 [pid 5302] mkdir("./file2", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5302] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file2") = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 100.752815][ T5302] loop0: detected capacity change from 0 to 4096 [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... openat resumed>) = 4 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5301] <... futex resumed>) = 0 [pid 5302] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5302] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... openat resumed>) = 5 [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... write resumed>) = 1036288 [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5301] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5302] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5301] <... exit_group resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x55557f632690) = 5303 [pid 5303] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5303] chdir("./102") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5303] write(1, "executing program\n", 18) = 18 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5303] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5304 attached [pid 5304] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5303] <... clone3 resumed> => {parent_tid=[5304]}, 88) = 5304 [pid 5304] set_robust_list(0x7f2454d0d9a0, 24 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... set_robust_list resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5304] memfd_create("syzkaller", 0) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5304] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5304] munmap(0x7f244c800000, 138412032) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] close(4) = 0 [pid 5304] mkdir("./file2", 0777) = 0 [pid 5304] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file2") = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... openat resumed>) = 4 [ 101.239429][ T5304] loop0: detected capacity change from 0 to 4096 [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... openat resumed>) = 5 [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... write resumed>) = 1036288 [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5304] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] exit_group(0 [pid 5304] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5305] chdir("./103") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5305 [pid 5305] <... prctl resumed>) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] write(1, "executing program\n", 18executing program ) = 18 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5305] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5306 attached [pid 5306] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5305] <... clone3 resumed> => {parent_tid=[5306]}, 88) = 5306 [pid 5306] <... rseq resumed>) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] set_robust_list(0x7f2454d0d9a0, 24 [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] <... futex resumed>) = 0 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5306] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5306] munmap(0x7f244c800000, 138412032) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] close(4) = 0 [pid 5306] mkdir("./file2", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5306] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file2") = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 101.722471][ T5306] loop0: detected capacity change from 0 to 4096 [pid 5306] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 0 [pid 5306] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... openat resumed>) = 5 [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5306] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... write resumed>) = 1036288 [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5305] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... mmap resumed>) = 0x20000000 [pid 5306] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] exit_group(0 [pid 5306] <... futex resumed>) = ? [pid 5305] <... exit_group resumed>) = ? [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5307 attached , child_tidptr=0x55557f632690) = 5307 [pid 5307] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5307] chdir("./104") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5307] write(1, "executing program\n", 18) = 18 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5307] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5308 attached => {parent_tid=[5308]}, 88) = 5308 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5308] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] memfd_create("syzkaller", 0) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5308] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5308] munmap(0x7f244c800000, 138412032) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] close(4) = 0 [pid 5308] mkdir("./file2", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5308] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file2") = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 102.197097][ T5308] loop0: detected capacity change from 0 to 4096 [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... openat resumed>) = 4 [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 1 [pid 5308] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... openat resumed>) = 5 [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... write resumed>) = 1036288 [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5307] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... mmap resumed>) = 0x20000000 [pid 5308] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5307] <... exit_group resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached , child_tidptr=0x55557f632690) = 5309 [pid 5309] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5309] chdir("./105") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5309] write(1, "executing program\n", 18) = 18 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5309] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5310 attached [pid 5310] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5309] <... clone3 resumed> => {parent_tid=[5310]}, 88) = 5310 [pid 5310] <... rseq resumed>) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], [pid 5310] set_robust_list(0x7f2454d0d9a0, 24 [pid 5309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5310] <... set_robust_list resumed>) = 0 [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5310] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5310] munmap(0x7f244c800000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] close(4) = 0 [pid 5310] mkdir("./file2", 0777) = 0 [pid 5310] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5310] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file2") = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.656897][ T5310] loop0: detected capacity change from 0 to 4096 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5309] <... futex resumed>) = 0 [pid 5310] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... openat resumed>) = 5 [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... write resumed>) = 1036288 [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5309] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... mmap resumed>) = 0x20000000 [pid 5310] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] exit_group(0 [pid 5310] <... futex resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5309] <... exit_group resumed>) = ? [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5311] chdir("./106") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5311] write(1, "executing program\n", 18) = 18 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5311] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5311] <... clone3 resumed> => {parent_tid=[5312]}, 88) = 5312 [pid 5312] set_robust_list(0x7f2454d0d9a0, 24 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] <... set_robust_list resumed>) = 0 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5312] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5312] munmap(0x7f244c800000, 138412032) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] close(4) = 0 [pid 5312] mkdir("./file2", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5312] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file2") = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 103.099024][ T5312] loop0: detected capacity change from 0 to 4096 [pid 5312] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... openat resumed>) = 4 [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... openat resumed>) = 5 [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... write resumed>) = 1036288 [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5311] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... mmap resumed>) = 0x20000000 [pid 5312] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5311] exit_group(0) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached , child_tidptr=0x55557f632690) = 5313 [pid 5313] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5313] chdir("./107") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] write(1, "executing program\n", 18executing program ) = 18 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5313] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5313] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] <... rseq resumed>) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] set_robust_list(0x7f2454d0d9a0, 24 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] <... futex resumed>) = 0 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5314] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5314] munmap(0x7f244c800000, 138412032) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] close(4) = 0 [pid 5314] mkdir("./file2", 0777) = 0 [pid 5314] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5314] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file2") = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [ 103.528319][ T5314] loop0: detected capacity change from 0 to 4096 [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 4 [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5314] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 5 [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... write resumed>) = 1036288 [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5313] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... mmap resumed>) = 0x20000000 [pid 5314] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] exit_group(0 [pid 5314] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5313] <... exit_group resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5315 attached , child_tidptr=0x55557f632690) = 5315 [pid 5315] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5315] chdir("./108") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] write(1, "executing program\n", 18executing program ) = 18 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5315] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5316 attached [pid 5316] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5315] <... clone3 resumed> => {parent_tid=[5316]}, 88) = 5316 [pid 5316] <... rseq resumed>) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] set_robust_list(0x7f2454d0d9a0, 24 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] <... set_robust_list resumed>) = 0 [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] <... futex resumed>) = 0 [pid 5316] memfd_create("syzkaller", 0 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] <... memfd_create resumed>) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5316] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5316] munmap(0x7f244c800000, 138412032) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] close(4) = 0 [pid 5316] mkdir("./file2", 0777) = 0 [pid 5316] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5316] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./file2") = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [ 104.017303][ T5316] loop0: detected capacity change from 0 to 4096 [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... openat resumed>) = 4 [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... openat resumed>) = 5 [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] <... futex resumed>) = 0 [pid 5316] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... write resumed>) = 1036288 [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... mmap resumed>) = 0x20000000 [pid 5316] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] exit_group(0 [pid 5316] <... futex resumed>) = ? [pid 5315] <... exit_group resumed>) = ? [pid 5316] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached , child_tidptr=0x55557f632690) = 5317 [pid 5317] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5317] chdir("./109") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5317] write(1, "executing program\n", 18) = 18 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5317] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5318 attached [pid 5318] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5317] <... clone3 resumed> => {parent_tid=[5318]}, 88) = 5318 [pid 5318] <... rseq resumed>) = 0 [pid 5318] set_robust_list(0x7f2454d0d9a0, 24 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... set_robust_list resumed>) = 0 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5318] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5318] munmap(0x7f244c800000, 138412032) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] close(4) = 0 [pid 5318] mkdir("./file2", 0777) = 0 [ 104.481651][ T5318] loop0: detected capacity change from 0 to 4096 [pid 5318] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5318] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file2") = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... openat resumed>) = 4 [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... openat resumed>) = 5 [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... write resumed>) = 1036288 [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5317] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mmap resumed>) = 0x20000000 [pid 5318] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0 [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] <... exit_group resumed>) = ? [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5319 [pid 5319] <... set_robust_list resumed>) = 0 [pid 5319] chdir("./110") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] write(1, "executing program\n", 18executing program ) = 18 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5319] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5320] set_robust_list(0x7f2454d0d9a0, 24 [pid 5319] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] <... set_robust_list resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] memfd_create("syzkaller", 0 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] <... memfd_create resumed>) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5320] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5320] munmap(0x7f244c800000, 138412032) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] close(4) = 0 [pid 5320] mkdir("./file2", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5320] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file2") = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5319] <... futex resumed>) = 0 [ 105.006133][ T5320] loop0: detected capacity change from 0 to 4096 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... write resumed>) = 1036288 [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5320] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5319] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... mmap resumed>) = 0x20000000 [pid 5320] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5319] exit_group(0 [pid 5320] <... futex resumed>) = ? [pid 5319] <... exit_group resumed>) = ? [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x55557f632690) = 5321 [pid 5321] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5321] chdir("./111") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5321] write(1, "executing program\n", 18) = 18 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5321] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5322 attached => {parent_tid=[5322]}, 88) = 5322 [pid 5322] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] <... rseq resumed>) = 0 [pid 5321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5322] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] memfd_create("syzkaller", 0) = 3 [pid 5322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5322] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5322] munmap(0x7f244c800000, 138412032) = 0 [pid 5322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5322] close(3) = 0 [pid 5322] close(4) = 0 [pid 5322] mkdir("./file2", 0777) = 0 [pid 5322] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5322] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5322] chdir("./file2") = 0 [pid 5322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 105.422187][ T5322] loop0: detected capacity change from 0 to 4096 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5322] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... openat resumed>) = 4 [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5322] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5322] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... openat resumed>) = 5 [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... write resumed>) = 1036288 [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5322] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5321] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... mmap resumed>) = 0x20000000 [pid 5322] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... futex resumed>) = 0 [pid 5321] exit_group(0 [pid 5322] <... futex resumed>) = ? [pid 5321] <... exit_group resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x55557f632690) = 5323 [pid 5323] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5323] chdir("./112") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5323] write(1, "executing program\n", 18) = 18 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5323] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5324 attached => {parent_tid=[5324]}, 88) = 5324 [pid 5324] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] <... rseq resumed>) = 0 [pid 5324] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5324] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5324] munmap(0x7f244c800000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] close(4) = 0 [pid 5324] mkdir("./file2", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5324] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file2") = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [ 105.881957][ T5324] loop0: detected capacity change from 0 to 4096 [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 4 [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5324] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 5 [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... write resumed>) = 1036288 [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5323] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... mmap resumed>) = 0x20000000 [pid 5324] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5323] <... exit_group resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5325 ./strace-static-x86_64: Process 5325 attached [pid 5325] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5325] chdir("./113") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] write(1, "executing program\n", 18executing program ) = 18 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5325] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5326 attached [pid 5326] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5325] <... clone3 resumed> => {parent_tid=[5326]}, 88) = 5326 [pid 5326] set_robust_list(0x7f2454d0d9a0, 24 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] <... set_robust_list resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5326] memfd_create("syzkaller", 0) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5326] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5326] munmap(0x7f244c800000, 138412032) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5326] close(3) = 0 [pid 5326] close(4) = 0 [pid 5326] mkdir("./file2", 0777) = 0 [pid 5326] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 106.340966][ T5326] loop0: detected capacity change from 0 to 4096 [pid 5326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] chdir("./file2") = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... openat resumed>) = 4 [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5326] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5326] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... write resumed>) = 1036288 [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5325] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... mmap resumed>) = 0x20000000 [pid 5326] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5325] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5327 attached , child_tidptr=0x55557f632690) = 5327 [pid 5327] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5327] chdir("./114") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] write(1, "executing program\n", 18executing program ) = 18 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5327] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5327] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5328] set_robust_list(0x7f2454d0d9a0, 24 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] <... set_robust_list resumed>) = 0 [pid 5327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5328] memfd_create("syzkaller", 0) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5328] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5328] munmap(0x7f244c800000, 138412032) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5328] close(3) = 0 [pid 5328] close(4) = 0 [pid 5328] mkdir("./file2", 0777) = 0 [pid 5328] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5328] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 106.816366][ T5328] loop0: detected capacity change from 0 to 4096 [pid 5328] chdir("./file2") = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... openat resumed>) = 4 [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5328] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5327] <... futex resumed>) = 0 [pid 5328] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] <... futex resumed>) = 0 [pid 5328] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... openat resumed>) = 5 [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] <... futex resumed>) = 0 [pid 5328] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... write resumed>) = 1036288 [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] <... futex resumed>) = 0 [pid 5328] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5327] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... mmap resumed>) = 0x20000000 [pid 5328] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] exit_group(0 [pid 5328] <... futex resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5327] <... exit_group resumed>) = ? [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached , child_tidptr=0x55557f632690) = 5329 [pid 5329] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5329] chdir("./115") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5329] write(1, "executing program\n", 18) = 18 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5329] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5330] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5330] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5330] munmap(0x7f244c800000, 138412032) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] close(4) = 0 [pid 5330] mkdir("./file2", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5330] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 107.279627][ T5330] loop0: detected capacity change from 0 to 4096 [pid 5330] chdir("./file2") = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5329] <... futex resumed>) = 0 [pid 5330] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5330] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... openat resumed>) = 5 [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... write resumed>) = 1036288 [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5330] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] exit_group(0 [pid 5330] <... futex resumed>) = ? [pid 5329] <... exit_group resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5331 attached , child_tidptr=0x55557f632690) = 5331 [pid 5331] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5331] chdir("./116") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] write(1, "executing program\n", 18executing program ) = 18 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5331] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5332 attached [pid 5332] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5331] <... clone3 resumed> => {parent_tid=[5332]}, 88) = 5332 [pid 5332] <... rseq resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] set_robust_list(0x7f2454d0d9a0, 24 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] <... set_robust_list resumed>) = 0 [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] <... futex resumed>) = 0 [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5332] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5332] munmap(0x7f244c800000, 138412032) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] close(4) = 0 [pid 5332] mkdir("./file2", 0777) = 0 [pid 5332] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5332] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./file2") = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... openat resumed>) = 4 [ 107.806610][ T5332] loop0: detected capacity change from 0 to 4096 [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... openat resumed>) = 5 [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... write resumed>) = 1036288 [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... mmap resumed>) = 0x20000000 [pid 5332] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5331] exit_group(0 [pid 5332] <... futex resumed>) = ? [pid 5331] <... exit_group resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5333 attached , child_tidptr=0x55557f632690) = 5333 [pid 5333] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5333] chdir("./117") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5333] write(1, "executing program\n", 18) = 18 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5333] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5334 attached [pid 5334] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5333] <... clone3 resumed> => {parent_tid=[5334]}, 88) = 5334 [pid 5334] <... rseq resumed>) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] set_robust_list(0x7f2454d0d9a0, 24 [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] <... set_robust_list resumed>) = 0 [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5334] memfd_create("syzkaller", 0) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5334] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5334] munmap(0x7f244c800000, 138412032) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] close(4) = 0 [pid 5334] mkdir("./file2", 0777) = 0 [ 108.247041][ T5334] loop0: detected capacity change from 0 to 4096 [pid 5334] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5334] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file2") = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... openat resumed>) = 4 [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5333] <... futex resumed>) = 0 [pid 5334] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... openat resumed>) = 5 [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] <... futex resumed>) = 0 [pid 5334] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... write resumed>) = 1036288 [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] <... futex resumed>) = 0 [pid 5334] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5333] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... mmap resumed>) = 0x20000000 [pid 5334] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] exit_group(0 [pid 5334] <... futex resumed>) = ? [pid 5333] <... exit_group resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5335] chdir("./118") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5335] write(1, "executing program\n", 18) = 18 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5335] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5336 attached => {parent_tid=[5336]}, 88) = 5336 [pid 5336] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] <... rseq resumed>) = 0 [pid 5336] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5336] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5336] munmap(0x7f244c800000, 138412032) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] close(4) = 0 [pid 5336] mkdir("./file2", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5336] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file2") = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 1 [ 108.684592][ T5336] loop0: detected capacity change from 0 to 4096 [pid 5336] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5336] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] <... futex resumed>) = 0 [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... openat resumed>) = 5 [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... write resumed>) = 1036288 [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5335] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... mmap resumed>) = 0x20000000 [pid 5336] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] exit_group(0) = ? [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5337 attached , child_tidptr=0x55557f632690) = 5337 [pid 5337] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5337] chdir("./119") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] write(1, "executing program\n", 18executing program ) = 18 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5337] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5338 attached [pid 5338] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5337] <... clone3 resumed> => {parent_tid=[5338]}, 88) = 5338 [pid 5338] <... rseq resumed>) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5338] set_robust_list(0x7f2454d0d9a0, 24 [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5338] <... set_robust_list resumed>) = 0 [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] <... futex resumed>) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5338] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5338] munmap(0x7f244c800000, 138412032) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] close(4) = 0 [pid 5338] mkdir("./file2", 0777) = 0 [pid 5338] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5338] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file2") = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.125725][ T5338] loop0: detected capacity change from 0 to 4096 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5338] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5338] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... openat resumed>) = 5 [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... write resumed>) = 1036288 [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 0 [pid 5338] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5338] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] exit_group(0 [pid 5338] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5337] <... exit_group resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5339 attached , child_tidptr=0x55557f632690) = 5339 [pid 5339] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5339] chdir("./120") = 0 [pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] setpgid(0, 0) = 0 [pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] write(3, "1000", 4) = 4 [pid 5339] close(3) = 0 [pid 5339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5339] write(1, "executing program\n", 18executing program ) = 18 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5339] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5340 attached [pid 5340] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5339] <... clone3 resumed> => {parent_tid=[5340]}, 88) = 5340 [pid 5340] <... rseq resumed>) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5340] set_robust_list(0x7f2454d0d9a0, 24 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] <... set_robust_list resumed>) = 0 [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] memfd_create("syzkaller", 0) = 3 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5340] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5340] munmap(0x7f244c800000, 138412032) = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] close(3) = 0 [pid 5340] close(4) = 0 [pid 5340] mkdir("./file2", 0777) = 0 [pid 5340] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5340] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5340] chdir("./file2") = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 109.571194][ T5340] loop0: detected capacity change from 0 to 4096 [pid 5340] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5340] <... futex resumed>) = 1 [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... write resumed>) = 1036288 [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5340] <... futex resumed>) = 1 [pid 5339] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... mmap resumed>) = 0x20000000 [pid 5340] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] exit_group(0 [pid 5340] <... futex resumed>) = ? [pid 5339] <... exit_group resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5339, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x55557f632690) = 5341 [pid 5341] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5341] chdir("./121") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] write(1, "executing program\n", 18executing program ) = 18 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5341] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5341] <... clone3 resumed> => {parent_tid=[5342]}, 88) = 5342 [pid 5342] <... rseq resumed>) = 0 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] set_robust_list(0x7f2454d0d9a0, 24 [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] <... set_robust_list resumed>) = 0 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] <... futex resumed>) = 0 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] memfd_create("syzkaller", 0) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5342] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5342] munmap(0x7f244c800000, 138412032) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] close(4) = 0 [pid 5342] mkdir("./file2", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 110.011870][ T5342] loop0: detected capacity change from 0 to 4096 [pid 5342] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file2") = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... openat resumed>) = 5 [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... write resumed>) = 1036288 [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5342] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] exit_group(0 [pid 5342] <... futex resumed>) = ? [pid 5341] <... exit_group resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached , child_tidptr=0x55557f632690) = 5343 [pid 5343] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5343] chdir("./122") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] write(1, "executing program\n", 18executing program ) = 18 [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5343] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5344 attached => {parent_tid=[5344]}, 88) = 5344 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5344] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5344] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] memfd_create("syzkaller", 0) = 3 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5344] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5344] munmap(0x7f244c800000, 138412032) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] close(4) = 0 [pid 5344] mkdir("./file2", 0777) = 0 [pid 5344] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5344] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 110.544004][ T5344] loop0: detected capacity change from 0 to 4096 [pid 5344] chdir("./file2") = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] <... openat resumed>) = 4 [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5344] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... openat resumed>) = 5 [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... write resumed>) = 1036288 [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5344] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5343] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... mmap resumed>) = 0x20000000 [pid 5344] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] exit_group(0 [pid 5344] <... futex resumed>) = ? [pid 5344] +++ exited with 0 +++ [pid 5343] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5345 attached , child_tidptr=0x55557f632690) = 5345 [pid 5345] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5345] chdir("./123") = 0 [pid 5345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5345] setpgid(0, 0) = 0 [pid 5345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5345] write(3, "1000", 4) = 4 [pid 5345] close(3) = 0 [pid 5345] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5345] write(1, "executing program\n", 18) = 18 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5345] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5346 attached [pid 5346] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5345] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] set_robust_list(0x7f2454d0d9a0, 24 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] <... set_robust_list resumed>) = 0 [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5346] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5346] munmap(0x7f244c800000, 138412032) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] close(4) = 0 [pid 5346] mkdir("./file2", 0777) = 0 [pid 5346] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5346] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./file2") = 0 [ 111.026769][ T5346] loop0: detected capacity change from 0 to 4096 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... openat resumed>) = 4 [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5346] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5346] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... openat resumed>) = 5 [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5346] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... write resumed>) = 1036288 [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5346] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5345] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... mmap resumed>) = 0x20000000 [pid 5346] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] exit_group(0 [pid 5346] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5345] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5345, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached , child_tidptr=0x55557f632690) = 5347 [pid 5347] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5347] chdir("./124") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] write(1, "executing program\n", 18executing program ) = 18 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5347] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5348 attached [pid 5348] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5347] <... clone3 resumed> => {parent_tid=[5348]}, 88) = 5348 [pid 5348] <... rseq resumed>) = 0 [pid 5348] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5348] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5348] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5348] munmap(0x7f244c800000, 138412032) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] close(4) = 0 [pid 5348] mkdir("./file2", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 111.543506][ T5348] loop0: detected capacity change from 0 to 4096 [pid 5348] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file2") = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... openat resumed>) = 4 [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5347] <... futex resumed>) = 0 [pid 5348] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5348] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... openat resumed>) = 5 [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... write resumed>) = 1036288 [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5348] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... mmap resumed>) = 0x20000000 [pid 5348] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] exit_group(0) = ? [pid 5348] <... futex resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5349 attached , child_tidptr=0x55557f632690) = 5349 [pid 5349] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5349] chdir("./125") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5349] write(1, "executing program\n", 18) = 18 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5349] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5350 attached [pid 5350] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5349] <... clone3 resumed> => {parent_tid=[5350]}, 88) = 5350 [pid 5350] <... rseq resumed>) = 0 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] set_robust_list(0x7f2454d0d9a0, 24 [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] <... set_robust_list resumed>) = 0 [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] <... futex resumed>) = 0 [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5350] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5350] munmap(0x7f244c800000, 138412032) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] close(4) = 0 [pid 5350] mkdir("./file2", 0777) = 0 [pid 5350] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5350] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./file2") = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5350] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 4 [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5349] <... futex resumed>) = 0 [ 112.000239][ T5350] loop0: detected capacity change from 0 to 4096 [pid 5350] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 5 [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... write resumed>) = 1036288 [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5349] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... mmap resumed>) = 0x20000000 [pid 5350] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] exit_group(0) = ? [pid 5350] <... futex resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5351 attached , child_tidptr=0x55557f632690) = 5351 [pid 5351] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5351] chdir("./126") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] write(1, "executing program\n", 18executing program ) = 18 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5351] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5351] <... clone3 resumed> => {parent_tid=[5352]}, 88) = 5352 [pid 5352] <... rseq resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] set_robust_list(0x7f2454d0d9a0, 24 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... futex resumed>) = 0 [pid 5352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5352] memfd_create("syzkaller", 0) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5352] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5352] munmap(0x7f244c800000, 138412032) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] close(4) = 0 [pid 5352] mkdir("./file2", 0777) = 0 [pid 5352] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5352] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] chdir("./file2") = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] <... futex resumed>) = 0 [pid 5352] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 112.486528][ T5352] loop0: detected capacity change from 0 to 4096 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... openat resumed>) = 4 [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] <... futex resumed>) = 0 [pid 5352] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... openat resumed>) = 5 [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... write resumed>) = 1036288 [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5351] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... mmap resumed>) = 0x20000000 [pid 5352] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] exit_group(0 [pid 5352] <... futex resumed>) = ? [pid 5351] <... exit_group resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5353] chdir("./127") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] write(1, "executing program\n", 18executing program ) = 18 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5353] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5354 attached [pid 5354] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5353] <... clone3 resumed> => {parent_tid=[5354]}, 88) = 5354 [pid 5354] <... rseq resumed>) = 0 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] set_robust_list(0x7f2454d0d9a0, 24 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5354] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] <... futex resumed>) = 0 [pid 5354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5354] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5354] munmap(0x7f244c800000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] close(4) = 0 [pid 5354] mkdir("./file2", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5354] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 112.911368][ T5354] loop0: detected capacity change from 0 to 4096 [pid 5354] chdir("./file2") = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... openat resumed>) = 4 [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5354] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5354] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... openat resumed>) = 5 [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... write resumed>) = 1036288 [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5353] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5354] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0 [pid 5354] <... futex resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] <... exit_group resumed>) = ? [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5355] chdir("./128") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5355 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5355] setpgid(0, 0) = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5355] write(3, "1000", 4) = 4 [pid 5355] close(3) = 0 [pid 5355] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5355] write(1, "executing program\n", 18) = 18 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5355] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5356 attached [pid 5356] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5355] <... clone3 resumed> => {parent_tid=[5356]}, 88) = 5356 [pid 5356] <... rseq resumed>) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] set_robust_list(0x7f2454d0d9a0, 24 [pid 5355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5356] <... set_robust_list resumed>) = 0 [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... futex resumed>) = 0 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5356] memfd_create("syzkaller", 0) = 3 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5356] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5356] munmap(0x7f244c800000, 138412032) = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5356] close(3) = 0 [pid 5356] close(4) = 0 [pid 5356] mkdir("./file2", 0777) = 0 [pid 5356] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5356] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5356] chdir("./file2") = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.401605][ T5356] loop0: detected capacity change from 0 to 4096 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 4 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] <... futex resumed>) = 0 [pid 5356] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 5 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... write resumed>) = 1036288 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5355] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... mmap resumed>) = 0x20000000 [pid 5356] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5355] exit_group(0) = ? [pid 5356] <... futex resumed>) = ? [pid 5356] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5357 attached , child_tidptr=0x55557f632690) = 5357 [pid 5357] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5357] chdir("./129") = 0 [pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5357] setpgid(0, 0) = 0 [pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5357] write(3, "1000", 4) = 4 [pid 5357] close(3) = 0 [pid 5357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5357] write(1, "executing program\n", 18executing program ) = 18 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5357] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5357] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] set_robust_list(0x7f2454d0d9a0, 24 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] <... set_robust_list resumed>) = 0 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5358] memfd_create("syzkaller", 0) = 3 [pid 5358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5358] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5358] munmap(0x7f244c800000, 138412032) = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5358] close(3) = 0 [pid 5358] close(4) = 0 [pid 5358] mkdir("./file2", 0777) = 0 [pid 5358] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5358] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5358] chdir("./file2") = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5357] <... futex resumed>) = 0 [ 113.790292][ T5358] loop0: detected capacity change from 0 to 4096 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... openat resumed>) = 4 [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5358] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5357] <... futex resumed>) = 0 [pid 5358] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... openat resumed>) = 5 [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... futex resumed>) = 0 [pid 5358] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... futex resumed>) = 0 [pid 5358] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5358] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] exit_group(0) = ? [pid 5358] <... futex resumed>) = ? [pid 5358] +++ exited with 0 +++ [pid 5357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5359] chdir("./130") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5359 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5359] write(1, "executing program\n", 18) = 18 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5359] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5360 attached [pid 5360] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5359] <... clone3 resumed> => {parent_tid=[5360]}, 88) = 5360 [pid 5360] set_robust_list(0x7f2454d0d9a0, 24 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... set_robust_list resumed>) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5360] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5360] munmap(0x7f244c800000, 138412032) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] close(4) = 0 [pid 5360] mkdir("./file2", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5360] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file2") = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [ 114.213711][ T5360] loop0: detected capacity change from 0 to 4096 [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... openat resumed>) = 4 [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] <... futex resumed>) = 0 [pid 5360] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... openat resumed>) = 5 [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... write resumed>) = 1036288 [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5360] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5359] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... mmap resumed>) = 0x20000000 [pid 5360] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0 [pid 5360] <... futex resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] <... exit_group resumed>) = ? [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5361 attached , child_tidptr=0x55557f632690) = 5361 [pid 5361] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5361] chdir("./131") = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5361] setpgid(0, 0) = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] write(1, "executing program\n", 18executing program ) = 18 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5361] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5362 attached [pid 5362] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5361] <... clone3 resumed> => {parent_tid=[5362]}, 88) = 5362 [pid 5362] <... rseq resumed>) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] set_robust_list(0x7f2454d0d9a0, 24 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] <... set_robust_list resumed>) = 0 [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... futex resumed>) = 0 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5362] memfd_create("syzkaller", 0) = 3 [pid 5362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5362] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5362] munmap(0x7f244c800000, 138412032) = 0 [pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5362] close(3) = 0 [pid 5362] close(4) = 0 [pid 5362] mkdir("./file2", 0777) = 0 [pid 5362] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5362] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 114.653365][ T5362] loop0: detected capacity change from 0 to 4096 [pid 5362] chdir("./file2") = 0 [pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... openat resumed>) = 4 [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5361] <... futex resumed>) = 0 [pid 5362] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... openat resumed>) = 5 [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5361] <... futex resumed>) = 0 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... write resumed>) = 1036288 [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5361] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... mmap resumed>) = 0x20000000 [pid 5362] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5361] exit_group(0 [pid 5362] <... futex resumed>) = ? [pid 5361] <... exit_group resumed>) = ? [pid 5362] +++ exited with 0 +++ [pid 5361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5361, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5363 attached , child_tidptr=0x55557f632690) = 5363 [pid 5363] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5363] chdir("./132") = 0 [pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5363] setpgid(0, 0) = 0 [pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5363] write(3, "1000", 4) = 4 [pid 5363] close(3) = 0 [pid 5363] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5363] write(1, "executing program\n", 18) = 18 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5363] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5364 attached [pid 5364] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5363] <... clone3 resumed> => {parent_tid=[5364]}, 88) = 5364 [pid 5364] set_robust_list(0x7f2454d0d9a0, 24 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] <... set_robust_list resumed>) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5364] memfd_create("syzkaller", 0) = 3 [pid 5364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5364] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5364] munmap(0x7f244c800000, 138412032) = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5364] close(3) = 0 [pid 5364] close(4) = 0 [pid 5364] mkdir("./file2", 0777) = 0 [pid 5364] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5364] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5364] chdir("./file2") = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... openat resumed>) = 4 [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [ 115.079481][ T5364] loop0: detected capacity change from 0 to 4096 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... openat resumed>) = 5 [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... futex resumed>) = 1 [pid 5364] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5363] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... mmap resumed>) = 0x20000000 [pid 5364] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] exit_group(0 [pid 5364] <... futex resumed>) = ? [pid 5363] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5365] chdir("./133" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5365 [pid 5365] <... chdir resumed>) = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5365] write(1, "executing program\n", 18) = 18 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5365] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5366 attached [pid 5366] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5365] <... clone3 resumed> => {parent_tid=[5366]}, 88) = 5366 [pid 5366] <... rseq resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] set_robust_list(0x7f2454d0d9a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... futex resumed>) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5366] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5366] munmap(0x7f244c800000, 138412032) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] close(4) = 0 [pid 5366] mkdir("./file2", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5366] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 115.472224][ T5366] loop0: detected capacity change from 0 to 4096 [pid 5366] chdir("./file2") = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5365] <... futex resumed>) = 0 [pid 5366] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 5 [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... write resumed>) = 1036288 [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5365] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... mmap resumed>) = 0x20000000 [pid 5366] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] exit_group(0) = ? [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5367 ./strace-static-x86_64: Process 5367 attached [pid 5367] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5367] chdir("./134") = 0 [pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5367] setpgid(0, 0) = 0 [pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "1000", 4) = 4 [pid 5367] close(3) = 0 [pid 5367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5367] write(1, "executing program\n", 18executing program ) = 18 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5367] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5368 attached [pid 5368] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5368] set_robust_list(0x7f2454d0d9a0, 24 [pid 5367] <... clone3 resumed> => {parent_tid=[5368]}, 88) = 5368 [pid 5368] <... set_robust_list resumed>) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5368] memfd_create("syzkaller", 0) = 3 [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5368] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5368] munmap(0x7f244c800000, 138412032) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5368] close(3) = 0 [pid 5368] close(4) = 0 [pid 5368] mkdir("./file2", 0777) = 0 [pid 5368] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5368] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5368] chdir("./file2") = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [ 115.922538][ T5368] loop0: detected capacity change from 0 to 4096 [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = 4 [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = 5 [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5368] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... write resumed>) = 1036288 [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5367] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... mmap resumed>) = 0x20000000 [pid 5368] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] exit_group(0) = ? [pid 5368] <... futex resumed>) = ? [pid 5368] +++ exited with 0 +++ [pid 5367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5367, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5369 attached , child_tidptr=0x55557f632690) = 5369 [pid 5369] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5369] chdir("./135") = 0 [pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5369] setpgid(0, 0) = 0 [pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5369] write(3, "1000", 4) = 4 [pid 5369] close(3) = 0 [pid 5369] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5369] write(1, "executing program\n", 18) = 18 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5369] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5369] <... clone3 resumed> => {parent_tid=[5370]}, 88) = 5370 [pid 5370] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5370] memfd_create("syzkaller", 0 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5370] <... memfd_create resumed>) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5370] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5370] munmap(0x7f244c800000, 138412032) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] close(4) = 0 [pid 5370] mkdir("./file2", 0777) = 0 [pid 5370] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5370] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5370] chdir("./file2") = 0 [ 116.375279][ T5370] loop0: detected capacity change from 0 to 4096 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... openat resumed>) = 5 [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5370] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... write resumed>) = 1036288 [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5370] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5369] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... mmap resumed>) = 0x20000000 [pid 5370] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5369] <... exit_group resumed>) = ? [pid 5369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x55557f632690) = 5371 [pid 5371] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5371] chdir("./136") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] write(1, "executing program\n", 18executing program ) = 18 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5371] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5372 attached => {parent_tid=[5372]}, 88) = 5372 [pid 5372] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5372] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5372] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5372] munmap(0x7f244c800000, 138412032) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] close(4) = 0 [pid 5372] mkdir("./file2", 0777) = 0 [ 116.825107][ T5372] loop0: detected capacity change from 0 to 4096 [pid 5372] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5372] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file2") = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... openat resumed>) = 4 [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = 1 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... openat resumed>) = 5 [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5372] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... write resumed>) = 1036288 [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5371] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... mmap resumed>) = 0x20000000 [pid 5372] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0 [pid 5372] <... futex resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] <... exit_group resumed>) = ? [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5373] chdir("./137") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5373] write(1, "executing program\n", 18) = 18 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5373] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5374 attached [pid 5374] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5373] <... clone3 resumed> => {parent_tid=[5374]}, 88) = 5374 [pid 5374] <... rseq resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] set_robust_list(0x7f2454d0d9a0, 24 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5374] <... set_robust_list resumed>) = 0 [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... futex resumed>) = 0 [pid 5374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] memfd_create("syzkaller", 0) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5374] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5374] munmap(0x7f244c800000, 138412032) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5374] close(3) = 0 [pid 5374] close(4) = 0 [pid 5374] mkdir("./file2", 0777) = 0 [pid 5374] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5374] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 117.271137][ T5374] loop0: detected capacity change from 0 to 4096 [pid 5374] chdir("./file2") = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... openat resumed>) = 4 [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5374] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5374] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... openat resumed>) = 5 [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5374] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... write resumed>) = 1036288 [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5374] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... futex resumed>) = 0 [pid 5373] exit_group(0 [pid 5374] <... futex resumed>) = ? [pid 5373] <... exit_group resumed>) = ? [pid 5374] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5375 attached , child_tidptr=0x55557f632690) = 5375 [pid 5375] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5375] chdir("./138") = 0 [pid 5375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5375] setpgid(0, 0) = 0 [pid 5375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5375] write(3, "1000", 4) = 4 [pid 5375] close(3) = 0 [pid 5375] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5375] write(1, "executing program\n", 18) = 18 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5375] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5376 attached [pid 5376] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5375] <... clone3 resumed> => {parent_tid=[5376]}, 88) = 5376 [pid 5376] <... rseq resumed>) = 0 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], [pid 5376] set_robust_list(0x7f2454d0d9a0, 24 [pid 5375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5376] <... set_robust_list resumed>) = 0 [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], [pid 5375] <... futex resumed>) = 0 [pid 5376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5376] memfd_create("syzkaller", 0) = 3 [pid 5376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5376] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5376] munmap(0x7f244c800000, 138412032) = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5376] close(3) = 0 [pid 5376] close(4) = 0 [pid 5376] mkdir("./file2", 0777) = 0 [pid 5376] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5376] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5376] chdir("./file2") = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5376] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5375] <... futex resumed>) = 0 [ 117.717184][ T5376] loop0: detected capacity change from 0 to 4096 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... openat resumed>) = 4 [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5376] <... futex resumed>) = 1 [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5375] <... futex resumed>) = 0 [pid 5376] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5376] <... futex resumed>) = 1 [pid 5376] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] <... openat resumed>) = 5 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5376] <... futex resumed>) = 0 [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... write resumed>) = 1036288 [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5376] <... futex resumed>) = 1 [pid 5375] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... mmap resumed>) = 0x20000000 [pid 5376] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5375] exit_group(0) = ? [pid 5376] <... futex resumed>) = ? [pid 5376] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5375, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5377 attached , child_tidptr=0x55557f632690) = 5377 [pid 5377] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5377] chdir("./139") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] write(1, "executing program\n", 18executing program ) = 18 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5377] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5378 attached [pid 5378] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5378] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5377] <... clone3 resumed> => {parent_tid=[5378]}, 88) = 5378 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5378] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5378] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5378] munmap(0x7f244c800000, 138412032) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] close(4) = 0 [pid 5378] mkdir("./file2", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5378] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 118.184266][ T5378] loop0: detected capacity change from 0 to 4096 [pid 5378] chdir("./file2") = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... openat resumed>) = 4 [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... openat resumed>) = 5 [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... write resumed>) = 1036288 [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5378] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5377] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... mmap resumed>) = 0x20000000 [pid 5378] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] exit_group(0) = ? [pid 5378] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5379] chdir("./140" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5379 [pid 5379] <... chdir resumed>) = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] write(1, "executing program\n", 18executing program ) = 18 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5379] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5380 attached [pid 5380] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5379] <... clone3 resumed> => {parent_tid=[5380]}, 88) = 5380 [pid 5380] <... rseq resumed>) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] set_robust_list(0x7f2454d0d9a0, 24 [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] <... set_robust_list resumed>) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] <... futex resumed>) = 0 [pid 5380] memfd_create("syzkaller", 0 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5380] <... memfd_create resumed>) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5380] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5380] munmap(0x7f244c800000, 138412032) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] close(4) = 0 [pid 5380] mkdir("./file2", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5380] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file2") = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 118.646693][ T5380] loop0: detected capacity change from 0 to 4096 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... openat resumed>) = 4 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... openat resumed>) = 5 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... write resumed>) = 1036288 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5379] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... mmap resumed>) = 0x20000000 [pid 5380] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] exit_group(0 [pid 5380] <... futex resumed>) = ? [pid 5379] <... exit_group resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5381 attached , child_tidptr=0x55557f632690) = 5381 [pid 5381] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5381] chdir("./141") = 0 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] write(1, "executing program\n", 18executing program ) = 18 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5381] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5382 attached => {parent_tid=[5382]}, 88) = 5382 [pid 5382] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5382] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5382] memfd_create("syzkaller", 0 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5382] <... memfd_create resumed>) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5382] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5382] munmap(0x7f244c800000, 138412032) = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5382] close(3) = 0 [pid 5382] close(4) = 0 [pid 5382] mkdir("./file2", 0777) = 0 [pid 5382] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 119.110467][ T5382] loop0: detected capacity change from 0 to 4096 [pid 5382] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5382] chdir("./file2") = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] <... futex resumed>) = 0 [pid 5382] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... openat resumed>) = 4 [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] <... futex resumed>) = 1 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5382] <... futex resumed>) = 1 [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... openat resumed>) = 5 [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5382] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... mmap resumed>) = 0x20000000 [pid 5382] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = 0 [pid 5381] exit_group(0 [pid 5382] <... futex resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5381] <... exit_group resumed>) = ? [pid 5381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5381, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5383] chdir("./142") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] write(1, "executing program\n", 18executing program ) = 18 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5383] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5384 attached [pid 5384] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5383] <... clone3 resumed> => {parent_tid=[5384]}, 88) = 5384 [pid 5384] <... rseq resumed>) = 0 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] set_robust_list(0x7f2454d0d9a0, 24 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5384] <... set_robust_list resumed>) = 0 [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5384] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5384] munmap(0x7f244c800000, 138412032) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] close(4) = 0 [pid 5384] mkdir("./file2", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5384] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file2") = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] <... futex resumed>) = 0 [pid 5384] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... openat resumed>) = 4 [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5384] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5383] <... futex resumed>) = 1 [ 119.599425][ T5384] loop0: detected capacity change from 0 to 4096 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... openat resumed>) = 5 [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... write resumed>) = 1036288 [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] <... futex resumed>) = 0 [pid 5384] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5383] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... mmap resumed>) = 0x20000000 [pid 5384] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] exit_group(0 [pid 5384] <... futex resumed>) = ? [pid 5383] <... exit_group resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5385 attached , child_tidptr=0x55557f632690) = 5385 [pid 5385] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5385] chdir("./143") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] write(1, "executing program\n", 18executing program ) = 18 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5385] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5386 attached [pid 5386] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5385] <... clone3 resumed> => {parent_tid=[5386]}, 88) = 5386 [pid 5386] set_robust_list(0x7f2454d0d9a0, 24 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] <... set_robust_list resumed>) = 0 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5386] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5386] munmap(0x7f244c800000, 138412032) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] close(4) = 0 [pid 5386] mkdir("./file2", 0777) = 0 [pid 5386] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5386] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 120.029124][ T5386] loop0: detected capacity change from 0 to 4096 [pid 5386] chdir("./file2") = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... openat resumed>) = 4 [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5385] <... futex resumed>) = 0 [pid 5386] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... openat resumed>) = 5 [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] <... futex resumed>) = 0 [pid 5386] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... write resumed>) = 1036288 [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] <... futex resumed>) = 0 [pid 5386] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5385] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... mmap resumed>) = 0x20000000 [pid 5386] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] exit_group(0 [pid 5386] <... futex resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5385] <... exit_group resumed>) = ? [pid 5385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5385, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5387 attached , child_tidptr=0x55557f632690) = 5387 [pid 5387] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5387] chdir("./144") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5387] write(1, "executing program\n", 18) = 18 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5387] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5388 attached => {parent_tid=[5388]}, 88) = 5388 [pid 5388] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5388] set_robust_list(0x7f2454d0d9a0, 24 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] <... set_robust_list resumed>) = 0 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5388] memfd_create("syzkaller", 0) = 3 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5388] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5388] munmap(0x7f244c800000, 138412032) = 0 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5388] close(3) = 0 [pid 5388] close(4) = 0 [pid 5388] mkdir("./file2", 0777) = 0 [pid 5388] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5388] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5388] chdir("./file2") = 0 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 120.501973][ T5388] loop0: detected capacity change from 0 to 4096 [pid 5388] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... openat resumed>) = 4 [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5388] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5388] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... openat resumed>) = 5 [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5388] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5388] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... write resumed>) = 1036288 [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5388] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5387] <... futex resumed>) = 0 [pid 5388] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5387] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... mmap resumed>) = 0x20000000 [pid 5388] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5388] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5387] <... exit_group resumed>) = ? [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached , child_tidptr=0x55557f632690) = 5389 [pid 5389] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5389] chdir("./145") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] write(1, "executing program\n", 18executing program ) = 18 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5389] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5390 attached => {parent_tid=[5390]}, 88) = 5390 [pid 5390] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... rseq resumed>) = 0 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] set_robust_list(0x7f2454d0d9a0, 24 [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... set_robust_list resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] <... futex resumed>) = 0 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5390] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5390] munmap(0x7f244c800000, 138412032) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] close(4) = 0 [pid 5390] mkdir("./file2", 0777) = 0 [ 121.015150][ T5390] loop0: detected capacity change from 0 to 4096 [pid 5390] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5390] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file2") = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... openat resumed>) = 4 [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... openat resumed>) = 5 [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... write resumed>) = 1036288 [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5389] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5390] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] exit_group(0 [pid 5390] <... futex resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] <... exit_group resumed>) = ? [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5391 attached , child_tidptr=0x55557f632690) = 5391 [pid 5391] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5391] chdir("./146") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] write(1, "executing program\n", 18executing program ) = 18 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5391] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5391] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] set_robust_list(0x7f2454d0d9a0, 24 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] <... set_robust_list resumed>) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5392] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5392] munmap(0x7f244c800000, 138412032) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] close(4) = 0 [pid 5392] mkdir("./file2", 0777) = 0 [pid 5392] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5392] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./file2") = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [ 121.510175][ T5392] loop0: detected capacity change from 0 to 4096 [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... openat resumed>) = 4 [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] <... openat resumed>) = 5 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5392] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... write resumed>) = 1036288 [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5391] <... futex resumed>) = 0 [pid 5392] <... mmap resumed>) = 0x20000000 [pid 5391] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5391] <... exit_group resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5393] chdir("./147") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5393 [pid 5393] <... prctl resumed>) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5393] write(1, "executing program\n", 18) = 18 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5393] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5393] <... clone3 resumed> => {parent_tid=[5394]}, 88) = 5394 [pid 5394] <... rseq resumed>) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f2454d0d9a0, 24 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5394] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5394] munmap(0x7f244c800000, 138412032) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] close(4) = 0 [pid 5394] mkdir("./file2", 0777) = 0 [pid 5394] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5394] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 121.912143][ T5394] loop0: detected capacity change from 0 to 4096 [pid 5394] chdir("./file2") = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5393] <... futex resumed>) = 1 [pid 5394] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... openat resumed>) = 4 [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] <... futex resumed>) = 0 [pid 5394] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... openat resumed>) = 5 [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... write resumed>) = 1036288 [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] <... futex resumed>) = 0 [pid 5394] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5393] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... mmap resumed>) = 0x20000000 [pid 5394] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] exit_group(0 [pid 5394] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5395 attached [pid 5395] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5395 [pid 5395] <... set_robust_list resumed>) = 0 [pid 5395] chdir("./148") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5395] write(1, "executing program\n", 18) = 18 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5395] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5396 attached [pid 5396] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5396] set_robust_list(0x7f2454d0d9a0, 24 [pid 5395] <... clone3 resumed> => {parent_tid=[5396]}, 88) = 5396 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5396] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5396] munmap(0x7f244c800000, 138412032) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] close(4) = 0 [pid 5396] mkdir("./file2", 0777) = 0 [pid 5396] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5396] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file2") = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 122.375704][ T5396] loop0: detected capacity change from 0 to 4096 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5396] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... openat resumed>) = 5 [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5396] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... write resumed>) = 1036288 [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5396] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5395] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... mmap resumed>) = 0x20000000 [pid 5396] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] exit_group(0 [pid 5396] <... futex resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5395] <... exit_group resumed>) = ? [pid 5395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5395, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5397 attached , child_tidptr=0x55557f632690) = 5397 [pid 5397] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5397] chdir("./149") = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5397] setpgid(0, 0) = 0 [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5397] write(3, "1000", 4) = 4 [pid 5397] close(3) = 0 [pid 5397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5397] write(1, "executing program\n", 18executing program ) = 18 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5397] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5398 attached [pid 5398] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5397] <... clone3 resumed> => {parent_tid=[5398]}, 88) = 5398 [pid 5398] <... rseq resumed>) = 0 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] set_robust_list(0x7f2454d0d9a0, 24 [pid 5397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] <... set_robust_list resumed>) = 0 [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] <... futex resumed>) = 0 [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5398] memfd_create("syzkaller", 0) = 3 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5398] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5398] munmap(0x7f244c800000, 138412032) = 0 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5398] close(3) = 0 [pid 5398] close(4) = 0 [pid 5398] mkdir("./file2", 0777) = 0 [pid 5398] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5398] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5398] chdir("./file2") = 0 [ 122.805579][ T5398] loop0: detected capacity change from 0 to 4096 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] <... futex resumed>) = 0 [pid 5398] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... openat resumed>) = 4 [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] <... futex resumed>) = 0 [pid 5398] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... openat resumed>) = 5 [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5397] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... mmap resumed>) = 0x20000000 [pid 5398] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] exit_group(0) = ? [pid 5398] <... futex resumed>) = ? [pid 5398] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5399 attached , child_tidptr=0x55557f632690) = 5399 [pid 5399] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5399] chdir("./150") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5399] write(1, "executing program\n", 18) = 18 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5399] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5400 attached [pid 5400] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5399] <... clone3 resumed> => {parent_tid=[5400]}, 88) = 5400 [pid 5400] <... rseq resumed>) = 0 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5400] set_robust_list(0x7f2454d0d9a0, 24 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5400] <... set_robust_list resumed>) = 0 [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] <... futex resumed>) = 0 [pid 5400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5400] memfd_create("syzkaller", 0) = 3 [pid 5400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5400] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5400] munmap(0x7f244c800000, 138412032) = 0 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5400] close(3) = 0 [pid 5400] close(4) = 0 [pid 5400] mkdir("./file2", 0777) = 0 [pid 5400] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5400] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5400] chdir("./file2") = 0 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 123.301117][ T5400] loop0: detected capacity change from 0 to 4096 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... openat resumed>) = 4 [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5400] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... openat resumed>) = 5 [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... write resumed>) = 1036288 [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5399] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... mmap resumed>) = 0x20000000 [pid 5400] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] exit_group(0 [pid 5400] <... futex resumed>) = ? [pid 5399] <... exit_group resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x55557f632690) = 5401 [pid 5401] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5401] chdir("./151") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5401] write(1, "executing program\n", 18) = 18 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5401] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5402 attached => {parent_tid=[5402]}, 88) = 5402 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] set_robust_list(0x7f2454d0d9a0, 24 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... set_robust_list resumed>) = 0 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5402] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5402] munmap(0x7f244c800000, 138412032) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] close(4) = 0 [pid 5402] mkdir("./file2", 0777) = 0 [pid 5402] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5402] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file2") = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... openat resumed>) = 4 [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.763742][ T5402] loop0: detected capacity change from 0 to 4096 [pid 5402] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... write resumed>) = 1036288 [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... mmap resumed>) = 0x20000000 [pid 5402] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] exit_group(0 [pid 5402] <... futex resumed>) = ? [pid 5401] <... exit_group resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5403 attached , child_tidptr=0x55557f632690) = 5403 [pid 5403] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5403] chdir("./152") = 0 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5403] write(1, "executing program\n", 18) = 18 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5403] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5404 attached [pid 5404] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5403] <... clone3 resumed> => {parent_tid=[5404]}, 88) = 5404 [pid 5404] set_robust_list(0x7f2454d0d9a0, 24 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] <... set_robust_list resumed>) = 0 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5404] memfd_create("syzkaller", 0) = 3 [pid 5404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5404] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5404] munmap(0x7f244c800000, 138412032) = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5404] close(3) = 0 [pid 5404] close(4) = 0 [pid 5404] mkdir("./file2", 0777) = 0 [pid 5404] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5404] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5404] chdir("./file2") = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... futex resumed>) = 0 [ 124.195674][ T5404] loop0: detected capacity change from 0 to 4096 [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... openat resumed>) = 4 [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5404] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5404] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... openat resumed>) = 5 [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5403] <... futex resumed>) = 1 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... write resumed>) = 1036288 [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5403] <... futex resumed>) = 0 [pid 5404] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5403] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... mmap resumed>) = 0x20000000 [pid 5404] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] exit_group(0 [pid 5404] <... futex resumed>) = ? [pid 5403] <... exit_group resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5403, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5405 attached , child_tidptr=0x55557f632690) = 5405 [pid 5405] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5405] chdir("./153") = 0 [pid 5405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5405] setpgid(0, 0) = 0 [pid 5405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5405] write(3, "1000", 4) = 4 [pid 5405] close(3) = 0 [pid 5405] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5405] write(1, "executing program\n", 18) = 18 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5405] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5406 attached [pid 5406] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5406] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] <... clone3 resumed> => {parent_tid=[5406]}, 88) = 5406 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5406] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5406] memfd_create("syzkaller", 0 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5406] <... memfd_create resumed>) = 3 [pid 5406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5406] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5406] munmap(0x7f244c800000, 138412032) = 0 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5406] close(3) = 0 [pid 5406] close(4) = 0 [pid 5406] mkdir("./file2", 0777) = 0 [pid 5406] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5406] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5406] chdir("./file2") = 0 [ 124.620111][ T5406] loop0: detected capacity change from 0 to 4096 [pid 5406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... openat resumed>) = 4 [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5406] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5406] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... openat resumed>) = 5 [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5406] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... write resumed>) = 1036288 [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5406] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5405] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... mmap resumed>) = 0x20000000 [pid 5406] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 1 [pid 5405] exit_group(0) = ? [pid 5406] +++ exited with 0 +++ [pid 5405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5405, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5407 attached , child_tidptr=0x55557f632690) = 5407 [pid 5407] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5407] chdir("./154") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] write(1, "executing program\n", 18executing program ) = 18 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5407] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5407] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5408] <... rseq resumed>) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] set_robust_list(0x7f2454d0d9a0, 24 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] <... futex resumed>) = 0 [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5408] memfd_create("syzkaller", 0) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5408] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5408] munmap(0x7f244c800000, 138412032) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] close(4) = 0 [pid 5408] mkdir("./file2", 0777) = 0 [pid 5408] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5408] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./file2") = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.074193][ T5408] loop0: detected capacity change from 0 to 4096 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5408] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... openat resumed>) = 5 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... write resumed>) = 1036288 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5408] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5407] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... mmap resumed>) = 0x20000000 [pid 5408] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5407] <... exit_group resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5407, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5409 attached , child_tidptr=0x55557f632690) = 5409 [pid 5409] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5409] chdir("./155") = 0 [pid 5409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5409] setpgid(0, 0) = 0 [pid 5409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5409] write(3, "1000", 4) = 4 [pid 5409] close(3) = 0 [pid 5409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5409] write(1, "executing program\n", 18executing program ) = 18 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5409] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5410 attached [pid 5410] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5410] set_robust_list(0x7f2454d0d9a0, 24 [pid 5409] <... clone3 resumed> => {parent_tid=[5410]}, 88) = 5410 [pid 5410] <... set_robust_list resumed>) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5410] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5410] munmap(0x7f244c800000, 138412032) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] close(4) = 0 [pid 5410] mkdir("./file2", 0777) = 0 [ 125.571464][ T5410] loop0: detected capacity change from 0 to 4096 [pid 5410] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5410] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] chdir("./file2") = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5410] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] <... openat resumed>) = 5 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... write resumed>) = 1036288 [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5409] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5410] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5409] exit_group(0) = ? [pid 5410] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5409, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5411 ./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5411] chdir("./156") = 0 [pid 5411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5411] setpgid(0, 0) = 0 [pid 5411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5411] write(3, "1000", 4) = 4 [pid 5411] close(3) = 0 [pid 5411] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5411] write(1, "executing program\n", 18) = 18 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5411] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5412 attached [pid 5412] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5411] <... clone3 resumed> => {parent_tid=[5412]}, 88) = 5412 [pid 5412] <... rseq resumed>) = 0 [pid 5412] set_robust_list(0x7f2454d0d9a0, 24 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5412] <... set_robust_list resumed>) = 0 [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5412] memfd_create("syzkaller", 0) = 3 [pid 5412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5412] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5412] munmap(0x7f244c800000, 138412032) = 0 [pid 5412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5412] close(3) = 0 [pid 5412] close(4) = 0 [pid 5412] mkdir("./file2", 0777) = 0 [pid 5412] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5412] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5412] chdir("./file2") = 0 [pid 5412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 126.054708][ T5412] loop0: detected capacity change from 0 to 4096 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... openat resumed>) = 4 [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5412] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5411] <... futex resumed>) = 0 [pid 5412] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... openat resumed>) = 5 [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5411] <... futex resumed>) = 0 [pid 5412] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... write resumed>) = 1036288 [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5411] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... mmap resumed>) = 0x20000000 [pid 5412] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5412] <... futex resumed>) = 1 [pid 5411] exit_group(0 [pid 5412] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5411] <... exit_group resumed>) = ? [pid 5412] +++ exited with 0 +++ [pid 5411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5411, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5413 attached , child_tidptr=0x55557f632690) = 5413 [pid 5413] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5413] chdir("./157") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] write(1, "executing program\n", 18executing program ) = 18 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5413] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5414 attached => {parent_tid=[5414]}, 88) = 5414 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5414] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] set_robust_list(0x7f2454d0d9a0, 24 [pid 5413] <... futex resumed>) = 0 [pid 5414] <... set_robust_list resumed>) = 0 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5414] memfd_create("syzkaller", 0) = 3 [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5414] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5414] munmap(0x7f244c800000, 138412032) = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] close(3) = 0 [pid 5414] close(4) = 0 [pid 5414] mkdir("./file2", 0777) = 0 [pid 5414] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5414] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 126.553850][ T5414] loop0: detected capacity change from 0 to 4096 [pid 5414] chdir("./file2") = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5413] <... futex resumed>) = 0 [pid 5414] <... openat resumed>) = 4 [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5413] <... futex resumed>) = 0 [pid 5414] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5413] <... futex resumed>) = 0 [pid 5414] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... openat resumed>) = 5 [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... write resumed>) = 1036288 [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5413] <... futex resumed>) = 0 [pid 5414] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5413] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... mmap resumed>) = 0x20000000 [pid 5414] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] exit_group(0 [pid 5414] <... futex resumed>) = ? [pid 5413] <... exit_group resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5415 attached , child_tidptr=0x55557f632690) = 5415 [pid 5415] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5415] chdir("./158") = 0 [pid 5415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5415] setpgid(0, 0) = 0 [pid 5415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5415] write(3, "1000", 4) = 4 [pid 5415] close(3) = 0 [pid 5415] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5415] write(1, "executing program\n", 18) = 18 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5415] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5416 attached [pid 5416] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5415] <... clone3 resumed> => {parent_tid=[5416]}, 88) = 5416 [pid 5416] <... rseq resumed>) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], [pid 5416] set_robust_list(0x7f2454d0d9a0, 24 [pid 5415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5416] <... set_robust_list resumed>) = 0 [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5415] <... futex resumed>) = 0 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5416] memfd_create("syzkaller", 0) = 3 [pid 5416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5416] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5416] munmap(0x7f244c800000, 138412032) = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5416] close(3) = 0 [pid 5416] close(4) = 0 [pid 5416] mkdir("./file2", 0777) = 0 [pid 5416] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5416] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 126.999307][ T5416] loop0: detected capacity change from 0 to 4096 [pid 5416] chdir("./file2") = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] <... futex resumed>) = 0 [pid 5416] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... openat resumed>) = 4 [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5415] <... futex resumed>) = 1 [pid 5416] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... openat resumed>) = 5 [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] <... futex resumed>) = 0 [pid 5416] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... write resumed>) = 1036288 [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5416] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] exit_group(0) = ? [pid 5416] <... futex resumed>) = ? [pid 5416] +++ exited with 0 +++ [pid 5415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5415, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5417 attached [pid 5417] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5417] chdir("./159" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5417 [pid 5417] <... chdir resumed>) = 0 [pid 5417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5417] setpgid(0, 0) = 0 [pid 5417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5417] write(3, "1000", 4) = 4 [pid 5417] close(3) = 0 [pid 5417] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5417] write(1, "executing program\n", 18) = 18 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5417] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5417] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5418 attached [pid 5418] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5417] <... clone3 resumed> => {parent_tid=[5418]}, 88) = 5418 [pid 5418] <... rseq resumed>) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], [pid 5418] set_robust_list(0x7f2454d0d9a0, 24 [pid 5417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5418] <... set_robust_list resumed>) = 0 [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], [pid 5417] <... futex resumed>) = 0 [pid 5418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5418] memfd_create("syzkaller", 0) = 3 [pid 5418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5418] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5418] munmap(0x7f244c800000, 138412032) = 0 [pid 5418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5418] close(3) = 0 [pid 5418] close(4) = 0 [pid 5418] mkdir("./file2", 0777) = 0 [pid 5418] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5418] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 127.484802][ T5418] loop0: detected capacity change from 0 to 4096 [pid 5418] chdir("./file2") = 0 [pid 5418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... openat resumed>) = 4 [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5418] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] <... futex resumed>) = 0 [pid 5418] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5418] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5418] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... openat resumed>) = 5 [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... write resumed>) = 1036288 [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5417] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... mmap resumed>) = 0x20000000 [pid 5418] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5418] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] exit_group(0 [pid 5418] <... futex resumed>) = ? [pid 5417] <... exit_group resumed>) = ? [pid 5418] +++ exited with 0 +++ [pid 5417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5417, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5419 ./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5419] chdir("./160") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] write(1, "executing program\n", 18executing program ) = 18 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5419] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5420 attached [pid 5420] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5419] <... clone3 resumed> => {parent_tid=[5420]}, 88) = 5420 [pid 5420] <... rseq resumed>) = 0 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] set_robust_list(0x7f2454d0d9a0, 24 [pid 5419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] <... set_robust_list resumed>) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5420] memfd_create("syzkaller", 0) = 3 [pid 5420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5420] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5420] munmap(0x7f244c800000, 138412032) = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] close(3) = 0 [pid 5420] close(4) = 0 [pid 5420] mkdir("./file2", 0777) = 0 [pid 5420] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5420] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5420] chdir("./file2") = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [ 127.924380][ T5420] loop0: detected capacity change from 0 to 4096 [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... openat resumed>) = 4 [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... openat resumed>) = 5 [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... write resumed>) = 1036288 [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] <... futex resumed>) = 0 [pid 5420] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5419] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... mmap resumed>) = 0x20000000 [pid 5420] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] exit_group(0 [pid 5420] <... futex resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] <... exit_group resumed>) = ? [pid 5419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5419, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5421 attached , child_tidptr=0x55557f632690) = 5421 [pid 5421] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5421] chdir("./161") = 0 [pid 5421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5421] setpgid(0, 0) = 0 [pid 5421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5421] write(3, "1000", 4) = 4 [pid 5421] close(3) = 0 [pid 5421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5421] write(1, "executing program\n", 18executing program ) = 18 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5421] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5422 attached [pid 5422] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5421] <... clone3 resumed> => {parent_tid=[5422]}, 88) = 5422 [pid 5422] <... rseq resumed>) = 0 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] set_robust_list(0x7f2454d0d9a0, 24 [pid 5421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] <... set_robust_list resumed>) = 0 [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], [pid 5421] <... futex resumed>) = 0 [pid 5422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5422] memfd_create("syzkaller", 0) = 3 [pid 5422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5422] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5422] munmap(0x7f244c800000, 138412032) = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5422] close(3) = 0 [pid 5422] close(4) = 0 [pid 5422] mkdir("./file2", 0777) = 0 [pid 5422] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5422] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5422] chdir("./file2") = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5422] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 128.435790][ T5422] loop0: detected capacity change from 0 to 4096 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... openat resumed>) = 4 [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5422] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5421] <... futex resumed>) = 0 [pid 5422] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5422] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... openat resumed>) = 5 [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5422] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5421] <... futex resumed>) = 0 [pid 5422] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... write resumed>) = 1036288 [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5422] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5421] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... mmap resumed>) = 0x20000000 [pid 5422] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] exit_group(0 [pid 5422] <... futex resumed>) = ? [pid 5421] <... exit_group resumed>) = ? [pid 5422] +++ exited with 0 +++ [pid 5421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5421, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5423 attached , child_tidptr=0x55557f632690) = 5423 [pid 5423] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5423] chdir("./162") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] write(1, "executing program\n", 18executing program ) = 18 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5423] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5424 attached [pid 5424] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5423] <... clone3 resumed> => {parent_tid=[5424]}, 88) = 5424 [pid 5424] set_robust_list(0x7f2454d0d9a0, 24 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] <... set_robust_list resumed>) = 0 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] memfd_create("syzkaller", 0) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5424] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5424] munmap(0x7f244c800000, 138412032) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] close(4) = 0 [pid 5424] mkdir("./file2", 0777) = 0 [pid 5424] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5424] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./file2") = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5423] <... futex resumed>) = 0 [ 128.899674][ T5424] loop0: detected capacity change from 0 to 4096 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... openat resumed>) = 4 [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5423] <... futex resumed>) = 0 [pid 5424] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... openat resumed>) = 5 [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5423] <... futex resumed>) = 0 [pid 5424] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... write resumed>) = 1036288 [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5423] <... futex resumed>) = 0 [pid 5424] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5423] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... mmap resumed>) = 0x20000000 [pid 5424] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] exit_group(0 [pid 5424] <... futex resumed>) = ? [pid 5423] <... exit_group resumed>) = ? [pid 5424] +++ exited with 0 +++ [pid 5423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5423, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5425 attached , child_tidptr=0x55557f632690) = 5425 [pid 5425] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5425] chdir("./163") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5425] write(1, "executing program\n", 18) = 18 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5425] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5425] <... clone3 resumed> => {parent_tid=[5426]}, 88) = 5426 [pid 5426] <... rseq resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] set_robust_list(0x7f2454d0d9a0, 24 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] <... set_robust_list resumed>) = 0 [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] <... futex resumed>) = 0 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5426] memfd_create("syzkaller", 0) = 3 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5426] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5426] munmap(0x7f244c800000, 138412032) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] close(3) = 0 [pid 5426] close(4) = 0 [pid 5426] mkdir("./file2", 0777) = 0 [pid 5426] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5426] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5426] chdir("./file2") = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 129.352766][ T5426] loop0: detected capacity change from 0 to 4096 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... openat resumed>) = 4 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5425] <... futex resumed>) = 0 [pid 5426] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5425] <... futex resumed>) = 1 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... openat resumed>) = 5 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = 1 [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... write resumed>) = 1036288 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5425] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... mmap resumed>) = 0x20000000 [pid 5426] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0 [pid 5426] <... futex resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5425] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5427 attached , child_tidptr=0x55557f632690) = 5427 [pid 5427] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5427] chdir("./164") = 0 [pid 5427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5427] setpgid(0, 0) = 0 [pid 5427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5427] write(3, "1000", 4) = 4 [pid 5427] close(3) = 0 [pid 5427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5427] write(1, "executing program\n", 18executing program ) = 18 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5427] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5428 attached [pid 5428] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5428] set_robust_list(0x7f2454d0d9a0, 24 [pid 5427] <... clone3 resumed> => {parent_tid=[5428]}, 88) = 5428 [pid 5428] <... set_robust_list resumed>) = 0 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] memfd_create("syzkaller", 0 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5428] <... memfd_create resumed>) = 3 [pid 5428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5428] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5428] munmap(0x7f244c800000, 138412032) = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5428] close(3) = 0 [pid 5428] close(4) = 0 [pid 5428] mkdir("./file2", 0777) = 0 [pid 5428] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5428] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5428] chdir("./file2") = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 129.789905][ T5428] loop0: detected capacity change from 0 to 4096 [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... openat resumed>) = 4 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5427] <... futex resumed>) = 1 [pid 5428] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] <... futex resumed>) = 0 [pid 5428] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... openat resumed>) = 5 [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] <... futex resumed>) = 0 [pid 5428] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... write resumed>) = 1036288 [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5427] <... futex resumed>) = 1 [pid 5427] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... mmap resumed>) = 0x20000000 [pid 5428] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = 0 [pid 5427] exit_group(0 [pid 5428] <... futex resumed>) = ? [pid 5427] <... exit_group resumed>) = ? [pid 5428] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5427, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5429] chdir("./165") = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5429] write(3, "1000", 4) = 4 [pid 5429] close(3) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5429] write(1, "executing program\n", 18) = 18 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5429] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5429] <... clone3 resumed> => {parent_tid=[5430]}, 88) = 5430 [pid 5430] <... rseq resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5430] set_robust_list(0x7f2454d0d9a0, 24 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] <... futex resumed>) = 0 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] memfd_create("syzkaller", 0) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5430] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5430] munmap(0x7f244c800000, 138412032) = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5430] close(3) = 0 [pid 5430] close(4) = 0 [pid 5430] mkdir("./file2", 0777) = 0 [pid 5430] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5430] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./file2") = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.260881][ T5430] loop0: detected capacity change from 0 to 4096 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5429] <... futex resumed>) = 0 [pid 5430] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] <... futex resumed>) = 0 [pid 5430] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... openat resumed>) = 5 [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... write resumed>) = 1036288 [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5430] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5429] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... mmap resumed>) = 0x20000000 [pid 5430] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = 0 [pid 5429] exit_group(0 [pid 5430] <... futex resumed>) = ? [pid 5429] <... exit_group resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5429, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5431 attached , child_tidptr=0x55557f632690) = 5431 [pid 5431] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5431] chdir("./166") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5431] write(1, "executing program\n", 18) = 18 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5431] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5432 attached [pid 5432] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... rseq resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] set_robust_list(0x7f2454d0d9a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] memfd_create("syzkaller", 0) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5432] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5432] munmap(0x7f244c800000, 138412032) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] close(4) = 0 [pid 5432] mkdir("./file2", 0777) = 0 [pid 5432] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5432] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 130.673830][ T5432] loop0: detected capacity change from 0 to 4096 [pid 5432] chdir("./file2") = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... openat resumed>) = 5 [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5432] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... write resumed>) = 1036288 [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5431] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... mmap resumed>) = 0x20000000 [pid 5432] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0) = ? [pid 5432] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5433 attached , child_tidptr=0x55557f632690) = 5433 [pid 5433] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5433] chdir("./167") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4) = 4 [pid 5433] close(3) = 0 [pid 5433] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5433] write(1, "executing program\n", 18) = 18 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5433] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5434 attached [pid 5434] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5433] <... clone3 resumed> => {parent_tid=[5434]}, 88) = 5434 [pid 5434] <... rseq resumed>) = 0 [pid 5434] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5434] memfd_create("syzkaller", 0) = 3 [pid 5434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5434] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5434] munmap(0x7f244c800000, 138412032) = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5434] close(3) = 0 [pid 5434] close(4) = 0 [pid 5434] mkdir("./file2", 0777) = 0 [pid 5434] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5434] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5434] chdir("./file2") = 0 [ 131.177987][ T5434] loop0: detected capacity change from 0 to 4096 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 4 [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5434] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 5 [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... write resumed>) = 1036288 [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5433] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... mmap resumed>) = 0x20000000 [pid 5434] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] exit_group(0 [pid 5434] <... futex resumed>) = ? [pid 5433] <... exit_group resumed>) = ? [pid 5434] +++ exited with 0 +++ [pid 5433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5433, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5435 ./strace-static-x86_64: Process 5435 attached [pid 5435] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5435] chdir("./168") = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5435] write(1, "executing program\n", 18executing program ) = 18 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5435] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5436 attached [pid 5436] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5435] <... clone3 resumed> => {parent_tid=[5436]}, 88) = 5436 [pid 5436] set_robust_list(0x7f2454d0d9a0, 24 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] <... set_robust_list resumed>) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] memfd_create("syzkaller", 0 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] <... memfd_create resumed>) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5436] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5436] munmap(0x7f244c800000, 138412032) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5436] close(3) = 0 [pid 5436] close(4) = 0 [pid 5436] mkdir("./file2", 0777) = 0 [pid 5436] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5436] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5436] chdir("./file2") = 0 [ 131.652891][ T5436] loop0: detected capacity change from 0 to 4096 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... openat resumed>) = 4 [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5435] <... futex resumed>) = 1 [pid 5436] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... openat resumed>) = 5 [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... write resumed>) = 1036288 [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5435] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... mmap resumed>) = 0x20000000 [pid 5436] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] exit_group(0 [pid 5436] <... futex resumed>) = ? [pid 5436] +++ exited with 0 +++ [pid 5435] <... exit_group resumed>) = ? [pid 5435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5435, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5437 attached , child_tidptr=0x55557f632690) = 5437 [pid 5437] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5437] chdir("./169") = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0) = 0 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5437] write(3, "1000", 4) = 4 [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5437] write(1, "executing program\n", 18) = 18 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5437] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5438 attached [pid 5438] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5437] <... clone3 resumed> => {parent_tid=[5438]}, 88) = 5438 [pid 5438] <... rseq resumed>) = 0 [pid 5438] set_robust_list(0x7f2454d0d9a0, 24 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] <... set_robust_list resumed>) = 0 [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5438] memfd_create("syzkaller", 0) = 3 [pid 5438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5438] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5438] munmap(0x7f244c800000, 138412032) = 0 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5438] close(3) = 0 [pid 5438] close(4) = 0 [pid 5438] mkdir("./file2", 0777) = 0 [pid 5438] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5438] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5438] chdir("./file2") = 0 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... openat resumed>) = 4 [ 132.110706][ T5438] loop0: detected capacity change from 0 to 4096 [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5437] <... futex resumed>) = 0 [pid 5438] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5438] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... openat resumed>) = 5 [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... write resumed>) = 1036288 [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5437] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5438] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5437] <... exit_group resumed>) = ? [pid 5437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5437, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5439 attached , child_tidptr=0x55557f632690) = 5439 [pid 5439] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5439] chdir("./170") = 0 [pid 5439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5439] setpgid(0, 0) = 0 [pid 5439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5439] write(3, "1000", 4) = 4 [pid 5439] close(3) = 0 [pid 5439] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5439] write(1, "executing program\n", 18) = 18 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5439] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5440 attached [pid 5440] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5439] <... clone3 resumed> => {parent_tid=[5440]}, 88) = 5440 [pid 5440] <... rseq resumed>) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] set_robust_list(0x7f2454d0d9a0, 24 [pid 5439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] <... set_robust_list resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] rt_sigprocmask(SIG_SETMASK, [], [pid 5439] <... futex resumed>) = 0 [pid 5440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5440] memfd_create("syzkaller", 0) = 3 [pid 5440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5440] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5440] munmap(0x7f244c800000, 138412032) = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5440] close(3) = 0 [pid 5440] close(4) = 0 [pid 5440] mkdir("./file2", 0777) = 0 [pid 5440] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5440] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5440] chdir("./file2") = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] <... futex resumed>) = 1 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 132.610574][ T5440] loop0: detected capacity change from 0 to 4096 [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5440] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... openat resumed>) = 5 [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5440] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... write resumed>) = 1036288 [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5439] <... futex resumed>) = 1 [pid 5440] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5439] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... mmap resumed>) = 0x20000000 [pid 5440] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5440] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] exit_group(0) = ? [pid 5440] <... futex resumed>) = ? [pid 5440] +++ exited with 0 +++ [pid 5439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5439, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5441 ./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5441] chdir("./171") = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5441] write(1, "executing program\n", 18) = 18 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5441] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5442 attached => {parent_tid=[5442]}, 88) = 5442 [pid 5442] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5442] <... rseq resumed>) = 0 [pid 5442] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] memfd_create("syzkaller", 0) = 3 [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5442] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5442] munmap(0x7f244c800000, 138412032) = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5442] close(3) = 0 [pid 5442] close(4) = 0 [pid 5442] mkdir("./file2", 0777) = 0 [ 133.069599][ T5442] loop0: detected capacity change from 0 to 4096 [pid 5442] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5442] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5442] chdir("./file2") = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5442] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] <... futex resumed>) = 0 [pid 5442] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... openat resumed>) = 4 [pid 5442] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5441] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] <... futex resumed>) = 0 [pid 5441] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... openat resumed>) = 5 [pid 5442] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5441] futex(0x7f2454dfe6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5442] <... write resumed>) = 1036288 [pid 5441] <... mmap resumed>) = 0x7f2454ccc000 [pid 5442] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] mprotect(0x7f2454ccd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5442] <... futex resumed>) = 0 [pid 5441] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5442] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454cec990, parent_tid=0x7f2454cec990, exit_signal=0, stack=0x7f2454ccc000, stack_size=0x20300, tls=0x7f2454cec6c0} => {parent_tid=[5443]}, 88) = 5443 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f2454dfe6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f2454dfe6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5443 attached [pid 5443] rseq(0x7f2454cecfe0, 0x20, 0, 0x53053053) = 0 [pid 5443] set_robust_list(0x7f2454cec9a0, 24) = 0 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5443] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5443] futex(0x7f2454dfe6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5441] exit_group(0 [pid 5442] <... futex resumed>) = ? [pid 5441] <... exit_group resumed>) = ? [pid 5443] <... futex resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ [pid 5441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5441, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5444 attached , child_tidptr=0x55557f632690) = 5444 [pid 5444] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5444] chdir("./172") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] write(1, "executing program\n", 18executing program ) = 18 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5444] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5445 attached [pid 5445] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5444] <... clone3 resumed> => {parent_tid=[5445]}, 88) = 5445 [pid 5445] set_robust_list(0x7f2454d0d9a0, 24 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5445] <... set_robust_list resumed>) = 0 [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5445] memfd_create("syzkaller", 0) = 3 [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5445] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5445] munmap(0x7f244c800000, 138412032) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] close(4) = 0 [pid 5445] mkdir("./file2", 0777) = 0 [pid 5445] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5445] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file2") = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 133.690472][ T5445] loop0: detected capacity change from 0 to 4096 [pid 5445] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5444] <... futex resumed>) = 0 [pid 5445] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... openat resumed>) = 5 [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 1 [pid 5445] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5444] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... mmap resumed>) = 0x20000000 [pid 5445] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] exit_group(0) = ? [pid 5445] <... futex resumed>) = ? [pid 5445] +++ exited with 0 +++ [pid 5444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5444, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5446 ./strace-static-x86_64: Process 5446 attached [pid 5446] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5446] chdir("./173") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] write(1, "executing program\n", 18executing program ) = 18 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5446] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5447 attached [pid 5447] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5447] set_robust_list(0x7f2454d0d9a0, 24 [pid 5446] <... clone3 resumed> => {parent_tid=[5447]}, 88) = 5447 [pid 5447] <... set_robust_list resumed>) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5447] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5447] munmap(0x7f244c800000, 138412032) = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] close(3) = 0 [pid 5447] close(4) = 0 [pid 5447] mkdir("./file2", 0777) = 0 [pid 5447] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5447] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5447] chdir("./file2") = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = 0 [pid 5446] <... futex resumed>) = 1 [pid 5447] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... openat resumed>) = 4 [ 134.171958][ T5447] loop0: detected capacity change from 0 to 4096 [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5446] <... futex resumed>) = 0 [pid 5447] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5446] <... futex resumed>) = 0 [pid 5447] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... openat resumed>) = 5 [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5446] <... futex resumed>) = 0 [pid 5447] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... write resumed>) = 1036288 [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5447] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5446] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... mmap resumed>) = 0x20000000 [pid 5447] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5446] <... exit_group resumed>) = ? [pid 5446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5446, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5448 attached , child_tidptr=0x55557f632690) = 5448 [pid 5448] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5448] chdir("./174") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] write(1, "executing program\n", 18executing program ) = 18 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5448] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5449 attached [pid 5449] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5448] <... clone3 resumed> => {parent_tid=[5449]}, 88) = 5449 [pid 5449] <... rseq resumed>) = 0 [pid 5449] set_robust_list(0x7f2454d0d9a0, 24 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] <... set_robust_list resumed>) = 0 [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5449] memfd_create("syzkaller", 0) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5449] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5449] munmap(0x7f244c800000, 138412032) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] close(4) = 0 [pid 5449] mkdir("./file2", 0777) = 0 [pid 5449] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5449] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 134.602847][ T5449] loop0: detected capacity change from 0 to 4096 [pid 5449] chdir("./file2") = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 4 [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = 1 [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 5 [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... write resumed>) = 1036288 [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5448] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... mmap resumed>) = 0x20000000 [pid 5449] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] exit_group(0) = ? [pid 5449] <... futex resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5450 ./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5450] chdir("./175") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] write(1, "executing program\n", 18executing program ) = 18 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5450] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5451 attached [pid 5451] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5450] <... clone3 resumed> => {parent_tid=[5451]}, 88) = 5451 [pid 5451] <... rseq resumed>) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] set_robust_list(0x7f2454d0d9a0, 24 [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] <... futex resumed>) = 0 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5451] memfd_create("syzkaller", 0) = 3 [pid 5451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5451] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5451] munmap(0x7f244c800000, 138412032) = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5451] close(3) = 0 [pid 5451] close(4) = 0 [pid 5451] mkdir("./file2", 0777) = 0 [pid 5451] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5451] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5451] chdir("./file2") = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 135.068423][ T5451] loop0: detected capacity change from 0 to 4096 [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... openat resumed>) = 4 [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5450] <... futex resumed>) = 0 [pid 5451] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5450] <... futex resumed>) = 0 [pid 5451] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... openat resumed>) = 5 [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... write resumed>) = 1036288 [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5451] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5450] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... mmap resumed>) = 0x20000000 [pid 5451] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = 0 [pid 5450] exit_group(0 [pid 5451] <... futex resumed>) = ? [pid 5450] <... exit_group resumed>) = ? [pid 5451] +++ exited with 0 +++ [pid 5450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5450, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5452 attached , child_tidptr=0x55557f632690) = 5452 [pid 5452] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5452] chdir("./176") = 0 [pid 5452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5452] setpgid(0, 0) = 0 [pid 5452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5452] write(3, "1000", 4) = 4 [pid 5452] close(3) = 0 [pid 5452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5452] write(1, "executing program\n", 18executing program ) = 18 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5452] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5453 attached [pid 5453] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5452] <... clone3 resumed> => {parent_tid=[5453]}, 88) = 5453 [pid 5453] <... rseq resumed>) = 0 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5453] set_robust_list(0x7f2454d0d9a0, 24 [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5453] <... set_robust_list resumed>) = 0 [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] <... futex resumed>) = 0 [pid 5453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5453] memfd_create("syzkaller", 0) = 3 [pid 5453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5453] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5453] munmap(0x7f244c800000, 138412032) = 0 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5453] close(3) = 0 [pid 5453] close(4) = 0 [pid 5453] mkdir("./file2", 0777) = 0 [pid 5453] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5453] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5453] chdir("./file2") = 0 [ 135.552544][ T5453] loop0: detected capacity change from 0 to 4096 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] <... futex resumed>) = 0 [pid 5453] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... openat resumed>) = 4 [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... openat resumed>) = 5 [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... mmap resumed>) = 0x20000000 [pid 5453] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] exit_group(0) = ? [pid 5453] <... futex resumed>) = ? [pid 5453] +++ exited with 0 +++ [pid 5452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5452, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5454 attached , child_tidptr=0x55557f632690) = 5454 [pid 5454] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5454] chdir("./177") = 0 [pid 5454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5454] setpgid(0, 0) = 0 [pid 5454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5454] write(3, "1000", 4) = 4 [pid 5454] close(3) = 0 [pid 5454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5454] write(1, "executing program\n", 18executing program ) = 18 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5454] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5454] <... clone3 resumed> => {parent_tid=[5455]}, 88) = 5455 [pid 5455] set_robust_list(0x7f2454d0d9a0, 24 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... set_robust_list resumed>) = 0 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5455] memfd_create("syzkaller", 0) = 3 [pid 5455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5455] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5455] munmap(0x7f244c800000, 138412032) = 0 [pid 5455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5455] close(3) = 0 [pid 5455] close(4) = 0 [pid 5455] mkdir("./file2", 0777) = 0 [pid 5455] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5455] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 136.006430][ T5455] loop0: detected capacity change from 0 to 4096 [pid 5455] chdir("./file2") = 0 [pid 5455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5455] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... openat resumed>) = 4 [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5455] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... openat resumed>) = 5 [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5455] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... write resumed>) = 1036288 [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] <... futex resumed>) = 0 [pid 5455] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5455] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5454] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... mmap resumed>) = 0x20000000 [pid 5455] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] <... futex resumed>) = 0 [pid 5454] exit_group(0 [pid 5455] <... futex resumed>) = ? [pid 5454] <... exit_group resumed>) = ? [pid 5455] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5454, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5456] chdir("./178" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5456 [pid 5456] <... chdir resumed>) = 0 [pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5456] setpgid(0, 0) = 0 [pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5456] write(3, "1000", 4) = 4 [pid 5456] close(3) = 0 [pid 5456] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5456] write(1, "executing program\n", 18) = 18 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5456] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5457 attached => {parent_tid=[5457]}, 88) = 5457 [pid 5457] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] <... rseq resumed>) = 0 [pid 5456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] set_robust_list(0x7f2454d0d9a0, 24 [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... set_robust_list resumed>) = 0 [pid 5456] <... futex resumed>) = 0 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] memfd_create("syzkaller", 0) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5457] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5457] munmap(0x7f244c800000, 138412032) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] close(4) = 0 [pid 5457] mkdir("./file2", 0777) = 0 [pid 5457] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5457] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] chdir("./file2") = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 136.465329][ T5457] loop0: detected capacity change from 0 to 4096 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... openat resumed>) = 4 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... openat resumed>) = 5 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... write resumed>) = 1036288 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5456] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... mmap resumed>) = 0x20000000 [pid 5457] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5456] exit_group(0) = ? [pid 5457] +++ exited with 0 +++ [pid 5456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5456, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5458 attached , child_tidptr=0x55557f632690) = 5458 [pid 5458] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5458] chdir("./179") = 0 [pid 5458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5458] setpgid(0, 0) = 0 [pid 5458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5458] write(3, "1000", 4) = 4 [pid 5458] close(3) = 0 [pid 5458] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5458] write(1, "executing program\n", 18) = 18 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5458] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5459 attached [pid 5459] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5458] <... clone3 resumed> => {parent_tid=[5459]}, 88) = 5459 [pid 5459] <... rseq resumed>) = 0 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] set_robust_list(0x7f2454d0d9a0, 24 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] <... set_robust_list resumed>) = 0 [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] <... futex resumed>) = 0 [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5459] memfd_create("syzkaller", 0) = 3 [pid 5459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5459] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5459] munmap(0x7f244c800000, 138412032) = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5459] close(3) = 0 [pid 5459] close(4) = 0 [pid 5459] mkdir("./file2", 0777) = 0 [pid 5459] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 136.891342][ T5459] loop0: detected capacity change from 0 to 4096 [pid 5459] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5459] chdir("./file2") = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5458] <... futex resumed>) = 1 [pid 5459] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... openat resumed>) = 4 [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5458] <... futex resumed>) = 0 [pid 5459] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... openat resumed>) = 5 [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... write resumed>) = 1036288 [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... mmap resumed>) = 0x20000000 [pid 5459] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] exit_group(0 [pid 5459] <... futex resumed>) = ? [pid 5458] <... exit_group resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5458, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5460 attached [pid 5460] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5460] chdir("./180") = 0 [pid 5460] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5460 [pid 5460] <... prctl resumed>) = 0 [pid 5460] setpgid(0, 0) = 0 [pid 5460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5460] write(3, "1000", 4) = 4 [pid 5460] close(3) = 0 [pid 5460] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5460] write(1, "executing program\n", 18) = 18 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5460] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5461 attached [pid 5461] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5460] <... clone3 resumed> => {parent_tid=[5461]}, 88) = 5461 [pid 5461] <... rseq resumed>) = 0 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] set_robust_list(0x7f2454d0d9a0, 24 [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5461] memfd_create("syzkaller", 0) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5461] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5461] munmap(0x7f244c800000, 138412032) = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5461] close(3) = 0 [pid 5461] close(4) = 0 [pid 5461] mkdir("./file2", 0777) = 0 [pid 5461] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5461] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5461] chdir("./file2") = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [ 137.352942][ T5461] loop0: detected capacity change from 0 to 4096 [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... openat resumed>) = 4 [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 1 [pid 5461] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... openat resumed>) = 5 [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5461] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... write resumed>) = 1036288 [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5460] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... mmap resumed>) = 0x20000000 [pid 5461] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] exit_group(0 [pid 5461] <... futex resumed>) = ? [pid 5460] <... exit_group resumed>) = ? [pid 5461] +++ exited with 0 +++ [pid 5460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5460, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5462 attached , child_tidptr=0x55557f632690) = 5462 [pid 5462] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5462] chdir("./181") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] write(1, "executing program\n", 18executing program ) = 18 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5462] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5463 attached [pid 5463] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5463] set_robust_list(0x7f2454d0d9a0, 24 [pid 5462] <... clone3 resumed> => {parent_tid=[5463]}, 88) = 5463 [pid 5463] <... set_robust_list resumed>) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5463] memfd_create("syzkaller", 0) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5463] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5463] munmap(0x7f244c800000, 138412032) = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5463] close(4) = 0 [pid 5463] mkdir("./file2", 0777) = 0 [pid 5463] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5463] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5463] chdir("./file2") = 0 [ 137.809886][ T5463] loop0: detected capacity change from 0 to 4096 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5463] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... openat resumed>) = 4 [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5462] <... futex resumed>) = 0 [pid 5463] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5463] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... openat resumed>) = 5 [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... write resumed>) = 1036288 [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5462] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... mmap resumed>) = 0x20000000 [pid 5463] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] exit_group(0) = ? [pid 5463] <... futex resumed>) = ? [pid 5463] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5464 attached , child_tidptr=0x55557f632690) = 5464 [pid 5464] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5464] chdir("./182") = 0 [pid 5464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5464] setpgid(0, 0) = 0 [pid 5464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5464] write(3, "1000", 4) = 4 [pid 5464] close(3) = 0 [pid 5464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5464] write(1, "executing program\n", 18executing program ) = 18 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5464] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5465 attached => {parent_tid=[5465]}, 88) = 5465 [pid 5465] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5465] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5465] memfd_create("syzkaller", 0) = 3 [pid 5465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5465] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5465] munmap(0x7f244c800000, 138412032) = 0 [pid 5465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5465] close(3) = 0 [pid 5465] close(4) = 0 [pid 5465] mkdir("./file2", 0777) = 0 [pid 5465] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5465] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5465] chdir("./file2") = 0 [pid 5465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [ 138.293906][ T5465] loop0: detected capacity change from 0 to 4096 [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... openat resumed>) = 4 [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = 1 [pid 5465] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 0 [pid 5465] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = 1 [pid 5465] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... write resumed>) = 1036288 [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5464] <... futex resumed>) = 0 [pid 5465] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5464] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... mmap resumed>) = 0x20000000 [pid 5465] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5464] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5464, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5466 [pid 5466] chdir("./183") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5466] write(1, "executing program\n", 18) = 18 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5466] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5466] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5467] <... rseq resumed>) = 0 [pid 5467] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] memfd_create("syzkaller", 0) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5467] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5467] munmap(0x7f244c800000, 138412032) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] close(4) = 0 [pid 5467] mkdir("./file2", 0777) = 0 [pid 5467] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5467] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 138.763622][ T5467] loop0: detected capacity change from 0 to 4096 [pid 5467] chdir("./file2") = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... openat resumed>) = 4 [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5466] <... futex resumed>) = 0 [pid 5467] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... openat resumed>) = 5 [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... write resumed>) = 1036288 [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5466] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... mmap resumed>) = 0x20000000 [pid 5467] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] exit_group(0 [pid 5467] <... futex resumed>) = ? [pid 5466] <... exit_group resumed>) = ? [pid 5467] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5466, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5468 attached , child_tidptr=0x55557f632690) = 5468 [pid 5468] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5468] chdir("./184") = 0 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5468] setpgid(0, 0) = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5468] write(3, "1000", 4) = 4 [pid 5468] close(3) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] write(1, "executing program\n", 18executing program ) = 18 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5468] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5469 attached [pid 5469] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5468] <... clone3 resumed> => {parent_tid=[5469]}, 88) = 5469 [pid 5469] set_robust_list(0x7f2454d0d9a0, 24 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5469] <... set_robust_list resumed>) = 0 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5469] memfd_create("syzkaller", 0) = 3 [pid 5469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5469] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5469] munmap(0x7f244c800000, 138412032) = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5469] close(3) = 0 [pid 5469] close(4) = 0 [pid 5469] mkdir("./file2", 0777) = 0 [pid 5469] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5469] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 139.184087][ T5469] loop0: detected capacity change from 0 to 4096 [pid 5469] chdir("./file2") = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... openat resumed>) = 4 [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5469] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... openat resumed>) = 5 [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5469] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... write resumed>) = 1036288 [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5468] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5469] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] exit_group(0 [pid 5469] <... futex resumed>) = ? [pid 5468] <... exit_group resumed>) = ? [pid 5469] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5468, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5470 attached [pid 5470] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5470] chdir("./185" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5470 [pid 5470] <... chdir resumed>) = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5470] write(1, "executing program\n", 18) = 18 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5470] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5471 attached [pid 5471] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5470] <... clone3 resumed> => {parent_tid=[5471]}, 88) = 5471 [pid 5471] <... rseq resumed>) = 0 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5471] set_robust_list(0x7f2454d0d9a0, 24 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5471] <... set_robust_list resumed>) = 0 [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] memfd_create("syzkaller", 0) = 3 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5471] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5471] munmap(0x7f244c800000, 138412032) = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5471] close(3) = 0 [pid 5471] close(4) = 0 [pid 5471] mkdir("./file2", 0777) = 0 [pid 5471] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5471] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5471] chdir("./file2") = 0 [ 139.689093][ T5471] loop0: detected capacity change from 0 to 4096 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5471] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5471] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... openat resumed>) = 5 [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... write resumed>) = 1036288 [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5470] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... mmap resumed>) = 0x20000000 [pid 5471] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5471] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] exit_group(0 [pid 5471] <... futex resumed>) = ? [pid 5470] <... exit_group resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5470, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5472 attached , child_tidptr=0x55557f632690) = 5472 [pid 5472] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5472] chdir("./186") = 0 [pid 5472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5472] setpgid(0, 0) = 0 [pid 5472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5472] write(3, "1000", 4) = 4 [pid 5472] close(3) = 0 [pid 5472] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5472] write(1, "executing program\n", 18) = 18 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5472] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5472] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5473 attached [pid 5473] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5472] <... clone3 resumed> => {parent_tid=[5473]}, 88) = 5473 [pid 5473] <... rseq resumed>) = 0 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5473] memfd_create("syzkaller", 0) = 3 [pid 5473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5473] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5473] munmap(0x7f244c800000, 138412032) = 0 [pid 5473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5473] close(3) = 0 [pid 5473] close(4) = 0 [pid 5473] mkdir("./file2", 0777) = 0 [pid 5473] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5473] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5473] chdir("./file2") = 0 [pid 5473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 140.137292][ T5473] loop0: detected capacity change from 0 to 4096 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... openat resumed>) = 4 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5473] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5472] <... futex resumed>) = 1 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... openat resumed>) = 5 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... write resumed>) = 1036288 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5472] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... mmap resumed>) = 0x20000000 [pid 5473] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] exit_group(0 [pid 5473] <... futex resumed>) = ? [pid 5472] <... exit_group resumed>) = ? [pid 5473] +++ exited with 0 +++ [pid 5472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5472, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5474 ./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5474] chdir("./187") = 0 [pid 5474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5474] setpgid(0, 0) = 0 [pid 5474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5474] write(3, "1000", 4) = 4 [pid 5474] close(3) = 0 [pid 5474] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5474] write(1, "executing program\n", 18) = 18 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5474] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5475 attached [pid 5475] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5474] <... clone3 resumed> => {parent_tid=[5475]}, 88) = 5475 [pid 5475] <... rseq resumed>) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5475] set_robust_list(0x7f2454d0d9a0, 24 [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5475] <... set_robust_list resumed>) = 0 [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] <... futex resumed>) = 0 [pid 5475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5475] memfd_create("syzkaller", 0) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5475] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5475] munmap(0x7f244c800000, 138412032) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] close(4) = 0 [pid 5475] mkdir("./file2", 0777) = 0 [pid 5475] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5475] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./file2") = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... openat resumed>) = 4 [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = 0 [pid 5475] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [ 140.588200][ T5475] loop0: detected capacity change from 0 to 4096 [pid 5475] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... openat resumed>) = 5 [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5475] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... write resumed>) = 1036288 [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5474] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5475] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5474] exit_group(0 [pid 5475] <... futex resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5474] <... exit_group resumed>) = ? [pid 5474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5474, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./187/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5476 [pid 5476] <... set_robust_list resumed>) = 0 [pid 5476] chdir("./188") = 0 [pid 5476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5476] setpgid(0, 0) = 0 [pid 5476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5476] write(3, "1000", 4) = 4 [pid 5476] close(3) = 0 [pid 5476] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5476] write(1, "executing program\n", 18) = 18 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5476] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5477 attached [pid 5477] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5476] <... clone3 resumed> => {parent_tid=[5477]}, 88) = 5477 [pid 5477] <... rseq resumed>) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] set_robust_list(0x7f2454d0d9a0, 24 [pid 5476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] <... set_robust_list resumed>) = 0 [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5477] memfd_create("syzkaller", 0) = 3 [pid 5477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5477] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5477] munmap(0x7f244c800000, 138412032) = 0 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5477] close(3) = 0 [pid 5477] close(4) = 0 [pid 5477] mkdir("./file2", 0777) = 0 [pid 5477] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5477] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5477] chdir("./file2") = 0 [ 141.004887][ T5477] loop0: detected capacity change from 0 to 4096 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 0 [pid 5476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] <... futex resumed>) = 0 [pid 5477] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... openat resumed>) = 5 [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] <... futex resumed>) = 0 [pid 5477] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... write resumed>) = 1036288 [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5477] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5476] exit_group(0) = ? [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5476, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./188/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5478 attached , child_tidptr=0x55557f632690) = 5478 [pid 5478] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5478] chdir("./189") = 0 [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5478] setpgid(0, 0) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5478] write(3, "1000", 4) = 4 [pid 5478] close(3) = 0 [pid 5478] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5478] write(1, "executing program\n", 18) = 18 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5478] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5478] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5478] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5479 attached [pid 5479] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5478] <... clone3 resumed> => {parent_tid=[5479]}, 88) = 5479 [pid 5479] <... rseq resumed>) = 0 [pid 5478] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] set_robust_list(0x7f2454d0d9a0, 24 [pid 5478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5479] <... set_robust_list resumed>) = 0 [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], [pid 5478] <... futex resumed>) = 0 [pid 5479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5479] memfd_create("syzkaller", 0) = 3 [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5479] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5479] munmap(0x7f244c800000, 138412032) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] close(4) = 0 [pid 5479] mkdir("./file2", 0777) = 0 [pid 5479] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5479] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./file2") = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... openat resumed>) = 4 [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [ 141.507745][ T5479] loop0: detected capacity change from 0 to 4096 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5479] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... openat resumed>) = 5 [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 1 [pid 5479] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... write resumed>) = 1036288 [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5479] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5478] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... mmap resumed>) = 0x20000000 [pid 5479] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] exit_group(0 [pid 5479] <... futex resumed>) = ? [pid 5478] <... exit_group resumed>) = ? [pid 5479] +++ exited with 0 +++ [pid 5478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5478, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./189", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./189/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5480 attached , child_tidptr=0x55557f632690) = 5480 [pid 5480] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5480] chdir("./190") = 0 [pid 5480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5480] setpgid(0, 0) = 0 [pid 5480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5480] write(3, "1000", 4) = 4 [pid 5480] close(3) = 0 [pid 5480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5480] write(1, "executing program\n", 18executing program ) = 18 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5480] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5481 attached [pid 5481] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5480] <... clone3 resumed> => {parent_tid=[5481]}, 88) = 5481 [pid 5481] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], [pid 5481] rt_sigprocmask(SIG_SETMASK, [], [pid 5480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] memfd_create("syzkaller", 0 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5481] <... memfd_create resumed>) = 3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5481] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5481] munmap(0x7f244c800000, 138412032) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5481] close(3) = 0 [pid 5481] close(4) = 0 [pid 5481] mkdir("./file2", 0777) = 0 [pid 5481] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5481] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5481] chdir("./file2") = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... openat resumed>) = 4 [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [ 141.932772][ T5481] loop0: detected capacity change from 0 to 4096 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5480] <... futex resumed>) = 0 [pid 5481] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... openat resumed>) = 5 [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 0 [pid 5481] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5481] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5480] exit_group(0) = ? [pid 5481] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5480, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./190/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5482 attached , child_tidptr=0x55557f632690) = 5482 [pid 5482] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5482] chdir("./191") = 0 [pid 5482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5482] setpgid(0, 0) = 0 [pid 5482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5482] write(3, "1000", 4) = 4 [pid 5482] close(3) = 0 [pid 5482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5482] write(1, "executing program\n", 18executing program ) = 18 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5482] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5483 attached [pid 5483] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5482] <... clone3 resumed> => {parent_tid=[5483]}, 88) = 5483 [pid 5483] <... rseq resumed>) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5483] set_robust_list(0x7f2454d0d9a0, 24 [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5483] <... set_robust_list resumed>) = 0 [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5483] memfd_create("syzkaller", 0) = 3 [pid 5483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5483] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5483] munmap(0x7f244c800000, 138412032) = 0 [pid 5483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5483] close(3) = 0 [pid 5483] close(4) = 0 [pid 5483] mkdir("./file2", 0777) = 0 [pid 5483] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5483] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5483] chdir("./file2") = 0 [pid 5483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 142.351332][ T5483] loop0: detected capacity change from 0 to 4096 [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] <... openat resumed>) = 4 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5482] <... futex resumed>) = 1 [pid 5483] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] <... futex resumed>) = 0 [pid 5483] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... openat resumed>) = 5 [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] <... futex resumed>) = 0 [pid 5483] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... write resumed>) = 1036288 [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5482] <... futex resumed>) = 1 [pid 5483] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5482] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... mmap resumed>) = 0x20000000 [pid 5483] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... futex resumed>) = 0 [pid 5482] exit_group(0 [pid 5483] <... futex resumed>) = ? [pid 5482] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5482, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./191", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./191/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5484 attached , child_tidptr=0x55557f632690) = 5484 [pid 5484] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5484] chdir("./192") = 0 [pid 5484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5484] setpgid(0, 0) = 0 [pid 5484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5484] write(3, "1000", 4) = 4 [pid 5484] close(3) = 0 [pid 5484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5484] write(1, "executing program\n", 18executing program ) = 18 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5484] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5484] <... clone3 resumed> => {parent_tid=[5485]}, 88) = 5485 [pid 5485] <... rseq resumed>) = 0 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], [pid 5485] set_robust_list(0x7f2454d0d9a0, 24 [pid 5484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] <... set_robust_list resumed>) = 0 [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], [pid 5484] <... futex resumed>) = 0 [pid 5485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5485] memfd_create("syzkaller", 0) = 3 [pid 5485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5485] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5485] munmap(0x7f244c800000, 138412032) = 0 [pid 5485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5485] close(3) = 0 [pid 5485] close(4) = 0 [pid 5485] mkdir("./file2", 0777) = 0 [pid 5485] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 142.800436][ T5485] loop0: detected capacity change from 0 to 4096 [pid 5485] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5485] chdir("./file2") = 0 [pid 5485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5485] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... openat resumed>) = 4 [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5485] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5484] <... futex resumed>) = 0 [pid 5485] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5485] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... openat resumed>) = 5 [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... write resumed>) = 1036288 [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5484] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... mmap resumed>) = 0x20000000 [pid 5485] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5485] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] exit_group(0 [pid 5485] <... futex resumed>) = ? [pid 5485] +++ exited with 0 +++ [pid 5484] <... exit_group resumed>) = ? [pid 5484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5484, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./192/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5486 attached , child_tidptr=0x55557f632690) = 5486 [pid 5486] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5486] chdir("./193") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] write(1, "executing program\n", 18executing program ) = 18 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5486] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5487 attached => {parent_tid=[5487]}, 88) = 5487 [pid 5487] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5487] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] memfd_create("syzkaller", 0) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5487] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5487] munmap(0x7f244c800000, 138412032) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] close(4) = 0 [pid 5487] mkdir("./file2", 0777) = 0 [pid 5487] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5487] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./file2") = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 143.285542][ T5487] loop0: detected capacity change from 0 to 4096 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... openat resumed>) = 4 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... openat resumed>) = 5 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... write resumed>) = 1036288 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... mmap resumed>) = 0x20000000 [pid 5487] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] exit_group(0) = ? [pid 5487] <... futex resumed>) = ? [pid 5487] +++ exited with 0 +++ [pid 5486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5486, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./193", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./193/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5488 attached , child_tidptr=0x55557f632690) = 5488 [pid 5488] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5488] chdir("./194") = 0 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5488] write(1, "executing program\n", 18) = 18 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5488] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5489 attached [pid 5489] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5488] <... clone3 resumed> => {parent_tid=[5489]}, 88) = 5489 [pid 5489] set_robust_list(0x7f2454d0d9a0, 24 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] <... set_robust_list resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5489] memfd_create("syzkaller", 0) = 3 [pid 5489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5489] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5489] munmap(0x7f244c800000, 138412032) = 0 [pid 5489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5489] close(3) = 0 [pid 5489] close(4) = 0 [pid 5489] mkdir("./file2", 0777) = 0 [pid 5489] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5489] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5489] chdir("./file2") = 0 [pid 5489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 143.780954][ T5489] loop0: detected capacity change from 0 to 4096 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... openat resumed>) = 4 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5489] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... openat resumed>) = 5 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... write resumed>) = 1036288 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5488] <... futex resumed>) = 0 [pid 5489] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5488] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... mmap resumed>) = 0x20000000 [pid 5489] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] exit_group(0 [pid 5489] <... futex resumed>) = ? [pid 5489] +++ exited with 0 +++ [pid 5488] <... exit_group resumed>) = ? [pid 5488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5488, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./194/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5490 attached , child_tidptr=0x55557f632690) = 5490 [pid 5490] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5490] chdir("./195") = 0 [pid 5490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5490] setpgid(0, 0) = 0 [pid 5490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5490] write(3, "1000", 4) = 4 [pid 5490] close(3) = 0 [pid 5490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5490] write(1, "executing program\n", 18executing program ) = 18 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5490] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5491 attached [pid 5491] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5490] <... clone3 resumed> => {parent_tid=[5491]}, 88) = 5491 [pid 5491] <... rseq resumed>) = 0 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], [pid 5491] set_robust_list(0x7f2454d0d9a0, 24 [pid 5490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5491] <... set_robust_list resumed>) = 0 [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5491] memfd_create("syzkaller", 0) = 3 [pid 5491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5491] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5491] munmap(0x7f244c800000, 138412032) = 0 [pid 5491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5491] close(3) = 0 [pid 5491] close(4) = 0 [pid 5491] mkdir("./file2", 0777) = 0 [pid 5491] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5491] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5491] chdir("./file2") = 0 [pid 5491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5491] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... openat resumed>) = 4 [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5491] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5490] <... futex resumed>) = 0 [pid 5491] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 1 [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5490] <... futex resumed>) = 0 [ 144.217862][ T5491] loop0: detected capacity change from 0 to 4096 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... openat resumed>) = 5 [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... write resumed>) = 1036288 [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5491] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5490] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... mmap resumed>) = 0x20000000 [pid 5491] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = 0 [pid 5490] exit_group(0) = ? [pid 5491] <... futex resumed>) = ? [pid 5491] +++ exited with 0 +++ [pid 5490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5490, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./195/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5492 attached [pid 5492] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5492] chdir("./196" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5492 [pid 5492] <... chdir resumed>) = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] write(1, "executing program\n", 18executing program ) = 18 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5492] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5493 attached [pid 5493] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5492] <... clone3 resumed> => {parent_tid=[5493]}, 88) = 5493 [pid 5493] set_robust_list(0x7f2454d0d9a0, 24 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5493] <... set_robust_list resumed>) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5493] memfd_create("syzkaller", 0) = 3 [pid 5493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5493] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5493] munmap(0x7f244c800000, 138412032) = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5493] close(3) = 0 [pid 5493] close(4) = 0 [pid 5493] mkdir("./file2", 0777) = 0 [pid 5493] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5493] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5493] chdir("./file2") = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [ 144.614906][ T5493] loop0: detected capacity change from 0 to 4096 [pid 5493] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... openat resumed>) = 4 [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5492] <... futex resumed>) = 0 [pid 5493] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5493] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... write resumed>) = 1036288 [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5493] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5492] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... mmap resumed>) = 0x20000000 [pid 5493] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] exit_group(0 [pid 5493] <... futex resumed>) = ? [pid 5492] <... exit_group resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5492, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./196", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./196/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5494 attached , child_tidptr=0x55557f632690) = 5494 [pid 5494] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5494] chdir("./197") = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5494] write(1, "executing program\n", 18) = 18 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5494] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5495 attached [pid 5495] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5494] <... clone3 resumed> => {parent_tid=[5495]}, 88) = 5495 [pid 5495] set_robust_list(0x7f2454d0d9a0, 24 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... set_robust_list resumed>) = 0 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5495] memfd_create("syzkaller", 0) = 3 [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5495] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5495] munmap(0x7f244c800000, 138412032) = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5495] close(3) = 0 [pid 5495] close(4) = 0 [pid 5495] mkdir("./file2", 0777) = 0 [ 145.039404][ T5495] loop0: detected capacity change from 0 to 4096 [pid 5495] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5495] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] chdir("./file2") = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5495] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... openat resumed>) = 5 [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5494] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5495] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] exit_group(0 [pid 5495] <... futex resumed>) = ? [pid 5494] <... exit_group resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./197/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5496 attached , child_tidptr=0x55557f632690) = 5496 [pid 5496] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5496] chdir("./198") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] write(1, "executing program\n", 18executing program ) = 18 [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5496] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5497 attached [pid 5497] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5496] <... clone3 resumed> => {parent_tid=[5497]}, 88) = 5497 [pid 5497] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5497] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] memfd_create("syzkaller", 0 [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] <... memfd_create resumed>) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5497] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5497] munmap(0x7f244c800000, 138412032) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] close(4) = 0 [pid 5497] mkdir("./file2", 0777) = 0 [pid 5497] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5497] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./file2") = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] <... futex resumed>) = 0 [pid 5497] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 145.455863][ T5497] loop0: detected capacity change from 0 to 4096 [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... openat resumed>) = 5 [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5497] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... mmap resumed>) = 0x20000000 [pid 5497] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] exit_group(0 [pid 5497] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5496] <... exit_group resumed>) = ? [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./198/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5498 attached , child_tidptr=0x55557f632690) = 5498 [pid 5498] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5498] chdir("./199") = 0 [pid 5498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5498] setpgid(0, 0) = 0 [pid 5498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] write(3, "1000", 4) = 4 [pid 5498] close(3) = 0 [pid 5498] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5498] write(1, "executing program\n", 18) = 18 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5498] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5499 attached [pid 5499] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5498] <... clone3 resumed> => {parent_tid=[5499]}, 88) = 5499 [pid 5499] <... rseq resumed>) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] set_robust_list(0x7f2454d0d9a0, 24 [pid 5498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] <... set_robust_list resumed>) = 0 [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5498] <... futex resumed>) = 0 [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] memfd_create("syzkaller", 0) = 3 [pid 5499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5499] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5499] munmap(0x7f244c800000, 138412032) = 0 [pid 5499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5499] close(3) = 0 [pid 5499] close(4) = 0 [pid 5499] mkdir("./file2", 0777) = 0 [pid 5499] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 145.889765][ T5499] loop0: detected capacity change from 0 to 4096 [pid 5499] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5499] chdir("./file2") = 0 [pid 5499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5499] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... openat resumed>) = 4 [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5499] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5498] <... futex resumed>) = 0 [pid 5499] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... openat resumed>) = 5 [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... write resumed>) = 1036288 [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5498] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... mmap resumed>) = 0x20000000 [pid 5499] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] exit_group(0 [pid 5499] <... futex resumed>) = ? [pid 5498] <... exit_group resumed>) = ? [pid 5499] +++ exited with 0 +++ [pid 5498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5498, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./199", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./199/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5500 attached , child_tidptr=0x55557f632690) = 5500 [pid 5500] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5500] chdir("./200") = 0 [pid 5500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5500] setpgid(0, 0) = 0 [pid 5500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5500] write(3, "1000", 4) = 4 [pid 5500] close(3) = 0 [pid 5500] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5500] write(1, "executing program\n", 18) = 18 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5500] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5501 attached [pid 5501] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5500] <... clone3 resumed> => {parent_tid=[5501]}, 88) = 5501 [pid 5501] set_robust_list(0x7f2454d0d9a0, 24 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] <... set_robust_list resumed>) = 0 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5501] memfd_create("syzkaller", 0) = 3 [pid 5501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5501] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5501] munmap(0x7f244c800000, 138412032) = 0 [pid 5501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5501] close(3) = 0 [pid 5501] close(4) = 0 [pid 5501] mkdir("./file2", 0777) = 0 [pid 5501] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5501] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 146.317960][ T5501] loop0: detected capacity change from 0 to 4096 [pid 5501] chdir("./file2") = 0 [pid 5501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5501] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5501] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... openat resumed>) = 4 [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5501] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5500] <... futex resumed>) = 0 [pid 5501] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = 1 [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... openat resumed>) = 5 [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5501] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] <... futex resumed>) = 0 [pid 5501] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... write resumed>) = 1036288 [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5501] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5500] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... mmap resumed>) = 0x20000000 [pid 5501] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... futex resumed>) = 0 [pid 5500] exit_group(0 [pid 5501] <... futex resumed>) = ? [pid 5500] <... exit_group resumed>) = ? [pid 5501] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5500, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./200", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./200/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5502 attached , child_tidptr=0x55557f632690) = 5502 [pid 5502] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5502] chdir("./201") = 0 [pid 5502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5502] setpgid(0, 0) = 0 [pid 5502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5502] write(3, "1000", 4) = 4 [pid 5502] close(3) = 0 [pid 5502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5502] write(1, "executing program\n", 18executing program ) = 18 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5502] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5503 attached [pid 5503] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5502] <... clone3 resumed> => {parent_tid=[5503]}, 88) = 5503 [pid 5503] set_robust_list(0x7f2454d0d9a0, 24 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5503] <... set_robust_list resumed>) = 0 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5503] memfd_create("syzkaller", 0) = 3 [pid 5503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5503] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5503] munmap(0x7f244c800000, 138412032) = 0 [pid 5503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5503] close(3) = 0 [pid 5503] close(4) = 0 [pid 5503] mkdir("./file2", 0777) = 0 [pid 5503] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5503] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 146.797302][ T5503] loop0: detected capacity change from 0 to 4096 [pid 5503] chdir("./file2") = 0 [pid 5503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... openat resumed>) = 4 [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5503] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] <... futex resumed>) = 0 [pid 5503] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5503] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... openat resumed>) = 5 [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5503] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... write resumed>) = 1036288 [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5503] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5502] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... mmap resumed>) = 0x20000000 [pid 5503] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... futex resumed>) = 0 [pid 5502] exit_group(0) = ? [pid 5503] <... futex resumed>) = ? [pid 5503] +++ exited with 0 +++ [pid 5502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5502, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./201/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5504 attached , child_tidptr=0x55557f632690) = 5504 [pid 5504] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5504] chdir("./202") = 0 [pid 5504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5504] setpgid(0, 0) = 0 [pid 5504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5504] write(3, "1000", 4) = 4 [pid 5504] close(3) = 0 [pid 5504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5504] write(1, "executing program\n", 18executing program ) = 18 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5504] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5505 attached [pid 5505] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5504] <... clone3 resumed> => {parent_tid=[5505]}, 88) = 5505 [pid 5505] <... rseq resumed>) = 0 [pid 5505] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5504] <... futex resumed>) = 1 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5505] memfd_create("syzkaller", 0) = 3 [pid 5505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5505] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5505] munmap(0x7f244c800000, 138412032) = 0 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5505] close(3) = 0 [pid 5505] close(4) = 0 [pid 5505] mkdir("./file2", 0777) = 0 [pid 5505] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5505] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5505] chdir("./file2") = 0 [ 147.255562][ T5505] loop0: detected capacity change from 0 to 4096 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... openat resumed>) = 4 [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5504] <... futex resumed>) = 0 [pid 5505] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... openat resumed>) = 5 [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5504] <... futex resumed>) = 0 [pid 5505] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... write resumed>) = 1036288 [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5505] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5504] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... mmap resumed>) = 0x20000000 [pid 5505] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] exit_group(0) = ? [pid 5505] <... futex resumed>) = ? [pid 5505] +++ exited with 0 +++ [pid 5504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5504, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./202/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5506 attached , child_tidptr=0x55557f632690) = 5506 [pid 5506] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5506] chdir("./203") = 0 [pid 5506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5506] setpgid(0, 0) = 0 [pid 5506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5506] write(3, "1000", 4) = 4 [pid 5506] close(3) = 0 [pid 5506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5506] write(1, "executing program\n", 18executing program ) = 18 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5506] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5507 attached [pid 5507] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5506] <... clone3 resumed> => {parent_tid=[5507]}, 88) = 5507 [pid 5507] <... rseq resumed>) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] set_robust_list(0x7f2454d0d9a0, 24 [pid 5506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5506] <... futex resumed>) = 0 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5507] memfd_create("syzkaller", 0) = 3 [pid 5507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5507] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5507] munmap(0x7f244c800000, 138412032) = 0 [pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5507] close(3) = 0 [pid 5507] close(4) = 0 [pid 5507] mkdir("./file2", 0777) = 0 [pid 5507] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5507] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5507] chdir("./file2") = 0 [pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 147.724727][ T5507] loop0: detected capacity change from 0 to 4096 [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... futex resumed>) = 0 [pid 5507] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5507] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] <... openat resumed>) = 5 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... write resumed>) = 1036288 [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5507] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5506] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... mmap resumed>) = 0x20000000 [pid 5507] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] exit_group(0 [pid 5507] <... futex resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5506] <... exit_group resumed>) = ? [pid 5506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5506, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./203/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5508 attached , child_tidptr=0x55557f632690) = 5508 [pid 5508] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5508] chdir("./204") = 0 [pid 5508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5508] setpgid(0, 0) = 0 [pid 5508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5508] write(3, "1000", 4) = 4 [pid 5508] close(3) = 0 [pid 5508] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5508] write(1, "executing program\n", 18) = 18 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5508] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5509 attached [pid 5509] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5508] <... clone3 resumed> => {parent_tid=[5509]}, 88) = 5509 [pid 5509] <... rseq resumed>) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] set_robust_list(0x7f2454d0d9a0, 24 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5509] <... set_robust_list resumed>) = 0 [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... futex resumed>) = 0 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5509] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5509] munmap(0x7f244c800000, 138412032) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] close(4) = 0 [pid 5509] mkdir("./file2", 0777) = 0 [pid 5509] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5509] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./file2") = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [ 148.251613][ T5509] loop0: detected capacity change from 0 to 4096 [pid 5509] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5509] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5508] <... futex resumed>) = 0 [pid 5509] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5509] <... futex resumed>) = 0 [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... openat resumed>) = 5 [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5509] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... write resumed>) = 1036288 [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5509] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5508] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... mmap resumed>) = 0x20000000 [pid 5509] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] exit_group(0 [pid 5509] <... futex resumed>) = ? [pid 5509] +++ exited with 0 +++ [pid 5508] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5508, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./204/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5510 attached , child_tidptr=0x55557f632690) = 5510 [pid 5510] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5510] chdir("./205") = 0 [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5510] setpgid(0, 0) = 0 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5510] write(3, "1000", 4) = 4 [pid 5510] close(3) = 0 [pid 5510] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5510] write(1, "executing program\n", 18) = 18 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5510] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5511 attached [pid 5511] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5511] set_robust_list(0x7f2454d0d9a0, 24 [pid 5510] <... clone3 resumed> => {parent_tid=[5511]}, 88) = 5511 [pid 5511] <... set_robust_list resumed>) = 0 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5511] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5511] memfd_create("syzkaller", 0) = 3 [pid 5511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5511] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5511] munmap(0x7f244c800000, 138412032) = 0 [pid 5511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5511] close(3) = 0 [pid 5511] close(4) = 0 [pid 5511] mkdir("./file2", 0777) = 0 [pid 5511] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5511] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5511] chdir("./file2") = 0 [ 148.704115][ T5511] loop0: detected capacity change from 0 to 4096 [pid 5511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5510] <... futex resumed>) = 1 [pid 5511] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... openat resumed>) = 4 [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5510] <... futex resumed>) = 0 [pid 5511] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] <... openat resumed>) = 5 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... write resumed>) = 1036288 [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... futex resumed>) = 1 [pid 5511] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5511] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] exit_group(0 [pid 5511] <... futex resumed>) = ? [pid 5510] <... exit_group resumed>) = ? [pid 5511] +++ exited with 0 +++ [pid 5510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5510, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./205/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5512 attached , child_tidptr=0x55557f632690) = 5512 [pid 5512] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5512] chdir("./206") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] write(1, "executing program\n", 18executing program ) = 18 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5512] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5513 attached [pid 5513] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5512] <... clone3 resumed> => {parent_tid=[5513]}, 88) = 5513 [pid 5513] <... rseq resumed>) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] set_robust_list(0x7f2454d0d9a0, 24 [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] <... set_robust_list resumed>) = 0 [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] <... futex resumed>) = 0 [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5513] memfd_create("syzkaller", 0) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5513] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5513] munmap(0x7f244c800000, 138412032) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] close(4) = 0 [pid 5513] mkdir("./file2", 0777) = 0 [pid 5513] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5513] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./file2") = 0 [ 149.166987][ T5513] loop0: detected capacity change from 0 to 4096 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5512] <... futex resumed>) = 1 [pid 5513] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... openat resumed>) = 4 [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... write resumed>) = 1036288 [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] <... futex resumed>) = 0 [pid 5513] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5512] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... mmap resumed>) = 0x20000000 [pid 5513] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] exit_group(0) = ? [pid 5513] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5512, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./206", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 umount2("./206/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./206/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5514 attached , child_tidptr=0x55557f632690) = 5514 [pid 5514] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5514] chdir("./207") = 0 [pid 5514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5514] setpgid(0, 0) = 0 [pid 5514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5514] write(3, "1000", 4) = 4 [pid 5514] close(3) = 0 [pid 5514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5514] write(1, "executing program\n", 18executing program ) = 18 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5514] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5515 attached [pid 5515] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5514] <... clone3 resumed> => {parent_tid=[5515]}, 88) = 5515 [pid 5515] <... rseq resumed>) = 0 [pid 5515] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5515] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5515] memfd_create("syzkaller", 0) = 3 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5515] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5515] munmap(0x7f244c800000, 138412032) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5515] close(3) = 0 [pid 5515] close(4) = 0 [pid 5515] mkdir("./file2", 0777) = 0 [pid 5515] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5515] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 149.637386][ T5515] loop0: detected capacity change from 0 to 4096 [pid 5515] chdir("./file2") = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5515] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... openat resumed>) = 4 [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5515] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... openat resumed>) = 5 [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... write resumed>) = 1036288 [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... futex resumed>) = 1 [pid 5515] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5515] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] exit_group(0 [pid 5515] <... futex resumed>) = ? [pid 5514] <... exit_group resumed>) = ? [pid 5515] +++ exited with 0 +++ [pid 5514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5514, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./207", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 umount2("./207/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./207/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5516 attached , child_tidptr=0x55557f632690) = 5516 [pid 5516] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5516] chdir("./208") = 0 [pid 5516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5516] setpgid(0, 0) = 0 [pid 5516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5516] write(3, "1000", 4) = 4 [pid 5516] close(3) = 0 [pid 5516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5516] write(1, "executing program\n", 18executing program ) = 18 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5516] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5517 attached [pid 5517] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5516] <... clone3 resumed> => {parent_tid=[5517]}, 88) = 5517 [pid 5517] set_robust_list(0x7f2454d0d9a0, 24 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], [pid 5517] <... set_robust_list resumed>) = 0 [pid 5516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5517] memfd_create("syzkaller", 0) = 3 [pid 5517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5517] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5517] munmap(0x7f244c800000, 138412032) = 0 [pid 5517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5517] close(3) = 0 [pid 5517] close(4) = 0 [pid 5517] mkdir("./file2", 0777) = 0 [pid 5517] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5517] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5517] chdir("./file2") = 0 [pid 5517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 150.081971][ T5517] loop0: detected capacity change from 0 to 4096 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... openat resumed>) = 4 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5516] <... futex resumed>) = 0 [pid 5517] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... openat resumed>) = 5 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5517] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... write resumed>) = 1036288 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5516] <... futex resumed>) = 1 [pid 5517] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5516] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... mmap resumed>) = 0x20000000 [pid 5517] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] <... futex resumed>) = 0 [pid 5516] exit_group(0 [pid 5517] <... futex resumed>) = ? [pid 5516] <... exit_group resumed>) = ? [pid 5517] +++ exited with 0 +++ [pid 5516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5516, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./208/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5518 attached , child_tidptr=0x55557f632690) = 5518 [pid 5518] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5518] chdir("./209") = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5518] setpgid(0, 0) = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] write(1, "executing program\n", 18executing program ) = 18 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5518] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5519 attached [pid 5519] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5518] <... clone3 resumed> => {parent_tid=[5519]}, 88) = 5519 [pid 5519] <... rseq resumed>) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], [pid 5519] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5519] memfd_create("syzkaller", 0) = 3 [pid 5519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5519] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5519] munmap(0x7f244c800000, 138412032) = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5519] close(3) = 0 [pid 5519] close(4) = 0 [pid 5519] mkdir("./file2", 0777) = 0 [pid 5519] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5519] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5519] chdir("./file2") = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5519] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 150.528821][ T5519] loop0: detected capacity change from 0 to 4096 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... openat resumed>) = 4 [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] <... futex resumed>) = 0 [pid 5519] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... openat resumed>) = 5 [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5519] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... write resumed>) = 1036288 [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5519] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5518] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... mmap resumed>) = 0x20000000 [pid 5519] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] <... futex resumed>) = 0 [pid 5518] exit_group(0 [pid 5519] <... futex resumed>) = ? [pid 5518] <... exit_group resumed>) = ? [pid 5519] +++ exited with 0 +++ [pid 5518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5518, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./209", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 umount2("./209/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./209/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5520 ./strace-static-x86_64: Process 5520 attached [pid 5520] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5520] chdir("./210") = 0 [pid 5520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5520] setpgid(0, 0) = 0 [pid 5520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5520] write(3, "1000", 4) = 4 [pid 5520] close(3) = 0 [pid 5520] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5520] write(1, "executing program\n", 18) = 18 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5520] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5521 attached [pid 5521] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5520] <... clone3 resumed> => {parent_tid=[5521]}, 88) = 5521 [pid 5521] <... rseq resumed>) = 0 [pid 5521] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] <... futex resumed>) = 0 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5521] memfd_create("syzkaller", 0) = 3 [pid 5521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5521] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5521] munmap(0x7f244c800000, 138412032) = 0 [pid 5521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5521] close(3) = 0 [pid 5521] close(4) = 0 [pid 5521] mkdir("./file2", 0777) = 0 [pid 5521] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5521] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5521] chdir("./file2") = 0 [ 151.012018][ T5521] loop0: detected capacity change from 0 to 4096 [pid 5521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] <... futex resumed>) = 0 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5520] <... futex resumed>) = 1 [pid 5521] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... futex resumed>) = 0 [pid 5521] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... openat resumed>) = 5 [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... futex resumed>) = 0 [pid 5521] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... write resumed>) = 1036288 [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5521] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... mmap resumed>) = 0x20000000 [pid 5521] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] exit_group(0 [pid 5521] <... futex resumed>) = ? [pid 5520] <... exit_group resumed>) = ? [pid 5521] +++ exited with 0 +++ [pid 5520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5520, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./210", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./210/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5522 attached , child_tidptr=0x55557f632690) = 5522 [pid 5522] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5522] chdir("./211") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5522] write(1, "executing program\n", 18) = 18 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5522] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5522] <... clone3 resumed> => {parent_tid=[5523]}, 88) = 5523 [pid 5523] <... rseq resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7f2454d0d9a0, 24 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5523] memfd_create("syzkaller", 0) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5523] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5523] munmap(0x7f244c800000, 138412032) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] close(4) = 0 [pid 5523] mkdir("./file2", 0777) = 0 [pid 5523] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5523] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./file2") = 0 [ 151.489192][ T5523] loop0: detected capacity change from 0 to 4096 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... openat resumed>) = 4 [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5522] <... futex resumed>) = 0 [pid 5523] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] <... openat resumed>) = 5 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... write resumed>) = 1036288 [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5522] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... mmap resumed>) = 0x20000000 [pid 5523] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 0 [pid 5522] exit_group(0) = ? [pid 5523] <... futex resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./211/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5524 attached [pid 5524] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5524] chdir("./212" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5524 [pid 5524] <... chdir resumed>) = 0 [pid 5524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5524] setpgid(0, 0) = 0 [pid 5524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5524] write(3, "1000", 4) = 4 [pid 5524] close(3) = 0 [pid 5524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5524] write(1, "executing program\n", 18executing program ) = 18 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5524] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5525 attached [pid 5525] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5524] <... clone3 resumed> => {parent_tid=[5525]}, 88) = 5525 [pid 5525] set_robust_list(0x7f2454d0d9a0, 24 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] <... set_robust_list resumed>) = 0 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5525] memfd_create("syzkaller", 0) = 3 [pid 5525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5525] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5525] munmap(0x7f244c800000, 138412032) = 0 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5525] close(3) = 0 [pid 5525] close(4) = 0 [pid 5525] mkdir("./file2", 0777) = 0 [pid 5525] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5525] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 151.943683][ T5525] loop0: detected capacity change from 0 to 4096 [pid 5525] chdir("./file2") = 0 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5525] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5524] <... futex resumed>) = 0 [pid 5525] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... openat resumed>) = 4 [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5524] <... futex resumed>) = 1 [pid 5525] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5525] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5524] <... futex resumed>) = 0 [pid 5525] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... openat resumed>) = 5 [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... write resumed>) = 1036288 [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... mmap resumed>) = 0x20000000 [pid 5525] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] <... futex resumed>) = 0 [pid 5524] exit_group(0 [pid 5525] <... futex resumed>) = ? [pid 5525] +++ exited with 0 +++ [pid 5524] <... exit_group resumed>) = ? [pid 5524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5524, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./212/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5526 attached , child_tidptr=0x55557f632690) = 5526 [pid 5526] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5526] chdir("./213") = 0 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5526] setpgid(0, 0) = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5526] write(3, "1000", 4) = 4 [pid 5526] close(3) = 0 [pid 5526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5526] write(1, "executing program\n", 18executing program ) = 18 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5526] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5527 attached [pid 5527] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5527] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5526] <... clone3 resumed> => {parent_tid=[5527]}, 88) = 5527 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5527] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5527] memfd_create("syzkaller", 0) = 3 [pid 5527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5527] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5527] munmap(0x7f244c800000, 138412032) = 0 [pid 5527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5527] close(3) = 0 [pid 5527] close(4) = 0 [pid 5527] mkdir("./file2", 0777) = 0 [pid 5527] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5527] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5527] chdir("./file2") = 0 [pid 5527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 152.333745][ T5527] loop0: detected capacity change from 0 to 4096 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... openat resumed>) = 4 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5526] <... futex resumed>) = 1 [pid 5527] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5527] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5526] <... futex resumed>) = 1 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... openat resumed>) = 5 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... write resumed>) = 1036288 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5527] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5526] <... futex resumed>) = 0 [pid 5527] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5526] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... mmap resumed>) = 0x20000000 [pid 5527] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5527] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] exit_group(0 [pid 5527] <... futex resumed>) = ? [pid 5526] <... exit_group resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5526, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./213", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./213/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5528 attached , child_tidptr=0x55557f632690) = 5528 [pid 5528] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5528] chdir("./214") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5528] write(1, "executing program\n", 18) = 18 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5528] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5529 attached [pid 5529] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5528] <... clone3 resumed> => {parent_tid=[5529]}, 88) = 5529 [pid 5529] set_robust_list(0x7f2454d0d9a0, 24 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] <... set_robust_list resumed>) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] memfd_create("syzkaller", 0 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] <... memfd_create resumed>) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5529] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5529] munmap(0x7f244c800000, 138412032) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] close(4) = 0 [pid 5529] mkdir("./file2", 0777) = 0 [pid 5529] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5529] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./file2") = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 152.801206][ T5529] loop0: detected capacity change from 0 to 4096 [pid 5529] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... openat resumed>) = 4 [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... write resumed>) = 1036288 [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5528] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5528] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... mmap resumed>) = 0x20000000 [pid 5529] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... futex resumed>) = 0 [pid 5528] exit_group(0 [pid 5529] <... futex resumed>) = ? [pid 5528] <... exit_group resumed>) = ? [pid 5529] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5528, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./214/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5530] chdir("./215") = 0 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5530] setpgid(0, 0) = 0 [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5530] write(3, "1000", 4) = 4 [pid 5530] close(3) = 0 [pid 5530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5530] write(1, "executing program\n", 18executing program ) = 18 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5530] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5531 attached [pid 5531] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5530] <... clone3 resumed> => {parent_tid=[5531]}, 88) = 5531 [pid 5531] set_robust_list(0x7f2454d0d9a0, 24 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5531] <... set_robust_list resumed>) = 0 [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5531] memfd_create("syzkaller", 0) = 3 [pid 5531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5531] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5531] munmap(0x7f244c800000, 138412032) = 0 [pid 5531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5531] close(3) = 0 [pid 5531] close(4) = 0 [pid 5531] mkdir("./file2", 0777) = 0 [pid 5531] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5531] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5531] chdir("./file2") = 0 [pid 5531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5531] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] <... futex resumed>) = 0 [ 153.290076][ T5531] loop0: detected capacity change from 0 to 4096 [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5531] <... futex resumed>) = 0 [pid 5531] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... openat resumed>) = 4 [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5531] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... futex resumed>) = 0 [pid 5530] <... futex resumed>) = 1 [pid 5531] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5531] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] <... futex resumed>) = 0 [pid 5531] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... openat resumed>) = 5 [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... write resumed>) = 1036288 [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5531] <... futex resumed>) = 1 [pid 5530] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... mmap resumed>) = 0x20000000 [pid 5531] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5531] <... futex resumed>) = 1 [pid 5530] exit_group(0 [pid 5531] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5530] <... exit_group resumed>) = ? [pid 5531] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5530, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./215/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5532 attached [pid 5532] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5532] chdir("./216") = 0 [pid 5532] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5532 [pid 5532] <... prctl resumed>) = 0 [pid 5532] setpgid(0, 0) = 0 [pid 5532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5532] write(3, "1000", 4) = 4 [pid 5532] close(3) = 0 [pid 5532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5532] write(1, "executing program\n", 18) = 18 executing program [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5532] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5533 attached [pid 5533] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5532] <... clone3 resumed> => {parent_tid=[5533]}, 88) = 5533 [pid 5533] set_robust_list(0x7f2454d0d9a0, 24 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] <... set_robust_list resumed>) = 0 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5533] memfd_create("syzkaller", 0) = 3 [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5533] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5533] munmap(0x7f244c800000, 138412032) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5533] close(3) = 0 [pid 5533] close(4) = 0 [pid 5533] mkdir("./file2", 0777) = 0 [pid 5533] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5533] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5533] chdir("./file2") = 0 [ 153.681493][ T5533] loop0: detected capacity change from 0 to 4096 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5533] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5533] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... openat resumed>) = 5 [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... write resumed>) = 1036288 [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 1 [pid 5533] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5533] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] exit_group(0) = ? [pid 5533] <... futex resumed>) = ? [pid 5533] +++ exited with 0 +++ [pid 5532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5532, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 umount2("./216/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./216/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5534 attached , child_tidptr=0x55557f632690) = 5534 [pid 5534] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5534] chdir("./217") = 0 [pid 5534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5534] setpgid(0, 0) = 0 [pid 5534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5534] write(3, "1000", 4) = 4 [pid 5534] close(3) = 0 [pid 5534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5534] write(1, "executing program\n", 18executing program ) = 18 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5534] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5535 attached [pid 5535] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5534] <... clone3 resumed> => {parent_tid=[5535]}, 88) = 5535 [pid 5535] <... rseq resumed>) = 0 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5535] set_robust_list(0x7f2454d0d9a0, 24 [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5535] <... set_robust_list resumed>) = 0 [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5535] memfd_create("syzkaller", 0 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5535] <... memfd_create resumed>) = 3 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5535] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5535] munmap(0x7f244c800000, 138412032) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5535] close(3) = 0 [pid 5535] close(4) = 0 [pid 5535] mkdir("./file2", 0777) = 0 [pid 5535] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5535] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5535] chdir("./file2") = 0 [ 154.134777][ T5535] loop0: detected capacity change from 0 to 4096 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... openat resumed>) = 4 [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... openat resumed>) = 5 [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... write resumed>) = 1036288 [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5534] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... mmap resumed>) = 0x20000000 [pid 5535] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] exit_group(0 [pid 5535] <... futex resumed>) = ? [pid 5534] <... exit_group resumed>) = ? [pid 5535] +++ exited with 0 +++ [pid 5534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5534, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./217/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5536 attached , child_tidptr=0x55557f632690) = 5536 [pid 5536] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5536] chdir("./218") = 0 [pid 5536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5536] setpgid(0, 0) = 0 [pid 5536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5536] write(3, "1000", 4) = 4 [pid 5536] close(3) = 0 [pid 5536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5536] write(1, "executing program\n", 18executing program ) = 18 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5536] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0} => {parent_tid=[5537]}, 88) = 5537 ./strace-static-x86_64: Process 5537 attached [pid 5536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5537] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] <... rseq resumed>) = 0 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5537] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5537] memfd_create("syzkaller", 0) = 3 [pid 5537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5537] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5537] munmap(0x7f244c800000, 138412032) = 0 [pid 5537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5537] close(3) = 0 [pid 5537] close(4) = 0 [pid 5537] mkdir("./file2", 0777) = 0 [pid 5537] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5537] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5537] chdir("./file2") = 0 [pid 5537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5536] <... futex resumed>) = 0 [ 154.533777][ T5537] loop0: detected capacity change from 0 to 4096 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... openat resumed>) = 4 [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5536] <... futex resumed>) = 0 [pid 5537] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... openat resumed>) = 5 [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5536] <... futex resumed>) = 0 [pid 5537] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... write resumed>) = 1036288 [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5537] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] exit_group(0 [pid 5537] <... futex resumed>) = ? [pid 5536] <... exit_group resumed>) = ? [pid 5537] +++ exited with 0 +++ [pid 5536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5536, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./218/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5538 attached , child_tidptr=0x55557f632690) = 5538 [pid 5538] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5538] chdir("./219") = 0 [pid 5538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5538] setpgid(0, 0) = 0 [pid 5538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5538] write(3, "1000", 4) = 4 [pid 5538] close(3) = 0 [pid 5538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5538] write(1, "executing program\n", 18executing program ) = 18 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5538] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5539 attached => {parent_tid=[5539]}, 88) = 5539 [pid 5539] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5539] set_robust_list(0x7f2454d0d9a0, 24 [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5539] <... set_robust_list resumed>) = 0 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5539] memfd_create("syzkaller", 0) = 3 [pid 5539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5539] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5539] munmap(0x7f244c800000, 138412032) = 0 [pid 5539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5539] close(3) = 0 [pid 5539] close(4) = 0 [pid 5539] mkdir("./file2", 0777) = 0 [pid 5539] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5539] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5539] chdir("./file2") = 0 [pid 5539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5539] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5538] <... futex resumed>) = 0 [ 154.921662][ T5539] loop0: detected capacity change from 0 to 4096 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... openat resumed>) = 4 [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5538] <... futex resumed>) = 1 [pid 5539] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] <... futex resumed>) = 0 [pid 5539] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... openat resumed>) = 5 [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... write resumed>) = 1036288 [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5538] <... futex resumed>) = 1 [pid 5538] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5539] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5538] exit_group(0 [pid 5539] <... futex resumed>) = ? [pid 5538] <... exit_group resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5538, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./219/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5540 attached , child_tidptr=0x55557f632690) = 5540 [pid 5540] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5540] chdir("./220") = 0 [pid 5540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5540] setpgid(0, 0) = 0 [pid 5540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5540] write(3, "1000", 4) = 4 [pid 5540] close(3) = 0 [pid 5540] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5540] write(1, "executing program\n", 18) = 18 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5540] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5540] <... clone3 resumed> => {parent_tid=[5541]}, 88) = 5541 [pid 5541] set_robust_list(0x7f2454d0d9a0, 24 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... set_robust_list resumed>) = 0 [pid 5540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] memfd_create("syzkaller", 0 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5541] <... memfd_create resumed>) = 3 [pid 5541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5541] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5541] munmap(0x7f244c800000, 138412032) = 0 [pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5541] close(3) = 0 [pid 5541] close(4) = 0 [pid 5541] mkdir("./file2", 0777) = 0 [pid 5541] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5541] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5541] chdir("./file2") = 0 [pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] <... futex resumed>) = 0 [pid 5541] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... openat resumed>) = 4 [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] <... futex resumed>) = 0 [pid 5541] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.410207][ T5541] loop0: detected capacity change from 0 to 4096 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5541] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5540] <... futex resumed>) = 1 [pid 5541] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... write resumed>) = 1036288 [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5540] <... futex resumed>) = 1 [pid 5541] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5540] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... mmap resumed>) = 0x20000000 [pid 5541] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] exit_group(0 [pid 5541] <... futex resumed>) = ? [pid 5540] <... exit_group resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5540, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 umount2("./220/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./220/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5542 attached , child_tidptr=0x55557f632690) = 5542 [pid 5542] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5542] chdir("./221") = 0 [pid 5542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5542] setpgid(0, 0) = 0 [pid 5542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5542] write(3, "1000", 4) = 4 [pid 5542] close(3) = 0 [pid 5542] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5542] write(1, "executing program\n", 18) = 18 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5542] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5543 attached [pid 5543] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5542] <... clone3 resumed> => {parent_tid=[5543]}, 88) = 5543 [pid 5543] <... rseq resumed>) = 0 [pid 5543] set_robust_list(0x7f2454d0d9a0, 24 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], [pid 5543] <... set_robust_list resumed>) = 0 [pid 5542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5543] memfd_create("syzkaller", 0) = 3 [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5543] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5543] munmap(0x7f244c800000, 138412032) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5543] close(3) = 0 [pid 5543] close(4) = 0 [pid 5543] mkdir("./file2", 0777) = 0 [pid 5543] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5543] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5543] chdir("./file2") = 0 [ 155.892967][ T5543] loop0: detected capacity change from 0 to 4096 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... openat resumed>) = 4 [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... openat resumed>) = 5 [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] <... futex resumed>) = 0 [pid 5543] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... write resumed>) = 1036288 [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5542] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... mmap resumed>) = 0x20000000 [pid 5543] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] exit_group(0 [pid 5543] <... futex resumed>) = ? [pid 5542] <... exit_group resumed>) = ? [pid 5543] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5542, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./221/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5544 attached , child_tidptr=0x55557f632690) = 5544 [pid 5544] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5544] chdir("./222") = 0 [pid 5544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5544] setpgid(0, 0) = 0 [pid 5544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5544] write(3, "1000", 4) = 4 [pid 5544] close(3) = 0 [pid 5544] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5544] write(1, "executing program\n", 18) = 18 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5544] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5545 attached [pid 5545] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5544] <... clone3 resumed> => {parent_tid=[5545]}, 88) = 5545 [pid 5545] set_robust_list(0x7f2454d0d9a0, 24 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5545] <... set_robust_list resumed>) = 0 [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5545] memfd_create("syzkaller", 0) = 3 [pid 5545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5545] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5545] munmap(0x7f244c800000, 138412032) = 0 [pid 5545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5545] close(3) = 0 [pid 5545] close(4) = 0 [pid 5545] mkdir("./file2", 0777) = 0 [pid 5545] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5545] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5545] chdir("./file2") = 0 [pid 5545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.348450][ T5545] loop0: detected capacity change from 0 to 4096 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5545] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] <... futex resumed>) = 0 [pid 5545] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... openat resumed>) = 5 [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] <... futex resumed>) = 0 [pid 5545] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... write resumed>) = 1036288 [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] <... futex resumed>) = 0 [pid 5545] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5544] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... mmap resumed>) = 0x20000000 [pid 5545] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] exit_group(0 [pid 5545] <... futex resumed>) = ? [pid 5545] +++ exited with 0 +++ [pid 5544] <... exit_group resumed>) = ? [pid 5544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5544, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./222/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5546 attached [pid 5546] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5546] chdir("./223" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5546 [pid 5546] <... chdir resumed>) = 0 [pid 5546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5546] setpgid(0, 0) = 0 [pid 5546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5546] write(3, "1000", 4) = 4 [pid 5546] close(3) = 0 [pid 5546] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5546] write(1, "executing program\n", 18) = 18 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5546] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5547 attached [pid 5547] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5546] <... clone3 resumed> => {parent_tid=[5547]}, 88) = 5547 [pid 5547] set_robust_list(0x7f2454d0d9a0, 24 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] <... set_robust_list resumed>) = 0 [pid 5546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5547] memfd_create("syzkaller", 0) = 3 [pid 5547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5547] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5547] munmap(0x7f244c800000, 138412032) = 0 [pid 5547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5547] close(3) = 0 [pid 5547] close(4) = 0 [pid 5547] mkdir("./file2", 0777) = 0 [pid 5547] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 156.724853][ T5547] loop0: detected capacity change from 0 to 4096 [pid 5547] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5547] chdir("./file2") = 0 [pid 5547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5546] <... futex resumed>) = 0 [pid 5547] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... openat resumed>) = 5 [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5546] <... futex resumed>) = 1 [pid 5547] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... write resumed>) = 1036288 [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5546] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... mmap resumed>) = 0x20000000 [pid 5547] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5546] exit_group(0) = ? [pid 5547] +++ exited with 0 +++ [pid 5546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5546, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./223/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5548 attached , child_tidptr=0x55557f632690) = 5548 [pid 5548] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5548] chdir("./224") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5548] setpgid(0, 0) = 0 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5548] write(3, "1000", 4) = 4 [pid 5548] close(3) = 0 [pid 5548] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5548] write(1, "executing program\n", 18) = 18 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5548] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5549] set_robust_list(0x7f2454d0d9a0, 24 [pid 5548] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5549] <... set_robust_list resumed>) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] rt_sigprocmask(SIG_SETMASK, [], [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] memfd_create("syzkaller", 0 [pid 5548] <... futex resumed>) = 0 [pid 5549] <... memfd_create resumed>) = 3 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5549] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5549] munmap(0x7f244c800000, 138412032) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5549] close(3) = 0 [pid 5549] close(4) = 0 [pid 5549] mkdir("./file2", 0777) = 0 [pid 5549] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5549] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./file2") = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5548] <... futex resumed>) = 0 [ 157.233677][ T5549] loop0: detected capacity change from 0 to 4096 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... openat resumed>) = 4 [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] <... futex resumed>) = 0 [pid 5549] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... openat resumed>) = 5 [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] <... futex resumed>) = 0 [pid 5549] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... write resumed>) = 1036288 [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] <... futex resumed>) = 0 [pid 5549] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5548] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... mmap resumed>) = 0x20000000 [pid 5549] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] exit_group(0 [pid 5549] <... futex resumed>) = ? [pid 5548] <... exit_group resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5548, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./224/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5550 attached [pid 5550] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5550 [pid 5550] chdir("./225") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5550] write(1, "executing program\n", 18) = 18 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5550] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5551 attached [pid 5551] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5551] set_robust_list(0x7f2454d0d9a0, 24 [pid 5550] <... clone3 resumed> => {parent_tid=[5551]}, 88) = 5551 [pid 5551] <... set_robust_list resumed>) = 0 [pid 5551] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5551] memfd_create("syzkaller", 0) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5551] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5551] munmap(0x7f244c800000, 138412032) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] close(4) = 0 [pid 5551] mkdir("./file2", 0777) = 0 [pid 5551] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5551] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 157.644803][ T5551] loop0: detected capacity change from 0 to 4096 [pid 5551] chdir("./file2") = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... openat resumed>) = 4 [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... openat resumed>) = 5 [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... write resumed>) = 1036288 [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5550] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... mmap resumed>) = 0x20000000 [pid 5551] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] exit_group(0 [pid 5551] <... futex resumed>) = ? [pid 5550] <... exit_group resumed>) = ? [pid 5551] +++ exited with 0 +++ [pid 5550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5550, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./225/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5552 attached , child_tidptr=0x55557f632690) = 5552 [pid 5552] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5552] chdir("./226") = 0 [pid 5552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5552] setpgid(0, 0) = 0 [pid 5552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5552] write(3, "1000", 4) = 4 [pid 5552] close(3) = 0 [pid 5552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5552] write(1, "executing program\n", 18executing program ) = 18 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5552] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5553 attached [pid 5553] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5552] <... clone3 resumed> => {parent_tid=[5553]}, 88) = 5553 [pid 5553] set_robust_list(0x7f2454d0d9a0, 24 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] <... set_robust_list resumed>) = 0 [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5553] memfd_create("syzkaller", 0) = 3 [pid 5553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5553] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5553] munmap(0x7f244c800000, 138412032) = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5553] close(3) = 0 [pid 5553] close(4) = 0 [pid 5553] mkdir("./file2", 0777) = 0 [ 158.088697][ T5553] loop0: detected capacity change from 0 to 4096 [pid 5553] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5553] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5553] chdir("./file2") = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5552] <... futex resumed>) = 1 [pid 5553] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5552] <... futex resumed>) = 0 [pid 5553] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... openat resumed>) = 5 [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... write resumed>) = 1036288 [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = 0 [pid 5553] <... futex resumed>) = 1 [pid 5552] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... mmap resumed>) = 0x20000000 [pid 5553] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] exit_group(0 [pid 5553] <... futex resumed>) = ? [pid 5552] <... exit_group resumed>) = ? [pid 5553] +++ exited with 0 +++ [pid 5552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5552, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./226/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5554 attached [pid 5554] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5554] chdir("./227") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5554 [pid 5554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5554] setpgid(0, 0) = 0 [pid 5554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5554] write(3, "1000", 4) = 4 [pid 5554] close(3) = 0 [pid 5554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5554] write(1, "executing program\n", 18executing program ) = 18 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5554] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5555 attached [pid 5555] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5554] <... clone3 resumed> => {parent_tid=[5555]}, 88) = 5555 [pid 5555] <... rseq resumed>) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], [pid 5555] set_robust_list(0x7f2454d0d9a0, 24 [pid 5554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] <... set_robust_list resumed>) = 0 [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5554] <... futex resumed>) = 0 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5555] memfd_create("syzkaller", 0) = 3 [pid 5555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5555] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5555] munmap(0x7f244c800000, 138412032) = 0 [pid 5555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5555] close(3) = 0 [pid 5555] close(4) = 0 [pid 5555] mkdir("./file2", 0777) = 0 [pid 5555] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5555] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5555] chdir("./file2") = 0 [pid 5555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [ 158.604258][ T5555] loop0: detected capacity change from 0 to 4096 [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5554] <... futex resumed>) = 0 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... openat resumed>) = 4 [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = 1 [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5554] <... futex resumed>) = 0 [pid 5555] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... futex resumed>) = 0 [pid 5554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5554] <... futex resumed>) = 0 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... openat resumed>) = 5 [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] <... futex resumed>) = 0 [pid 5555] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... write resumed>) = 1036288 [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... futex resumed>) = 0 [pid 5554] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5554] <... futex resumed>) = 1 [pid 5555] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5554] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... mmap resumed>) = 0x20000000 [pid 5555] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... futex resumed>) = 0 [pid 5554] exit_group(0) = ? [pid 5555] <... futex resumed>) = ? [pid 5555] +++ exited with 0 +++ [pid 5554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5554, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./227/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5556 attached , child_tidptr=0x55557f632690) = 5556 [pid 5556] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5556] chdir("./228") = 0 [pid 5556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5556] setpgid(0, 0) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5556] write(3, "1000", 4) = 4 [pid 5556] close(3) = 0 [pid 5556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5556] write(1, "executing program\n", 18executing program ) = 18 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5556] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5557 attached [pid 5557] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5556] <... clone3 resumed> => {parent_tid=[5557]}, 88) = 5557 [pid 5557] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5557] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5557] memfd_create("syzkaller", 0) = 3 [pid 5557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5557] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5557] munmap(0x7f244c800000, 138412032) = 0 [pid 5557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5557] close(3) = 0 [pid 5557] close(4) = 0 [pid 5557] mkdir("./file2", 0777) = 0 [pid 5557] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5557] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5557] chdir("./file2") = 0 [pid 5557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5557] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 159.076340][ T5557] loop0: detected capacity change from 0 to 4096 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... openat resumed>) = 4 [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5557] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5557] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... openat resumed>) = 5 [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5557] <... futex resumed>) = 1 [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... write resumed>) = 1036288 [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5556] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... mmap resumed>) = 0x20000000 [pid 5557] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] exit_group(0) = ? [pid 5557] <... futex resumed>) = ? [pid 5557] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5556, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 umount2("./228/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./228/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5558 attached , child_tidptr=0x55557f632690) = 5558 [pid 5558] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5558] chdir("./229") = 0 [pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5558] setpgid(0, 0) = 0 [pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5558] write(3, "1000", 4) = 4 [pid 5558] close(3) = 0 [pid 5558] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5558] write(1, "executing program\n", 18) = 18 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5558] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5559 attached => {parent_tid=[5559]}, 88) = 5559 [pid 5559] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5559] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5559] memfd_create("syzkaller", 0) = 3 [pid 5559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5559] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5559] munmap(0x7f244c800000, 138412032) = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5559] close(3) = 0 [pid 5559] close(4) = 0 [pid 5559] mkdir("./file2", 0777) = 0 [pid 5559] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5559] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 159.539976][ T5559] loop0: detected capacity change from 0 to 4096 [pid 5559] chdir("./file2") = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5559] <... futex resumed>) = 0 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5559] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... write resumed>) = 1036288 [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5559] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5558] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... mmap resumed>) = 0x20000000 [pid 5559] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] exit_group(0 [pid 5559] <... futex resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5558] <... exit_group resumed>) = ? [pid 5558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./229/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5560 attached , child_tidptr=0x55557f632690) = 5560 [pid 5560] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5560] chdir("./230") = 0 [pid 5560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5560] setpgid(0, 0) = 0 [pid 5560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5560] write(3, "1000", 4) = 4 [pid 5560] close(3) = 0 [pid 5560] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5560] write(1, "executing program\n", 18) = 18 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5560] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5561 attached [pid 5561] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5560] <... clone3 resumed> => {parent_tid=[5561]}, 88) = 5561 [pid 5561] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5561] memfd_create("syzkaller", 0) = 3 [pid 5561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5561] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5561] munmap(0x7f244c800000, 138412032) = 0 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5561] close(3) = 0 [pid 5561] close(4) = 0 [pid 5561] mkdir("./file2", 0777) = 0 [pid 5561] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5561] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5561] chdir("./file2") = 0 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5561] <... futex resumed>) = 1 [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 160.009530][ T5561] loop0: detected capacity change from 0 to 4096 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... openat resumed>) = 4 [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5560] <... futex resumed>) = 0 [pid 5561] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5560] <... futex resumed>) = 0 [pid 5561] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... openat resumed>) = 5 [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5560] <... futex resumed>) = 1 [pid 5561] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... write resumed>) = 1036288 [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5560] <... futex resumed>) = 0 [pid 5561] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5560] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... mmap resumed>) = 0x20000000 [pid 5561] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] <... futex resumed>) = 0 [pid 5560] exit_group(0) = ? [pid 5561] <... futex resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5560, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 umount2("./230/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./230/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5562 attached , child_tidptr=0x55557f632690) = 5562 [pid 5562] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5562] chdir("./231") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5562] write(1, "executing program\n", 18) = 18 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5562] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5563] <... rseq resumed>) = 0 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] set_robust_list(0x7f2454d0d9a0, 24 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] <... set_robust_list resumed>) = 0 [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] <... futex resumed>) = 0 [pid 5563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] memfd_create("syzkaller", 0) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5563] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5563] munmap(0x7f244c800000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] close(4) = 0 [pid 5563] mkdir("./file2", 0777) = 0 [pid 5563] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 160.500955][ T5563] loop0: detected capacity change from 0 to 4096 [pid 5563] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./file2") = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5563] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... openat resumed>) = 4 [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 0 [pid 5563] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... openat resumed>) = 5 [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... write resumed>) = 1036288 [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5562] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... mmap resumed>) = 0x20000000 [pid 5563] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5562] exit_group(0 [pid 5563] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5562] <... exit_group resumed>) = ? [pid 5563] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./231/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5564 attached , child_tidptr=0x55557f632690) = 5564 [pid 5564] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5564] chdir("./232") = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5564] write(1, "executing program\n", 18) = 18 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5564] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5565 attached => {parent_tid=[5565]}, 88) = 5565 [pid 5565] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5565] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5565] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5565] memfd_create("syzkaller", 0) = 3 [pid 5565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5565] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5565] munmap(0x7f244c800000, 138412032) = 0 [pid 5565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5565] close(3) = 0 [pid 5565] close(4) = 0 [pid 5565] mkdir("./file2", 0777) = 0 [pid 5565] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5565] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5565] chdir("./file2") = 0 [pid 5565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5564] <... futex resumed>) = 0 [ 160.978785][ T5565] loop0: detected capacity change from 0 to 4096 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... openat resumed>) = 4 [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5564] <... futex resumed>) = 0 [pid 5565] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5565] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... openat resumed>) = 5 [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5565] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... write resumed>) = 1036288 [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... mmap resumed>) = 0x20000000 [pid 5565] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5564] exit_group(0 [pid 5565] <... futex resumed>) = ? [pid 5564] <... exit_group resumed>) = ? [pid 5565] +++ exited with 0 +++ [pid 5564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5564, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./232/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5566 attached , child_tidptr=0x55557f632690) = 5566 [pid 5566] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5566] chdir("./233") = 0 [pid 5566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5566] setpgid(0, 0) = 0 [pid 5566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5566] write(3, "1000", 4) = 4 [pid 5566] close(3) = 0 [pid 5566] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5566] write(1, "executing program\n", 18) = 18 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5566] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5567 attached [pid 5567] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5566] <... clone3 resumed> => {parent_tid=[5567]}, 88) = 5567 [pid 5567] <... rseq resumed>) = 0 [pid 5566] rt_sigprocmask(SIG_SETMASK, [], [pid 5567] set_robust_list(0x7f2454d0d9a0, 24 [pid 5566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5567] <... set_robust_list resumed>) = 0 [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5567] memfd_create("syzkaller", 0) = 3 [pid 5567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5567] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5567] munmap(0x7f244c800000, 138412032) = 0 [pid 5567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5567] close(3) = 0 [pid 5567] close(4) = 0 [pid 5567] mkdir("./file2", 0777) = 0 [pid 5567] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5567] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5567] chdir("./file2") = 0 [pid 5567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5566] <... futex resumed>) = 0 [pid 5567] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5567] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 161.406802][ T5567] loop0: detected capacity change from 0 to 4096 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... openat resumed>) = 4 [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5566] <... futex resumed>) = 0 [pid 5567] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5567] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... openat resumed>) = 5 [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5567] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5566] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... mmap resumed>) = 0x20000000 [pid 5567] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... futex resumed>) = 0 [pid 5566] exit_group(0 [pid 5567] <... futex resumed>) = ? [pid 5567] +++ exited with 0 +++ [pid 5566] <... exit_group resumed>) = ? [pid 5566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5566, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 umount2("./233/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./233/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5568 attached , child_tidptr=0x55557f632690) = 5568 [pid 5568] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5568] chdir("./234") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5568] write(1, "executing program\n", 18) = 18 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5568] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0} => {parent_tid=[5569]}, 88) = 5569 ./strace-static-x86_64: Process 5569 attached [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5569] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5569] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5569] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5569] munmap(0x7f244c800000, 138412032) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] close(4) = 0 [pid 5569] mkdir("./file2", 0777) = 0 [pid 5569] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5569] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./file2") = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 161.914338][ T5569] loop0: detected capacity change from 0 to 4096 [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5569] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... openat resumed>) = 5 [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5569] <... futex resumed>) = 1 [pid 5568] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5568] <... futex resumed>) = 0 [pid 5569] <... mmap resumed>) = 0x20000000 [pid 5568] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5568] exit_group(0) = ? [pid 5569] <... futex resumed>) = ? [pid 5569] +++ exited with 0 +++ [pid 5568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5568, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 umount2("./234/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./234/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5570] chdir("./235" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5570 [pid 5570] <... chdir resumed>) = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5570] write(1, "executing program\n", 18) = 18 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5570] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5571 attached [pid 5571] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5570] <... clone3 resumed> => {parent_tid=[5571]}, 88) = 5571 [pid 5571] <... rseq resumed>) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] set_robust_list(0x7f2454d0d9a0, 24 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... set_robust_list resumed>) = 0 [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] <... futex resumed>) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5571] memfd_create("syzkaller", 0) = 3 [pid 5571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5571] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5571] munmap(0x7f244c800000, 138412032) = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5571] close(3) = 0 [pid 5571] close(4) = 0 [pid 5571] mkdir("./file2", 0777) = 0 [pid 5571] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5571] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5571] chdir("./file2") = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 162.398280][ T5571] loop0: detected capacity change from 0 to 4096 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... openat resumed>) = 4 [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 1 [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5570] <... futex resumed>) = 0 [pid 5571] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... openat resumed>) = 5 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... write resumed>) = 1036288 [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... mmap resumed>) = 0x20000000 [pid 5571] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 1 [pid 5570] exit_group(0 [pid 5571] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] <... exit_group resumed>) = ? [pid 5571] <... futex resumed>) = ? [pid 5571] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5570, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 umount2("./235/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./235/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5572 attached , child_tidptr=0x55557f632690) = 5572 [pid 5572] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5572] chdir("./236") = 0 [pid 5572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5572] setpgid(0, 0) = 0 [pid 5572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5572] write(3, "1000", 4) = 4 [pid 5572] close(3) = 0 [pid 5572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5572] write(1, "executing program\n", 18executing program ) = 18 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5572] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5573 attached => {parent_tid=[5573]}, 88) = 5573 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5573] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] set_robust_list(0x7f2454d0d9a0, 24 [pid 5572] <... futex resumed>) = 0 [pid 5573] <... set_robust_list resumed>) = 0 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5573] memfd_create("syzkaller", 0) = 3 [pid 5573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5573] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5573] munmap(0x7f244c800000, 138412032) = 0 [pid 5573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5573] close(3) = 0 [pid 5573] close(4) = 0 [pid 5573] mkdir("./file2", 0777) = 0 [pid 5573] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5573] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5573] chdir("./file2") = 0 [ 162.865673][ T5573] loop0: detected capacity change from 0 to 4096 [pid 5573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 0 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5572] <... futex resumed>) = 1 [pid 5573] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... write resumed>) = 1036288 [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] <... futex resumed>) = 0 [pid 5573] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5572] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... mmap resumed>) = 0x20000000 [pid 5573] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] exit_group(0 [pid 5573] <... futex resumed>) = ? [pid 5572] <... exit_group resumed>) = ? [pid 5573] +++ exited with 0 +++ [pid 5572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5572, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./236/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5574 attached , child_tidptr=0x55557f632690) = 5574 [pid 5574] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5574] chdir("./237") = 0 [pid 5574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5574] setpgid(0, 0) = 0 [pid 5574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5574] write(3, "1000", 4) = 4 [pid 5574] close(3) = 0 [pid 5574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5574] write(1, "executing program\n", 18executing program ) = 18 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5574] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5575 attached [pid 5575] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5574] <... clone3 resumed> => {parent_tid=[5575]}, 88) = 5575 [pid 5575] <... rseq resumed>) = 0 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] set_robust_list(0x7f2454d0d9a0, 24 [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] <... set_robust_list resumed>) = 0 [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] <... futex resumed>) = 0 [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5575] memfd_create("syzkaller", 0) = 3 [pid 5575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5575] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5575] munmap(0x7f244c800000, 138412032) = 0 [pid 5575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5575] close(3) = 0 [pid 5575] close(4) = 0 [pid 5575] mkdir("./file2", 0777) = 0 [pid 5575] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5575] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5575] chdir("./file2") = 0 [pid 5575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... futex resumed>) = 1 [pid 5575] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5574] <... futex resumed>) = 1 [ 163.334141][ T5575] loop0: detected capacity change from 0 to 4096 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... openat resumed>) = 5 [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] <... futex resumed>) = 0 [pid 5575] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... write resumed>) = 1036288 [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] <... futex resumed>) = 0 [pid 5575] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5574] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... mmap resumed>) = 0x20000000 [pid 5575] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] exit_group(0 [pid 5575] <... futex resumed>) = ? [pid 5575] +++ exited with 0 +++ [pid 5574] <... exit_group resumed>) = ? [pid 5574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5574, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./237/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5576 attached , child_tidptr=0x55557f632690) = 5576 [pid 5576] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5576] chdir("./238") = 0 [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5576] setpgid(0, 0) = 0 [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5576] write(1, "executing program\n", 18) = 18 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5576] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5577 attached [pid 5577] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5576] <... clone3 resumed> => {parent_tid=[5577]}, 88) = 5577 [pid 5577] <... rseq resumed>) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], [pid 5577] set_robust_list(0x7f2454d0d9a0, 24 [pid 5576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5577] <... set_robust_list resumed>) = 0 [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5577] memfd_create("syzkaller", 0) = 3 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5577] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5577] munmap(0x7f244c800000, 138412032) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5577] close(3) = 0 [pid 5577] close(4) = 0 [pid 5577] mkdir("./file2", 0777) = 0 [pid 5577] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5577] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5577] chdir("./file2") = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 163.730052][ T5577] loop0: detected capacity change from 0 to 4096 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5577] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... openat resumed>) = 5 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5577] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... write resumed>) = 1036288 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... futex resumed>) = 0 [pid 5577] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5577] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] exit_group(0) = ? [pid 5577] <... futex resumed>) = ? [pid 5577] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5576, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./238/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./238/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5578 attached , child_tidptr=0x55557f632690) = 5578 [pid 5578] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5578] chdir("./239") = 0 [pid 5578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5578] setpgid(0, 0) = 0 [pid 5578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5578] write(3, "1000", 4) = 4 [pid 5578] close(3) = 0 [pid 5578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5578] write(1, "executing program\n", 18executing program ) = 18 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5578] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5579 attached [pid 5579] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5579] set_robust_list(0x7f2454d0d9a0, 24 [pid 5578] <... clone3 resumed> => {parent_tid=[5579]}, 88) = 5579 [pid 5579] <... set_robust_list resumed>) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], [pid 5579] rt_sigprocmask(SIG_SETMASK, [], [pid 5578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5579] memfd_create("syzkaller", 0) = 3 [pid 5579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5579] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5579] munmap(0x7f244c800000, 138412032) = 0 [pid 5579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5579] close(3) = 0 [pid 5579] close(4) = 0 [pid 5579] mkdir("./file2", 0777) = 0 [pid 5579] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5579] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5579] chdir("./file2") = 0 [pid 5579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 164.167390][ T5579] loop0: detected capacity change from 0 to 4096 [pid 5579] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5579] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5579] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... openat resumed>) = 5 [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] <... futex resumed>) = 0 [pid 5579] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... write resumed>) = 1036288 [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5578] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5579] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] exit_group(0 [pid 5579] <... futex resumed>) = ? [pid 5578] <... exit_group resumed>) = ? [pid 5579] +++ exited with 0 +++ [pid 5578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5578, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 umount2("./239/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./239/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5580 attached , child_tidptr=0x55557f632690) = 5580 [pid 5580] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5580] chdir("./240") = 0 [pid 5580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5580] setpgid(0, 0) = 0 [pid 5580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5580] write(3, "1000", 4) = 4 [pid 5580] close(3) = 0 [pid 5580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5580] write(1, "executing program\n", 18executing program ) = 18 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5580] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5581 attached => {parent_tid=[5581]}, 88) = 5581 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] <... rseq resumed>) = 0 [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5580] <... futex resumed>) = 0 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5581] memfd_create("syzkaller", 0) = 3 [pid 5581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5581] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5581] munmap(0x7f244c800000, 138412032) = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5581] close(3) = 0 [pid 5581] close(4) = 0 [pid 5581] mkdir("./file2", 0777) = 0 [ 164.602330][ T5581] loop0: detected capacity change from 0 to 4096 [pid 5581] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5581] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5581] chdir("./file2") = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5581] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... openat resumed>) = 4 [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5580] <... futex resumed>) = 0 [pid 5581] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... openat resumed>) = 5 [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5581] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... write resumed>) = 1036288 [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5581] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [pid 5581] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5580] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... mmap resumed>) = 0x20000000 [pid 5581] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5581] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] exit_group(0 [pid 5581] <... futex resumed>) = ? [pid 5580] <... exit_group resumed>) = ? [pid 5581] +++ exited with 0 +++ [pid 5580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5580, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 umount2("./240/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./240/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5582] chdir("./241" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5582 [pid 5582] <... chdir resumed>) = 0 [pid 5582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5582] setpgid(0, 0) = 0 [pid 5582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5582] write(3, "1000", 4) = 4 [pid 5582] close(3) = 0 [pid 5582] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5582] write(1, "executing program\n", 18) = 18 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5582] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5582] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5583 attached [pid 5583] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5582] <... clone3 resumed> => {parent_tid=[5583]}, 88) = 5583 [pid 5583] <... rseq resumed>) = 0 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5583] set_robust_list(0x7f2454d0d9a0, 24 [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5583] <... set_robust_list resumed>) = 0 [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5582] <... futex resumed>) = 0 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5583] memfd_create("syzkaller", 0) = 3 [pid 5583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5583] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5583] munmap(0x7f244c800000, 138412032) = 0 [pid 5583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5583] close(3) = 0 [pid 5583] close(4) = 0 [pid 5583] mkdir("./file2", 0777) = 0 [pid 5583] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 165.101118][ T5583] loop0: detected capacity change from 0 to 4096 [pid 5583] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5583] chdir("./file2") = 0 [pid 5583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... openat resumed>) = 4 [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... openat resumed>) = 5 [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... write resumed>) = 1036288 [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5582] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... mmap resumed>) = 0x20000000 [pid 5583] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] exit_group(0) = ? [pid 5583] <... futex resumed>) = ? [pid 5583] +++ exited with 0 +++ [pid 5582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5582, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 umount2("./241/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./241/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5584 attached , child_tidptr=0x55557f632690) = 5584 [pid 5584] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5584] chdir("./242") = 0 [pid 5584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5584] setpgid(0, 0) = 0 [pid 5584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5584] write(3, "1000", 4) = 4 [pid 5584] close(3) = 0 [pid 5584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5584] write(1, "executing program\n", 18executing program ) = 18 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5584] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5585 attached [pid 5585] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5584] <... clone3 resumed> => {parent_tid=[5585]}, 88) = 5585 [pid 5585] <... rseq resumed>) = 0 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] set_robust_list(0x7f2454d0d9a0, 24 [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] <... set_robust_list resumed>) = 0 [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] <... futex resumed>) = 0 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5585] memfd_create("syzkaller", 0) = 3 [pid 5585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5585] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5585] munmap(0x7f244c800000, 138412032) = 0 [pid 5585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5585] close(3) = 0 [pid 5585] close(4) = 0 [pid 5585] mkdir("./file2", 0777) = 0 [pid 5585] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5585] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5585] chdir("./file2") = 0 [pid 5585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 165.545916][ T5585] loop0: detected capacity change from 0 to 4096 [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] <... openat resumed>) = 5 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... futex resumed>) = 1 [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... write resumed>) = 1036288 [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... futex resumed>) = 1 [pid 5584] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... mmap resumed>) = 0x20000000 [pid 5585] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5584] exit_group(0) = ? [pid 5585] <... futex resumed>) = ? [pid 5585] +++ exited with 0 +++ [pid 5584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5584, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./242/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5586 ./strace-static-x86_64: Process 5586 attached [pid 5586] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5586] chdir("./243") = 0 [pid 5586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5586] setpgid(0, 0) = 0 [pid 5586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5586] write(3, "1000", 4) = 4 [pid 5586] close(3) = 0 [pid 5586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5586] write(1, "executing program\n", 18) = 18 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5586] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5586] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5587 attached [pid 5587] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5586] <... clone3 resumed> => {parent_tid=[5587]}, 88) = 5587 [pid 5587] <... rseq resumed>) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], [pid 5587] set_robust_list(0x7f2454d0d9a0, 24 [pid 5586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] <... set_robust_list resumed>) = 0 [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], [pid 5586] <... futex resumed>) = 0 [pid 5587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5587] memfd_create("syzkaller", 0) = 3 [pid 5587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5587] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5587] munmap(0x7f244c800000, 138412032) = 0 [pid 5587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5587] close(3) = 0 [pid 5587] close(4) = 0 [pid 5587] mkdir("./file2", 0777) = 0 [ 165.917947][ T5587] loop0: detected capacity change from 0 to 4096 [pid 5587] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5587] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5587] chdir("./file2") = 0 [pid 5587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... openat resumed>) = 4 [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5587] <... futex resumed>) = 1 [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5586] <... futex resumed>) = 0 [pid 5587] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] <... futex resumed>) = 0 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... write resumed>) = 1036288 [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5587] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5586] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... mmap resumed>) = 0x20000000 [pid 5587] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... futex resumed>) = 0 [pid 5586] exit_group(0 [pid 5587] <... futex resumed>) = ? [pid 5586] <... exit_group resumed>) = ? [pid 5587] +++ exited with 0 +++ [pid 5586] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5586, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 umount2("./243/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./243/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5588] chdir("./244" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5588 [pid 5588] <... chdir resumed>) = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5588] write(1, "executing program\n", 18) = 18 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5588] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5589 attached [pid 5589] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5588] <... clone3 resumed> => {parent_tid=[5589]}, 88) = 5589 [pid 5589] <... rseq resumed>) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], [pid 5589] set_robust_list(0x7f2454d0d9a0, 24 [pid 5588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5589] <... set_robust_list resumed>) = 0 [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] rt_sigprocmask(SIG_SETMASK, [], [pid 5588] <... futex resumed>) = 0 [pid 5589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5589] memfd_create("syzkaller", 0) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5589] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5589] munmap(0x7f244c800000, 138412032) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5589] close(3) = 0 [pid 5589] close(4) = 0 [pid 5589] mkdir("./file2", 0777) = 0 [pid 5589] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5589] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5589] chdir("./file2") = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [ 166.361781][ T5589] loop0: detected capacity change from 0 to 4096 [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... openat resumed>) = 4 [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5589] <... futex resumed>) = 1 [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5588] <... futex resumed>) = 0 [pid 5589] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] <... futex resumed>) = 0 [pid 5589] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... openat resumed>) = 5 [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] <... futex resumed>) = 0 [pid 5589] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... write resumed>) = 1036288 [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] <... futex resumed>) = 0 [pid 5589] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5588] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... mmap resumed>) = 0x20000000 [pid 5589] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] exit_group(0) = ? [pid 5589] <... futex resumed>) = ? [pid 5589] +++ exited with 0 +++ [pid 5588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 umount2("./244/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./244/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5590 attached [pid 5590] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5590] chdir("./245") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5590 [pid 5590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5590] setpgid(0, 0) = 0 [pid 5590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5590] write(3, "1000", 4) = 4 [pid 5590] close(3) = 0 [pid 5590] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5590] write(1, "executing program\n", 18) = 18 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5590] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5591 attached [pid 5591] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5590] <... clone3 resumed> => {parent_tid=[5591]}, 88) = 5591 [pid 5591] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] memfd_create("syzkaller", 0 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5591] <... memfd_create resumed>) = 3 [pid 5591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5591] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5591] munmap(0x7f244c800000, 138412032) = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5591] close(3) = 0 [pid 5591] close(4) = 0 [pid 5591] mkdir("./file2", 0777) = 0 [pid 5591] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5591] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 166.820569][ T5591] loop0: detected capacity change from 0 to 4096 [pid 5591] chdir("./file2") = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... openat resumed>) = 4 [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... futex resumed>) = 0 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... openat resumed>) = 5 [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... write resumed>) = 1036288 [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5591] <... futex resumed>) = 1 [pid 5590] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... mmap resumed>) = 0x20000000 [pid 5591] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] exit_group(0 [pid 5591] <... futex resumed>) = ? [pid 5590] <... exit_group resumed>) = ? [pid 5591] +++ exited with 0 +++ [pid 5590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5590, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 umount2("./245/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./245/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5592 attached , child_tidptr=0x55557f632690) = 5592 [pid 5592] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5592] chdir("./246") = 0 [pid 5592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5592] setpgid(0, 0) = 0 [pid 5592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5592] write(3, "1000", 4) = 4 [pid 5592] close(3) = 0 [pid 5592] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5592] write(1, "executing program\n", 18) = 18 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5592] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5593 attached [pid 5593] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5592] <... clone3 resumed> => {parent_tid=[5593]}, 88) = 5593 [pid 5593] <... rseq resumed>) = 0 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] set_robust_list(0x7f2454d0d9a0, 24 [pid 5592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5593] <... set_robust_list resumed>) = 0 [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] <... futex resumed>) = 0 [pid 5593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5593] memfd_create("syzkaller", 0) = 3 [pid 5593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5593] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5593] munmap(0x7f244c800000, 138412032) = 0 [pid 5593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5593] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5593] close(3) = 0 [pid 5593] close(4) = 0 [pid 5593] mkdir("./file2", 0777) = 0 [pid 5593] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5593] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5593] chdir("./file2") = 0 [pid 5593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... openat resumed>) = 4 [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5593] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5592] <... futex resumed>) = 0 [pid 5593] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 167.272301][ T5593] loop0: detected capacity change from 0 to 4096 [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5593] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5592] <... futex resumed>) = 0 [pid 5593] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... openat resumed>) = 5 [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... write resumed>) = 1036288 [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = 1 [pid 5592] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... mmap resumed>) = 0x20000000 [pid 5593] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 0 [pid 5592] exit_group(0 [pid 5593] <... futex resumed>) = ? [pid 5592] <... exit_group resumed>) = ? [pid 5593] +++ exited with 0 +++ [pid 5592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5592, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./246/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5594 attached , child_tidptr=0x55557f632690) = 5594 [pid 5594] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5594] chdir("./247") = 0 [pid 5594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5594] setpgid(0, 0) = 0 [pid 5594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5594] write(3, "1000", 4) = 4 [pid 5594] close(3) = 0 [pid 5594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5594] write(1, "executing program\n", 18executing program ) = 18 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5594] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5595 attached [pid 5595] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5594] <... clone3 resumed> => {parent_tid=[5595]}, 88) = 5595 [pid 5595] <... rseq resumed>) = 0 [pid 5594] rt_sigprocmask(SIG_SETMASK, [], [pid 5595] set_robust_list(0x7f2454d0d9a0, 24 [pid 5594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5595] <... set_robust_list resumed>) = 0 [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5595] memfd_create("syzkaller", 0) = 3 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5595] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5595] munmap(0x7f244c800000, 138412032) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5595] close(3) = 0 [pid 5595] close(4) = 0 [pid 5595] mkdir("./file2", 0777) = 0 [pid 5595] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5595] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5595] chdir("./file2") = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [pid 5595] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 167.701302][ T5595] loop0: detected capacity change from 0 to 4096 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... openat resumed>) = 4 [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = 0 [pid 5594] <... futex resumed>) = 1 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = 0 [pid 5594] <... futex resumed>) = 1 [pid 5595] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... openat resumed>) = 5 [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... write resumed>) = 1036288 [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5594] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... mmap resumed>) = 0x20000000 [pid 5595] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] exit_group(0 [pid 5595] <... futex resumed>) = ? [pid 5594] <... exit_group resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5594, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./247/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached , child_tidptr=0x55557f632690) = 5596 [pid 5596] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5596] chdir("./248") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] write(1, "executing program\n", 18executing program ) = 18 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5596] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5597 attached [pid 5597] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5596] <... clone3 resumed> => {parent_tid=[5597]}, 88) = 5597 [pid 5597] <... rseq resumed>) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5597] set_robust_list(0x7f2454d0d9a0, 24 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5597] <... set_robust_list resumed>) = 0 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] <... futex resumed>) = 0 [pid 5597] memfd_create("syzkaller", 0 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5597] <... memfd_create resumed>) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5597] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5597] munmap(0x7f244c800000, 138412032) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] close(4) = 0 [pid 5597] mkdir("./file2", 0777) = 0 [pid 5597] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5597] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5597] chdir("./file2") = 0 [ 168.193032][ T5597] loop0: detected capacity change from 0 to 4096 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] <... futex resumed>) = 0 [pid 5597] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... openat resumed>) = 5 [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... write resumed>) = 1036288 [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] <... futex resumed>) = 0 [pid 5597] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5596] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... mmap resumed>) = 0x20000000 [pid 5597] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] exit_group(0 [pid 5597] <... futex resumed>) = ? [pid 5597] +++ exited with 0 +++ [pid 5596] <... exit_group resumed>) = ? [pid 5596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./248/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5598 attached , child_tidptr=0x55557f632690) = 5598 [pid 5598] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5598] chdir("./249") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3) = 0 [pid 5598] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5598] write(1, "executing program\n", 18) = 18 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5598] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5599 attached [pid 5599] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5598] <... clone3 resumed> => {parent_tid=[5599]}, 88) = 5599 [pid 5599] <... rseq resumed>) = 0 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], [pid 5599] set_robust_list(0x7f2454d0d9a0, 24 [pid 5598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5599] <... set_robust_list resumed>) = 0 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5598] <... futex resumed>) = 0 [pid 5599] memfd_create("syzkaller", 0 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5599] <... memfd_create resumed>) = 3 [pid 5599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5599] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5599] munmap(0x7f244c800000, 138412032) = 0 [pid 5599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5599] close(3) = 0 [pid 5599] close(4) = 0 [pid 5599] mkdir("./file2", 0777) = 0 [pid 5599] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5599] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5599] chdir("./file2") = 0 [pid 5599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] <... futex resumed>) = 0 [ 168.641748][ T5599] loop0: detected capacity change from 0 to 4096 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... openat resumed>) = 4 [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5599] <... futex resumed>) = 1 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5598] <... futex resumed>) = 0 [pid 5599] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5599] <... futex resumed>) = 1 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... openat resumed>) = 5 [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... write resumed>) = 1036288 [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5598] <... futex resumed>) = 0 [pid 5598] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] <... futex resumed>) = 0 [pid 5598] <... futex resumed>) = 1 [pid 5599] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5598] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] <... mmap resumed>) = 0x20000000 [pid 5599] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] <... futex resumed>) = 0 [pid 5599] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5598] exit_group(0) = ? [pid 5599] <... futex resumed>) = ? [pid 5599] +++ exited with 0 +++ [pid 5598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./249/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached , child_tidptr=0x55557f632690) = 5600 [pid 5600] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5600] chdir("./250") = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4) = 4 [pid 5600] close(3) = 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5600] write(1, "executing program\n", 18executing program ) = 18 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5600] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5601 attached [pid 5601] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5601] set_robust_list(0x7f2454d0d9a0, 24 [pid 5600] <... clone3 resumed> => {parent_tid=[5601]}, 88) = 5601 [pid 5601] <... set_robust_list resumed>) = 0 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] rt_sigprocmask(SIG_SETMASK, [], [pid 5600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5601] memfd_create("syzkaller", 0) = 3 [pid 5601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5601] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5601] munmap(0x7f244c800000, 138412032) = 0 [pid 5601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5601] close(3) = 0 [pid 5601] close(4) = 0 [pid 5601] mkdir("./file2", 0777) = 0 [pid 5601] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5601] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 169.094352][ T5601] loop0: detected capacity change from 0 to 4096 [pid 5601] chdir("./file2") = 0 [pid 5601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5601] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... openat resumed>) = 4 [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5600] <... futex resumed>) = 0 [pid 5601] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5600] <... futex resumed>) = 1 [pid 5601] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... openat resumed>) = 5 [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5601] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5600] <... futex resumed>) = 1 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... write resumed>) = 1036288 [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5600] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... mmap resumed>) = 0x20000000 [pid 5601] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] exit_group(0) = ? [pid 5601] <... futex resumed>) = ? [pid 5601] +++ exited with 0 +++ [pid 5600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5600, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 umount2("./250/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./250/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5602 attached , child_tidptr=0x55557f632690) = 5602 [pid 5602] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5602] chdir("./251") = 0 [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5602] write(3, "1000", 4) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5602] write(1, "executing program\n", 18) = 18 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5602] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5603 attached => {parent_tid=[5603]}, 88) = 5603 [pid 5603] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5603] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5603] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5603] memfd_create("syzkaller", 0) = 3 [pid 5603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5603] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5603] munmap(0x7f244c800000, 138412032) = 0 [pid 5603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5603] close(3) = 0 [pid 5603] close(4) = 0 [pid 5603] mkdir("./file2", 0777) = 0 [pid 5603] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5603] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5603] chdir("./file2") = 0 [pid 5603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... futex resumed>) = 0 [pid 5603] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [ 169.561071][ T5603] loop0: detected capacity change from 0 to 4096 [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5603] <... futex resumed>) = 1 [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... openat resumed>) = 5 [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5603] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5603] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5602] <... futex resumed>) = 1 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... write resumed>) = 1036288 [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5603] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] <... futex resumed>) = 0 [pid 5603] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5602] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... mmap resumed>) = 0x20000000 [pid 5603] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] exit_group(0 [pid 5603] <... futex resumed>) = ? [pid 5602] <... exit_group resumed>) = ? [pid 5603] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5602, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 umount2("./251/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./251/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5604 attached , child_tidptr=0x55557f632690) = 5604 [pid 5604] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5604] chdir("./252") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] write(1, "executing program\n", 18executing program ) = 18 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5604] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5604] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5605 attached [pid 5605] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5605] set_robust_list(0x7f2454d0d9a0, 24 [pid 5604] <... clone3 resumed> => {parent_tid=[5605]}, 88) = 5605 [pid 5605] <... set_robust_list resumed>) = 0 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] memfd_create("syzkaller", 0 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] <... memfd_create resumed>) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5605] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5605] munmap(0x7f244c800000, 138412032) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] close(4) = 0 [pid 5605] mkdir("./file2", 0777) = 0 [pid 5605] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5605] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./file2") = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [ 169.970348][ T5605] loop0: detected capacity change from 0 to 4096 [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... openat resumed>) = 4 [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5605] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5605] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... openat resumed>) = 5 [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... write resumed>) = 1036288 [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5604] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... mmap resumed>) = 0x20000000 [pid 5605] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] exit_group(0 [pid 5605] <... futex resumed>) = ? [pid 5605] +++ exited with 0 +++ [pid 5604] <... exit_group resumed>) = ? [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./252/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5606 attached [pid 5606] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5606] chdir("./253" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5606 [pid 5606] <... chdir resumed>) = 0 [pid 5606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5606] setpgid(0, 0) = 0 [pid 5606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5606] write(3, "1000", 4) = 4 [pid 5606] close(3) = 0 [pid 5606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5606] write(1, "executing program\n", 18executing program ) = 18 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5606] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5607 attached [pid 5607] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5606] <... clone3 resumed> => {parent_tid=[5607]}, 88) = 5607 [pid 5607] <... rseq resumed>) = 0 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] set_robust_list(0x7f2454d0d9a0, 24 [pid 5606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] <... set_robust_list resumed>) = 0 [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5606] <... futex resumed>) = 0 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5607] memfd_create("syzkaller", 0) = 3 [pid 5607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5607] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5607] munmap(0x7f244c800000, 138412032) = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5607] close(3) = 0 [pid 5607] close(4) = 0 [pid 5607] mkdir("./file2", 0777) = 0 [pid 5607] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5607] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 170.445049][ T5607] loop0: detected capacity change from 0 to 4096 [pid 5607] chdir("./file2") = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] <... futex resumed>) = 0 [pid 5607] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... openat resumed>) = 4 [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... futex resumed>) = 1 [pid 5607] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5607] <... openat resumed>) = 5 [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5607] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... write resumed>) = 1036288 [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5606] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... mmap resumed>) = 0x20000000 [pid 5607] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] exit_group(0 [pid 5607] <... futex resumed>) = ? [pid 5606] <... exit_group resumed>) = ? [pid 5607] +++ exited with 0 +++ [pid 5606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5606, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 umount2("./253/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./253/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5608 attached , child_tidptr=0x55557f632690) = 5608 [pid 5608] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5608] chdir("./254") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] write(1, "executing program\n", 18executing program ) = 18 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5608] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5609 attached => {parent_tid=[5609]}, 88) = 5609 [pid 5609] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5609] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5609] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5609] memfd_create("syzkaller", 0) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5609] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5609] munmap(0x7f244c800000, 138412032) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] close(4) = 0 [pid 5609] mkdir("./file2", 0777) = 0 [pid 5609] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5609] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file2") = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... openat resumed>) = 4 [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5609] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5608] <... futex resumed>) = 1 [pid 5609] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 170.883673][ T5609] loop0: detected capacity change from 0 to 4096 [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... openat resumed>) = 5 [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5609] <... futex resumed>) = 1 [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... write resumed>) = 1036288 [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] <... futex resumed>) = 0 [pid 5608] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5609] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... futex resumed>) = 0 [pid 5608] exit_group(0) = ? [pid 5609] <... futex resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5608, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 umount2("./254/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./254/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5610 attached , child_tidptr=0x55557f632690) = 5610 [pid 5610] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5610] chdir("./255") = 0 [pid 5610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5610] setpgid(0, 0) = 0 [pid 5610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5610] write(3, "1000", 4) = 4 [pid 5610] close(3) = 0 [pid 5610] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5610] write(1, "executing program\n", 18) = 18 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5610] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5610] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5610] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5610] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5610] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5611 attached [pid 5611] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5610] <... clone3 resumed> => {parent_tid=[5611]}, 88) = 5611 [pid 5611] set_robust_list(0x7f2454d0d9a0, 24 [pid 5610] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] <... set_robust_list resumed>) = 0 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] memfd_create("syzkaller", 0 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5611] <... memfd_create resumed>) = 3 [pid 5611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5611] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5611] munmap(0x7f244c800000, 138412032) = 0 [pid 5611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5611] close(3) = 0 [pid 5611] close(4) = 0 [pid 5611] mkdir("./file2", 0777) = 0 [pid 5611] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 171.314300][ T5611] loop0: detected capacity change from 0 to 4096 [pid 5611] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5611] chdir("./file2") = 0 [pid 5611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] <... futex resumed>) = 0 [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5610] <... futex resumed>) = 1 [pid 5611] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... openat resumed>) = 4 [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5610] <... futex resumed>) = 0 [pid 5611] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5610] <... futex resumed>) = 0 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... openat resumed>) = 5 [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5610] <... futex resumed>) = 0 [pid 5611] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... write resumed>) = 1036288 [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] <... futex resumed>) = 0 [pid 5610] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5610] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5611] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] <... futex resumed>) = 0 [pid 5610] exit_group(0 [pid 5611] <... futex resumed>) = ? [pid 5610] <... exit_group resumed>) = ? [pid 5611] +++ exited with 0 +++ [pid 5610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5610, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 umount2("./255/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./255/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5612 ./strace-static-x86_64: Process 5612 attached [pid 5612] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5612] chdir("./256") = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3) = 0 [pid 5612] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5612] write(1, "executing program\n", 18) = 18 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5612] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5613 attached [pid 5613] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5612] <... clone3 resumed> => {parent_tid=[5613]}, 88) = 5613 [pid 5613] set_robust_list(0x7f2454d0d9a0, 24 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] <... set_robust_list resumed>) = 0 [pid 5612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5613] memfd_create("syzkaller", 0) = 3 [pid 5613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5613] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5613] munmap(0x7f244c800000, 138412032) = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5613] close(3) = 0 [pid 5613] close(4) = 0 [pid 5613] mkdir("./file2", 0777) = 0 [pid 5613] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5613] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 171.771113][ T5613] loop0: detected capacity change from 0 to 4096 [pid 5613] chdir("./file2") = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5613] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 0 [pid 5613] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5612] <... futex resumed>) = 1 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... write resumed>) = 1036288 [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... futex resumed>) = 0 [pid 5613] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5613] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] exit_group(0) = ? [pid 5613] <... futex resumed>) = ? [pid 5613] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5612, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 umount2("./256/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./256/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached , child_tidptr=0x55557f632690) = 5614 [pid 5614] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5614] chdir("./257") = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] write(1, "executing program\n", 18executing program ) = 18 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5614] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5615 attached [pid 5615] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5614] <... clone3 resumed> => {parent_tid=[5615]}, 88) = 5615 [pid 5615] <... rseq resumed>) = 0 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5615] set_robust_list(0x7f2454d0d9a0, 24 [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5615] <... set_robust_list resumed>) = 0 [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], [pid 5614] <... futex resumed>) = 0 [pid 5615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5615] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5615] munmap(0x7f244c800000, 138412032) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] close(4) = 0 [pid 5615] mkdir("./file2", 0777) = 0 [pid 5615] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5615] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./file2") = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [ 172.222391][ T5615] loop0: detected capacity change from 0 to 4096 [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... openat resumed>) = 4 [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = 1 [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5614] <... futex resumed>) = 0 [pid 5615] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... openat resumed>) = 5 [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 0 [pid 5615] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5615] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5614] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... mmap resumed>) = 0x20000000 [pid 5615] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... futex resumed>) = 0 [pid 5614] exit_group(0 [pid 5615] <... futex resumed>) = ? [pid 5614] <... exit_group resumed>) = ? [pid 5615] +++ exited with 0 +++ [pid 5614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5614, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./257/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5616 attached , child_tidptr=0x55557f632690) = 5616 [pid 5616] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5616] chdir("./258") = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] write(1, "executing program\n", 18executing program ) = 18 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5616] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5617 attached [pid 5617] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5616] <... clone3 resumed> => {parent_tid=[5617]}, 88) = 5617 [pid 5617] <... rseq resumed>) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5617] set_robust_list(0x7f2454d0d9a0, 24 [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] <... set_robust_list resumed>) = 0 [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] <... futex resumed>) = 0 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5617] memfd_create("syzkaller", 0) = 3 [pid 5617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5617] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5617] munmap(0x7f244c800000, 138412032) = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5617] close(3) = 0 [pid 5617] close(4) = 0 [pid 5617] mkdir("./file2", 0777) = 0 [ 172.684723][ T5617] loop0: detected capacity change from 0 to 4096 [pid 5617] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5617] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5617] chdir("./file2") = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5617] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5616] <... futex resumed>) = 0 [pid 5617] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... openat resumed>) = 5 [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... write resumed>) = 1036288 [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5617] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5616] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... mmap resumed>) = 0x20000000 [pid 5617] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5617] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] exit_group(0 [pid 5617] <... futex resumed>) = ? [pid 5616] <... exit_group resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5616, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./258/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5618 attached , child_tidptr=0x55557f632690) = 5618 [pid 5618] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5618] chdir("./259") = 0 [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5618] write(3, "1000", 4) = 4 [pid 5618] close(3) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5618] write(1, "executing program\n", 18) = 18 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5618] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5619 attached [pid 5619] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5618] <... clone3 resumed> => {parent_tid=[5619]}, 88) = 5619 [pid 5619] <... rseq resumed>) = 0 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5619] set_robust_list(0x7f2454d0d9a0, 24 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5619] <... set_robust_list resumed>) = 0 [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] <... futex resumed>) = 0 [pid 5619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5619] memfd_create("syzkaller", 0) = 3 [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5619] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5619] munmap(0x7f244c800000, 138412032) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5619] close(3) = 0 [pid 5619] close(4) = 0 [pid 5619] mkdir("./file2", 0777) = 0 [pid 5619] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5619] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 173.174477][ T5619] loop0: detected capacity change from 0 to 4096 [pid 5619] chdir("./file2") = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5618] <... futex resumed>) = 1 [pid 5619] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] <... futex resumed>) = 0 [pid 5619] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... openat resumed>) = 5 [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... write resumed>) = 1036288 [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] <... futex resumed>) = 0 [pid 5619] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5618] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... mmap resumed>) = 0x20000000 [pid 5619] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] exit_group(0 [pid 5619] <... futex resumed>) = ? [pid 5618] <... exit_group resumed>) = ? [pid 5619] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5618, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./259/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5620 ./strace-static-x86_64: Process 5620 attached [pid 5620] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5620] chdir("./260") = 0 [pid 5620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5620] setpgid(0, 0) = 0 [pid 5620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5620] write(3, "1000", 4) = 4 [pid 5620] close(3) = 0 [pid 5620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5620] write(1, "executing program\n", 18executing program ) = 18 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5620] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5621 attached => {parent_tid=[5621]}, 88) = 5621 [pid 5621] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5621] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5621] memfd_create("syzkaller", 0) = 3 [pid 5621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5621] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5621] munmap(0x7f244c800000, 138412032) = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5621] close(3) = 0 [pid 5621] close(4) = 0 [pid 5621] mkdir("./file2", 0777) = 0 [pid 5621] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5621] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5621] chdir("./file2") = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 173.612915][ T5621] loop0: detected capacity change from 0 to 4096 [pid 5621] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 0 [pid 5621] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5621] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... openat resumed>) = 5 [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... write resumed>) = 1036288 [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5620] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... mmap resumed>) = 0x20000000 [pid 5621] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5620] exit_group(0 [pid 5621] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5620] <... exit_group resumed>) = ? [pid 5621] +++ exited with 0 +++ [pid 5620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5620, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 umount2("./260/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./260/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5622 attached [pid 5622] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5622] chdir("./261" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5622 [pid 5622] <... chdir resumed>) = 0 [pid 5622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5622] setpgid(0, 0) = 0 [pid 5622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5622] write(3, "1000", 4) = 4 [pid 5622] close(3) = 0 [pid 5622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5622] write(1, "executing program\n", 18executing program ) = 18 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5622] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5623 attached [pid 5623] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5622] <... clone3 resumed> => {parent_tid=[5623]}, 88) = 5623 [pid 5623] set_robust_list(0x7f2454d0d9a0, 24 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] <... set_robust_list resumed>) = 0 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5623] memfd_create("syzkaller", 0) = 3 [pid 5623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5623] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5623] munmap(0x7f244c800000, 138412032) = 0 [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5623] close(3) = 0 [pid 5623] close(4) = 0 [pid 5623] mkdir("./file2", 0777) = 0 [pid 5623] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5623] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5623] chdir("./file2") = 0 [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5623] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 174.064377][ T5623] loop0: detected capacity change from 0 to 4096 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... openat resumed>) = 4 [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5623] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] <... futex resumed>) = 0 [pid 5623] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5623] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] <... openat resumed>) = 5 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] <... futex resumed>) = 0 [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... write resumed>) = 1036288 [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5623] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5623] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] exit_group(0 [pid 5623] <... futex resumed>) = ? [pid 5622] <... exit_group resumed>) = ? [pid 5623] +++ exited with 0 +++ [pid 5622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5622, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 umount2("./261/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./261/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5624 attached , child_tidptr=0x55557f632690) = 5624 [pid 5624] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5624] chdir("./262") = 0 [pid 5624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5624] setpgid(0, 0) = 0 [pid 5624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5624] write(3, "1000", 4) = 4 [pid 5624] close(3) = 0 [pid 5624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5624] write(1, "executing program\n", 18executing program ) = 18 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5624] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5625 attached [pid 5625] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5624] <... clone3 resumed> => {parent_tid=[5625]}, 88) = 5625 [pid 5625] <... rseq resumed>) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] set_robust_list(0x7f2454d0d9a0, 24 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] <... set_robust_list resumed>) = 0 [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] <... futex resumed>) = 0 [pid 5625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5625] memfd_create("syzkaller", 0) = 3 [pid 5625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5625] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5625] munmap(0x7f244c800000, 138412032) = 0 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5625] close(3) = 0 [pid 5625] close(4) = 0 [pid 5625] mkdir("./file2", 0777) = 0 [pid 5625] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5625] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5625] chdir("./file2") = 0 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 174.542692][ T5625] loop0: detected capacity change from 0 to 4096 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] <... futex resumed>) = 0 [pid 5625] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... openat resumed>) = 4 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5624] <... futex resumed>) = 1 [pid 5625] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... openat resumed>) = 5 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... write resumed>) = 1036288 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5624] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... mmap resumed>) = 0x20000000 [pid 5625] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] exit_group(0 [pid 5625] <... futex resumed>) = ? [pid 5624] <... exit_group resumed>) = ? [pid 5625] +++ exited with 0 +++ [pid 5624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5624, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./262/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5626 attached , child_tidptr=0x55557f632690) = 5626 [pid 5626] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5626] chdir("./263") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5626] write(1, "executing program\n", 18) = 18 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5626] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5626] <... clone3 resumed> => {parent_tid=[5627]}, 88) = 5627 [pid 5627] <... rseq resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] set_robust_list(0x7f2454d0d9a0, 24 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] <... set_robust_list resumed>) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5627] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5627] munmap(0x7f244c800000, 138412032) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] close(4) = 0 [pid 5627] mkdir("./file2", 0777) = 0 [pid 5627] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5627] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./file2") = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 174.992512][ T5627] loop0: detected capacity change from 0 to 4096 [pid 5627] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5626] <... futex resumed>) = 0 [pid 5627] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 5 [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... write resumed>) = 1036288 [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5626] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... mmap resumed>) = 0x20000000 [pid 5627] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] exit_group(0 [pid 5627] <... futex resumed>) = ? [pid 5627] +++ exited with 0 +++ [pid 5626] <... exit_group resumed>) = ? [pid 5626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5626, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 umount2("./263/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./263/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5628 ./strace-static-x86_64: Process 5628 attached [pid 5628] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5628] chdir("./264") = 0 [pid 5628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5628] setpgid(0, 0) = 0 [pid 5628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5628] write(3, "1000", 4) = 4 [pid 5628] close(3) = 0 [pid 5628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5628] write(1, "executing program\n", 18executing program ) = 18 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5628] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5629 attached [pid 5629] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5628] <... clone3 resumed> => {parent_tid=[5629]}, 88) = 5629 [pid 5629] set_robust_list(0x7f2454d0d9a0, 24 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5629] <... set_robust_list resumed>) = 0 [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] <... futex resumed>) = 0 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5629] memfd_create("syzkaller", 0) = 3 [pid 5629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5629] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5629] munmap(0x7f244c800000, 138412032) = 0 [pid 5629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5629] close(3) = 0 [pid 5629] close(4) = 0 [pid 5629] mkdir("./file2", 0777) = 0 [pid 5629] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5629] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5629] chdir("./file2") = 0 [pid 5629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 175.443082][ T5629] loop0: detected capacity change from 0 to 4096 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] <... futex resumed>) = 0 [pid 5629] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... openat resumed>) = 4 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] <... futex resumed>) = 0 [pid 5629] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... openat resumed>) = 5 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5628] <... futex resumed>) = 1 [pid 5629] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... write resumed>) = 1036288 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] <... futex resumed>) = 0 [pid 5629] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5628] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... mmap resumed>) = 0x20000000 [pid 5629] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5629] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] exit_group(0 [pid 5629] <... futex resumed>) = ? [pid 5628] <... exit_group resumed>) = ? [pid 5629] +++ exited with 0 +++ [pid 5628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5628, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 umount2("./264/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./264/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5630 attached , child_tidptr=0x55557f632690) = 5630 [pid 5630] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5630] chdir("./265") = 0 [pid 5630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5630] setpgid(0, 0) = 0 [pid 5630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5630] write(3, "1000", 4) = 4 [pid 5630] close(3) = 0 [pid 5630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5630] write(1, "executing program\n", 18executing program ) = 18 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5630] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5631 attached [pid 5631] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5630] <... clone3 resumed> => {parent_tid=[5631]}, 88) = 5631 [pid 5631] set_robust_list(0x7f2454d0d9a0, 24 [pid 5630] rt_sigprocmask(SIG_SETMASK, [], [pid 5631] <... set_robust_list resumed>) = 0 [pid 5631] rt_sigprocmask(SIG_SETMASK, [], [pid 5630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5631] memfd_create("syzkaller", 0 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5631] <... memfd_create resumed>) = 3 [pid 5631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5631] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5631] munmap(0x7f244c800000, 138412032) = 0 [pid 5631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5631] close(3) = 0 [pid 5631] close(4) = 0 [pid 5631] mkdir("./file2", 0777) = 0 [pid 5631] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5631] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5631] chdir("./file2") = 0 [ 175.860631][ T5631] loop0: detected capacity change from 0 to 4096 [pid 5631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5631] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5630] <... futex resumed>) = 1 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... openat resumed>) = 4 [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] <... futex resumed>) = 0 [pid 5631] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... openat resumed>) = 5 [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... write resumed>) = 1036288 [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5631] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5630] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... mmap resumed>) = 0x20000000 [pid 5631] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5630] exit_group(0 [pid 5631] <... futex resumed>) = ? [pid 5630] <... exit_group resumed>) = ? [pid 5631] +++ exited with 0 +++ [pid 5630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5630, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./265/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5632 ./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5632] chdir("./266") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5632] write(1, "executing program\n", 18) = 18 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5632] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] set_robust_list(0x7f2454d0d9a0, 24 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] memfd_create("syzkaller", 0) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5633] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5633] munmap(0x7f244c800000, 138412032) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] close(4) = 0 [pid 5633] mkdir("./file2", 0777) = 0 [pid 5633] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5633] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./file2") = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [ 176.320091][ T5633] loop0: detected capacity change from 0 to 4096 [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... openat resumed>) = 4 [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5632] <... futex resumed>) = 0 [pid 5633] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5633] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... openat resumed>) = 5 [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... write resumed>) = 1036288 [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5632] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... mmap resumed>) = 0x20000000 [pid 5633] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] exit_group(0 [pid 5633] <... futex resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5632] <... exit_group resumed>) = ? [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 umount2("./266/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./266/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5634 attached , child_tidptr=0x55557f632690) = 5634 [pid 5634] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5634] chdir("./267") = 0 [pid 5634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5634] setpgid(0, 0) = 0 [pid 5634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5634] write(3, "1000", 4) = 4 [pid 5634] close(3) = 0 [pid 5634] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5634] write(1, "executing program\n", 18) = 18 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5634] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5635 attached [pid 5635] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5635] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] <... clone3 resumed> => {parent_tid=[5635]}, 88) = 5635 [pid 5635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5635] memfd_create("syzkaller", 0) = 3 [pid 5635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5635] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5635] munmap(0x7f244c800000, 138412032) = 0 [pid 5635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5635] close(3) = 0 [pid 5635] close(4) = 0 [pid 5635] mkdir("./file2", 0777) = 0 [pid 5635] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5635] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5635] chdir("./file2") = 0 [ 176.737537][ T5635] loop0: detected capacity change from 0 to 4096 [pid 5635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5635] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5634] <... futex resumed>) = 0 [pid 5635] <... openat resumed>) = 4 [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5634] <... futex resumed>) = 0 [pid 5635] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... futex resumed>) = 0 [pid 5635] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... openat resumed>) = 5 [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5635] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... write resumed>) = 1036288 [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... futex resumed>) = 0 [pid 5635] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5634] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... mmap resumed>) = 0x20000000 [pid 5635] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] exit_group(0 [pid 5635] <... futex resumed>) = ? [pid 5634] <... exit_group resumed>) = ? [pid 5635] +++ exited with 0 +++ [pid 5634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5634, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 umount2("./267/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./267/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5636 attached , child_tidptr=0x55557f632690) = 5636 [pid 5636] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5636] chdir("./268") = 0 [pid 5636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5636] setpgid(0, 0) = 0 [pid 5636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5636] write(3, "1000", 4) = 4 [pid 5636] close(3) = 0 [pid 5636] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5636] write(1, "executing program\n", 18) = 18 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5636] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5637 attached [pid 5637] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5637] set_robust_list(0x7f2454d0d9a0, 24 [pid 5636] <... clone3 resumed> => {parent_tid=[5637]}, 88) = 5637 [pid 5637] <... set_robust_list resumed>) = 0 [pid 5636] rt_sigprocmask(SIG_SETMASK, [], [pid 5637] rt_sigprocmask(SIG_SETMASK, [], [pid 5636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] memfd_create("syzkaller", 0 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5637] <... memfd_create resumed>) = 3 [pid 5637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5637] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5637] munmap(0x7f244c800000, 138412032) = 0 [pid 5637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5637] close(3) = 0 [pid 5637] close(4) = 0 [pid 5637] mkdir("./file2", 0777) = 0 [pid 5637] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5637] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 177.141066][ T5637] loop0: detected capacity change from 0 to 4096 [pid 5637] chdir("./file2") = 0 [pid 5637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... openat resumed>) = 4 [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = 1 [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... openat resumed>) = 5 [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5636] <... futex resumed>) = 0 [pid 5637] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... write resumed>) = 1036288 [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5636] <... futex resumed>) = 0 [pid 5637] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5636] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... mmap resumed>) = 0x20000000 [pid 5637] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] exit_group(0 [pid 5637] <... futex resumed>) = ? [pid 5636] <... exit_group resumed>) = ? [pid 5637] +++ exited with 0 +++ [pid 5636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5636, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/binderfs") = 0 umount2("./268/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./268/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5638 attached , child_tidptr=0x55557f632690) = 5638 [pid 5638] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5638] chdir("./269") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] write(1, "executing program\n", 18executing program ) = 18 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5638] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5639 attached [pid 5639] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5638] <... clone3 resumed> => {parent_tid=[5639]}, 88) = 5639 [pid 5639] <... rseq resumed>) = 0 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5639] set_robust_list(0x7f2454d0d9a0, 24 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5639] <... set_robust_list resumed>) = 0 [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] <... futex resumed>) = 0 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5639] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5639] munmap(0x7f244c800000, 138412032) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] close(4) = 0 [pid 5639] mkdir("./file2", 0777) = 0 [pid 5639] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5639] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./file2") = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5638] <... futex resumed>) = 0 [ 177.630846][ T5639] loop0: detected capacity change from 0 to 4096 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... openat resumed>) = 4 [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5638] <... futex resumed>) = 0 [pid 5639] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] <... futex resumed>) = 0 [pid 5639] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... openat resumed>) = 5 [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... write resumed>) = 1036288 [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5638] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... mmap resumed>) = 0x20000000 [pid 5639] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] exit_group(0 [pid 5639] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... exit_group resumed>) = ? [pid 5639] <... futex resumed>) = ? [pid 5639] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5638, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./269/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5640 attached [pid 5640] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5640 [pid 5640] <... set_robust_list resumed>) = 0 [pid 5640] chdir("./270") = 0 [pid 5640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5640] setpgid(0, 0) = 0 [pid 5640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5640] write(3, "1000", 4) = 4 [pid 5640] close(3) = 0 [pid 5640] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5640] write(1, "executing program\n", 18) = 18 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5640] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5641 attached [pid 5641] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5640] <... clone3 resumed> => {parent_tid=[5641]}, 88) = 5641 [pid 5641] <... rseq resumed>) = 0 [pid 5640] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] set_robust_list(0x7f2454d0d9a0, 24 [pid 5640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5641] <... set_robust_list resumed>) = 0 [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5640] <... futex resumed>) = 0 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5641] memfd_create("syzkaller", 0) = 3 [pid 5641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5641] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5641] munmap(0x7f244c800000, 138412032) = 0 [pid 5641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5641] close(3) = 0 [pid 5641] close(4) = 0 [pid 5641] mkdir("./file2", 0777) = 0 [pid 5641] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5641] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 178.112682][ T5641] loop0: detected capacity change from 0 to 4096 [pid 5641] chdir("./file2") = 0 [pid 5641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5641] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... openat resumed>) = 4 [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5641] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... futex resumed>) = 0 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5641] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] <... futex resumed>) = 0 [pid 5641] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... openat resumed>) = 5 [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5641] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] <... futex resumed>) = 0 [pid 5641] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... write resumed>) = 1036288 [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5641] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5640] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... mmap resumed>) = 0x20000000 [pid 5641] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] <... futex resumed>) = 0 [pid 5640] exit_group(0 [pid 5641] <... futex resumed>) = ? [pid 5640] <... exit_group resumed>) = ? [pid 5641] +++ exited with 0 +++ [pid 5640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5640, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./270/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5642 ./strace-static-x86_64: Process 5642 attached [pid 5642] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5642] chdir("./271") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5642] write(1, "executing program\n", 18) = 18 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5642] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5643 attached => {parent_tid=[5643]}, 88) = 5643 [pid 5643] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] <... rseq resumed>) = 0 [pid 5642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] set_robust_list(0x7f2454d0d9a0, 24 [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... set_robust_list resumed>) = 0 [pid 5642] <... futex resumed>) = 0 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] memfd_create("syzkaller", 0) = 3 [pid 5643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5643] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5643] munmap(0x7f244c800000, 138412032) = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5643] close(3) = 0 [pid 5643] close(4) = 0 [pid 5643] mkdir("./file2", 0777) = 0 [pid 5643] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5643] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5643] chdir("./file2") = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 178.586274][ T5643] loop0: detected capacity change from 0 to 4096 [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 1 [pid 5643] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... openat resumed>) = 5 [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... write resumed>) = 1036288 [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5642] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... mmap resumed>) = 0x20000000 [pid 5643] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] <... futex resumed>) = 0 [pid 5642] exit_group(0 [pid 5643] <... futex resumed>) = ? [pid 5642] <... exit_group resumed>) = ? [pid 5643] +++ exited with 0 +++ [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 umount2("./271/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./271/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5644 attached , child_tidptr=0x55557f632690) = 5644 [pid 5644] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5644] chdir("./272") = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [pid 5644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5644] write(1, "executing program\n", 18executing program ) = 18 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5644] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5644] <... clone3 resumed> => {parent_tid=[5645]}, 88) = 5645 [pid 5645] <... rseq resumed>) = 0 [pid 5645] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 0 [pid 5645] memfd_create("syzkaller", 0) = 3 [pid 5645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5645] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5645] munmap(0x7f244c800000, 138412032) = 0 [pid 5645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5645] close(3) = 0 [pid 5645] close(4) = 0 [pid 5645] mkdir("./file2", 0777) = 0 [pid 5645] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 179.009524][ T5645] loop0: detected capacity change from 0 to 4096 [pid 5645] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5645] chdir("./file2") = 0 [pid 5645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5645] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... openat resumed>) = 4 [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 0 [pid 5645] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... openat resumed>) = 5 [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5645] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... write resumed>) = 1036288 [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 0 [pid 5645] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5645] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] exit_group(0 [pid 5645] <... futex resumed>) = ? [pid 5644] <... exit_group resumed>) = ? [pid 5645] +++ exited with 0 +++ [pid 5644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5644, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 umount2("./272/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./272/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5646 attached , child_tidptr=0x55557f632690) = 5646 [pid 5646] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5646] chdir("./273") = 0 [pid 5646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5646] setpgid(0, 0) = 0 [pid 5646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5646] write(3, "1000", 4) = 4 [pid 5646] close(3) = 0 [pid 5646] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5646] write(1, "executing program\n", 18) = 18 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5646] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5647 attached [pid 5647] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5647] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5646] <... clone3 resumed> => {parent_tid=[5647]}, 88) = 5647 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5647] memfd_create("syzkaller", 0) = 3 [pid 5647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5647] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5647] munmap(0x7f244c800000, 138412032) = 0 [pid 5647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5647] close(3) = 0 [pid 5647] close(4) = 0 [pid 5647] mkdir("./file2", 0777) = 0 [pid 5647] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5647] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5647] chdir("./file2") = 0 [pid 5647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... openat resumed>) = 4 [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 179.495616][ T5647] loop0: detected capacity change from 0 to 4096 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] <... futex resumed>) = 0 [pid 5647] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... write resumed>) = 1036288 [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... futex resumed>) = 0 [pid 5646] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5647] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5646] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... mmap resumed>) = 0x20000000 [pid 5647] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... futex resumed>) = 0 [pid 5646] exit_group(0) = ? [pid 5647] <... futex resumed>) = ? [pid 5647] +++ exited with 0 +++ [pid 5646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5646, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./273/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5648 attached , child_tidptr=0x55557f632690) = 5648 [pid 5648] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5648] chdir("./274") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5648] write(1, "executing program\n", 18) = 18 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5648] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5649 attached [pid 5649] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5648] <... clone3 resumed> => {parent_tid=[5649]}, 88) = 5649 [pid 5649] <... rseq resumed>) = 0 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], [pid 5649] set_robust_list(0x7f2454d0d9a0, 24 [pid 5648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5649] <... set_robust_list resumed>) = 0 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5649] memfd_create("syzkaller", 0) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5649] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5649] munmap(0x7f244c800000, 138412032) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5649] close(3) = 0 [pid 5649] close(4) = 0 [pid 5649] mkdir("./file2", 0777) = 0 [pid 5649] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5649] chdir("./file2") = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 179.933803][ T5649] loop0: detected capacity change from 0 to 4096 [pid 5649] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5649] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5649] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... openat resumed>) = 5 [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = 0 [pid 5649] <... futex resumed>) = 1 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... write resumed>) = 1036288 [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = 0 [pid 5649] <... futex resumed>) = 1 [pid 5648] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... mmap resumed>) = 0x20000000 [pid 5649] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] exit_group(0 [pid 5649] <... futex resumed>) = ? [pid 5648] <... exit_group resumed>) = ? [pid 5649] +++ exited with 0 +++ [pid 5648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5648, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./274", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 umount2("./274/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./274/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5650 attached , child_tidptr=0x55557f632690) = 5650 [pid 5650] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5650] chdir("./275") = 0 [pid 5650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5650] setpgid(0, 0) = 0 [pid 5650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5650] write(3, "1000", 4) = 4 [pid 5650] close(3) = 0 [pid 5650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5650] write(1, "executing program\n", 18executing program ) = 18 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5650] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5651 attached [pid 5651] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5650] <... clone3 resumed> => {parent_tid=[5651]}, 88) = 5651 [pid 5651] set_robust_list(0x7f2454d0d9a0, 24 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] <... set_robust_list resumed>) = 0 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] rt_sigprocmask(SIG_SETMASK, [], [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5651] memfd_create("syzkaller", 0) = 3 [pid 5651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5651] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5651] munmap(0x7f244c800000, 138412032) = 0 [pid 5651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5651] close(3) = 0 [pid 5651] close(4) = 0 [pid 5651] mkdir("./file2", 0777) = 0 [pid 5651] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5651] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 180.380298][ T5651] loop0: detected capacity change from 0 to 4096 [pid 5651] chdir("./file2") = 0 [pid 5651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5651] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... openat resumed>) = 4 [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... openat resumed>) = 5 [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... write resumed>) = 1036288 [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] <... futex resumed>) = 0 [pid 5651] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5650] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... mmap resumed>) = 0x20000000 [pid 5651] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... futex resumed>) = 0 [pid 5650] exit_group(0 [pid 5651] <... futex resumed>) = ? [pid 5650] <... exit_group resumed>) = ? [pid 5651] +++ exited with 0 +++ [pid 5650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5650, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./275", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./275/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5652 ./strace-static-x86_64: Process 5652 attached [pid 5652] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5652] chdir("./276") = 0 [pid 5652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5652] setpgid(0, 0) = 0 [pid 5652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5652] write(3, "1000", 4) = 4 [pid 5652] close(3) = 0 [pid 5652] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5652] write(1, "executing program\n", 18) = 18 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5652] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5652] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5653 attached [pid 5653] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5652] <... clone3 resumed> => {parent_tid=[5653]}, 88) = 5653 [pid 5653] <... rseq resumed>) = 0 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] set_robust_list(0x7f2454d0d9a0, 24 [pid 5652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5652] <... futex resumed>) = 0 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5653] memfd_create("syzkaller", 0) = 3 [pid 5653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5653] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5653] munmap(0x7f244c800000, 138412032) = 0 [pid 5653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5653] close(3) = 0 [pid 5653] close(4) = 0 [pid 5653] mkdir("./file2", 0777) = 0 [pid 5653] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5653] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5653] chdir("./file2") = 0 [pid 5653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 180.892909][ T5653] loop0: detected capacity change from 0 to 4096 [pid 5653] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... openat resumed>) = 4 [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5653] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5652] <... futex resumed>) = 1 [pid 5653] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5652] <... futex resumed>) = 0 [pid 5653] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... openat resumed>) = 5 [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5652] <... futex resumed>) = 1 [pid 5653] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... write resumed>) = 1036288 [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5653] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5652] <... futex resumed>) = 1 [pid 5652] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... mmap resumed>) = 0x20000000 [pid 5653] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] exit_group(0 [pid 5653] <... futex resumed>) = ? [pid 5652] <... exit_group resumed>) = ? [pid 5653] +++ exited with 0 +++ [pid 5652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5652, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./276", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./276/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5654 attached , child_tidptr=0x55557f632690) = 5654 [pid 5654] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5654] chdir("./277") = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] write(1, "executing program\n", 18executing program ) = 18 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5654] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5654] <... clone3 resumed> => {parent_tid=[5655]}, 88) = 5655 [pid 5655] <... rseq resumed>) = 0 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] set_robust_list(0x7f2454d0d9a0, 24 [pid 5654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5655] <... set_robust_list resumed>) = 0 [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], [pid 5654] <... futex resumed>) = 0 [pid 5655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5655] memfd_create("syzkaller", 0) = 3 [pid 5655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5655] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5655] munmap(0x7f244c800000, 138412032) = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5655] close(3) = 0 [pid 5655] close(4) = 0 [pid 5655] mkdir("./file2", 0777) = 0 [pid 5655] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5655] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5655] chdir("./file2") = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [ 181.321051][ T5655] loop0: detected capacity change from 0 to 4096 [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... openat resumed>) = 4 [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = 0 [pid 5655] <... futex resumed>) = 1 [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5654] <... futex resumed>) = 0 [pid 5655] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5655] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5655] <... futex resumed>) = 0 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = 0 [pid 5655] <... futex resumed>) = 1 [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... write resumed>) = 1036288 [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = 0 [pid 5655] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5654] <... futex resumed>) = 1 [pid 5654] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... mmap resumed>) = 0x20000000 [pid 5655] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] exit_group(0 [pid 5655] <... futex resumed>) = ? [pid 5654] <... exit_group resumed>) = ? [pid 5655] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5654, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 umount2("./277/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./277/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5656 attached , child_tidptr=0x55557f632690) = 5656 [pid 5656] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5656] chdir("./278") = 0 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5656] setpgid(0, 0) = 0 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5656] write(3, "1000", 4) = 4 [pid 5656] close(3) = 0 [pid 5656] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5656] write(1, "executing program\n", 18) = 18 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5656] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5657 attached => {parent_tid=[5657]}, 88) = 5657 [pid 5657] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5657] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5657] memfd_create("syzkaller", 0) = 3 [pid 5657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5657] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5657] munmap(0x7f244c800000, 138412032) = 0 [pid 5657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5657] close(3) = 0 [pid 5657] close(4) = 0 [pid 5657] mkdir("./file2", 0777) = 0 [pid 5657] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5657] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5657] chdir("./file2") = 0 [pid 5657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5656] <... futex resumed>) = 0 [ 181.771331][ T5657] loop0: detected capacity change from 0 to 4096 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... openat resumed>) = 4 [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5657] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5656] <... futex resumed>) = 1 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... openat resumed>) = 5 [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5656] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... mmap resumed>) = 0x20000000 [pid 5657] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] exit_group(0 [pid 5657] <... futex resumed>) = ? [pid 5656] <... exit_group resumed>) = ? [pid 5657] +++ exited with 0 +++ [pid 5656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5656, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./278", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./278/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5658 attached , child_tidptr=0x55557f632690) = 5658 [pid 5658] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5658] chdir("./279") = 0 [pid 5658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5658] setpgid(0, 0) = 0 [pid 5658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5658] write(3, "1000", 4) = 4 [pid 5658] close(3) = 0 [pid 5658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5658] write(1, "executing program\n", 18executing program ) = 18 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5658] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5658] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5659 attached [pid 5659] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5658] <... clone3 resumed> => {parent_tid=[5659]}, 88) = 5659 [pid 5659] set_robust_list(0x7f2454d0d9a0, 24 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], [pid 5659] <... set_robust_list resumed>) = 0 [pid 5658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5658] <... futex resumed>) = 0 [pid 5659] memfd_create("syzkaller", 0 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5659] <... memfd_create resumed>) = 3 [pid 5659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5659] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5659] munmap(0x7f244c800000, 138412032) = 0 [pid 5659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5659] close(3) = 0 [pid 5659] close(4) = 0 [pid 5659] mkdir("./file2", 0777) = 0 [pid 5659] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5659] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5659] chdir("./file2") = 0 [pid 5659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [ 182.205828][ T5659] loop0: detected capacity change from 0 to 4096 [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... openat resumed>) = 4 [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5659] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... openat resumed>) = 5 [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5659] <... futex resumed>) = 1 [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... write resumed>) = 1036288 [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] <... futex resumed>) = 0 [pid 5659] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5658] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... mmap resumed>) = 0x20000000 [pid 5659] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5659] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] exit_group(0) = ? [pid 5659] <... futex resumed>) = ? [pid 5659] +++ exited with 0 +++ [pid 5658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5658, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./279", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./279/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5660 attached , child_tidptr=0x55557f632690) = 5660 [pid 5660] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5660] chdir("./280") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] write(1, "executing program\n", 18executing program ) = 18 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5660] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5660] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 [pid 5661] <... rseq resumed>) = 0 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] set_robust_list(0x7f2454d0d9a0, 24 [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] <... set_robust_list resumed>) = 0 [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] memfd_create("syzkaller", 0) = 3 [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5661] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5661] munmap(0x7f244c800000, 138412032) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5661] close(3) = 0 [pid 5661] close(4) = 0 [pid 5661] mkdir("./file2", 0777) = 0 [pid 5661] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5661] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5661] chdir("./file2") = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 182.621354][ T5661] loop0: detected capacity change from 0 to 4096 [pid 5661] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... openat resumed>) = 4 [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5661] <... futex resumed>) = 1 [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5660] <... futex resumed>) = 0 [pid 5661] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] <... futex resumed>) = 0 [pid 5661] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... openat resumed>) = 5 [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... write resumed>) = 1036288 [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5660] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... mmap resumed>) = 0x20000000 [pid 5661] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] exit_group(0 [pid 5661] <... futex resumed>) = ? [pid 5661] +++ exited with 0 +++ [pid 5660] <... exit_group resumed>) = ? [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./280", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 umount2("./280/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./280/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached [pid 5662] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5662 [pid 5662] <... set_robust_list resumed>) = 0 [pid 5662] chdir("./281") = 0 [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5662] setpgid(0, 0) = 0 [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5662] write(3, "1000", 4) = 4 [pid 5662] close(3) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5662] write(1, "executing program\n", 18) = 18 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5662] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5663 attached [pid 5663] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5662] <... clone3 resumed> => {parent_tid=[5663]}, 88) = 5663 [pid 5663] <... rseq resumed>) = 0 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], [pid 5663] set_robust_list(0x7f2454d0d9a0, 24 [pid 5662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5663] <... set_robust_list resumed>) = 0 [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5663] memfd_create("syzkaller", 0) = 3 [pid 5663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5663] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5663] munmap(0x7f244c800000, 138412032) = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5663] close(3) = 0 [pid 5663] close(4) = 0 [pid 5663] mkdir("./file2", 0777) = 0 [pid 5663] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 183.054993][ T5663] loop0: detected capacity change from 0 to 4096 [pid 5663] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5663] chdir("./file2") = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5663] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] <... openat resumed>) = 5 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5663] <... futex resumed>) = 0 [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... write resumed>) = 1036288 [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5662] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... mmap resumed>) = 0x20000000 [pid 5663] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = 1 [pid 5662] exit_group(0 [pid 5663] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5662] <... exit_group resumed>) = ? [pid 5663] +++ exited with 0 +++ [pid 5662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5662, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./281", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./281/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5664 attached , child_tidptr=0x55557f632690) = 5664 [pid 5664] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5664] chdir("./282") = 0 [pid 5664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5664] setpgid(0, 0) = 0 [pid 5664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5664] write(3, "1000", 4) = 4 [pid 5664] close(3) = 0 [pid 5664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5664] write(1, "executing program\n", 18executing program ) = 18 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5664] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5664] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5665 attached [pid 5665] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5664] <... clone3 resumed> => {parent_tid=[5665]}, 88) = 5665 [pid 5665] <... rseq resumed>) = 0 [pid 5664] rt_sigprocmask(SIG_SETMASK, [], [pid 5665] set_robust_list(0x7f2454d0d9a0, 24 [pid 5664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5665] <... set_robust_list resumed>) = 0 [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5665] memfd_create("syzkaller", 0) = 3 [pid 5665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5665] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5665] munmap(0x7f244c800000, 138412032) = 0 [pid 5665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5665] close(3) = 0 [pid 5665] close(4) = 0 [pid 5665] mkdir("./file2", 0777) = 0 [pid 5665] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5665] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 183.530356][ T5665] loop0: detected capacity change from 0 to 4096 [pid 5665] chdir("./file2") = 0 [pid 5665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] <... futex resumed>) = 0 [pid 5664] <... futex resumed>) = 1 [pid 5665] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... openat resumed>) = 4 [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5665] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5664] <... futex resumed>) = 0 [pid 5665] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... futex resumed>) = 0 [pid 5664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5664] <... futex resumed>) = 0 [pid 5665] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... openat resumed>) = 5 [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... write resumed>) = 1036288 [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5664] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5664] <... futex resumed>) = 0 [pid 5664] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] <... mmap resumed>) = 0x20000000 [pid 5665] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5664] exit_group(0 [pid 5665] <... futex resumed>) = ? [pid 5664] <... exit_group resumed>) = ? [pid 5665] +++ exited with 0 +++ [pid 5664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5664, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./282/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5666 attached , child_tidptr=0x55557f632690) = 5666 [pid 5666] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5666] chdir("./283") = 0 [pid 5666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5666] setpgid(0, 0) = 0 [pid 5666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5666] write(3, "1000", 4) = 4 [pid 5666] close(3) = 0 [pid 5666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5666] write(1, "executing program\n", 18executing program ) = 18 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5666] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5667 attached [pid 5667] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5666] <... clone3 resumed> => {parent_tid=[5667]}, 88) = 5667 [pid 5667] <... rseq resumed>) = 0 [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] set_robust_list(0x7f2454d0d9a0, 24 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] <... set_robust_list resumed>) = 0 [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] <... futex resumed>) = 0 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5667] memfd_create("syzkaller", 0) = 3 [pid 5667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5667] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5667] munmap(0x7f244c800000, 138412032) = 0 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5667] close(3) = 0 [pid 5667] close(4) = 0 [pid 5667] mkdir("./file2", 0777) = 0 [pid 5667] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5667] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5667] chdir("./file2") = 0 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = 4 [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [ 184.052477][ T5667] loop0: detected capacity change from 0 to 4096 [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = 5 [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = 1 [pid 5667] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5666] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... mmap resumed>) = 0x20000000 [pid 5667] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] exit_group(0 [pid 5667] <... futex resumed>) = ? [pid 5666] <... exit_group resumed>) = ? [pid 5667] +++ exited with 0 +++ [pid 5666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5666, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./283", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 umount2("./283/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./283/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5668 attached , child_tidptr=0x55557f632690) = 5668 [pid 5668] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5668] chdir("./284") = 0 [pid 5668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5668] setpgid(0, 0) = 0 [pid 5668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5668] write(3, "1000", 4) = 4 [pid 5668] close(3) = 0 [pid 5668] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5668] write(1, "executing program\n", 18) = 18 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5668] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5669 attached [pid 5669] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5669] set_robust_list(0x7f2454d0d9a0, 24 [pid 5668] <... clone3 resumed> => {parent_tid=[5669]}, 88) = 5669 [pid 5669] <... set_robust_list resumed>) = 0 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5669] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] memfd_create("syzkaller", 0 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5669] <... memfd_create resumed>) = 3 [pid 5669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5669] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5669] munmap(0x7f244c800000, 138412032) = 0 [pid 5669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5669] close(3) = 0 [pid 5669] close(4) = 0 [pid 5669] mkdir("./file2", 0777) = 0 [pid 5669] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5669] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5669] chdir("./file2") = 0 [pid 5669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 184.522627][ T5669] loop0: detected capacity change from 0 to 4096 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5669] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5668] <... futex resumed>) = 0 [pid 5669] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5669] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5668] <... futex resumed>) = 0 [pid 5669] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... openat resumed>) = 5 [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] <... futex resumed>) = 1 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5669] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5668] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... mmap resumed>) = 0x20000000 [pid 5669] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] <... futex resumed>) = 0 [pid 5668] exit_group(0 [pid 5669] <... futex resumed>) = ? [pid 5668] <... exit_group resumed>) = ? [pid 5669] +++ exited with 0 +++ [pid 5668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5668, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./284/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5670 attached , child_tidptr=0x55557f632690) = 5670 [pid 5670] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5670] chdir("./285") = 0 [pid 5670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5670] setpgid(0, 0) = 0 [pid 5670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5670] write(3, "1000", 4) = 4 [pid 5670] close(3) = 0 [pid 5670] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5670] write(1, "executing program\n", 18) = 18 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5670] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5671 attached => {parent_tid=[5671]}, 88) = 5671 [pid 5671] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5670] rt_sigprocmask(SIG_SETMASK, [], [pid 5671] set_robust_list(0x7f2454d0d9a0, 24 [pid 5670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5671] <... set_robust_list resumed>) = 0 [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] rt_sigprocmask(SIG_SETMASK, [], [pid 5670] <... futex resumed>) = 0 [pid 5671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5671] memfd_create("syzkaller", 0) = 3 [pid 5671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5671] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5671] munmap(0x7f244c800000, 138412032) = 0 [pid 5671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5671] close(3) = 0 [pid 5671] close(4) = 0 [pid 5671] mkdir("./file2", 0777) = 0 [pid 5671] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5671] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 184.972618][ T5671] loop0: detected capacity change from 0 to 4096 [pid 5671] chdir("./file2") = 0 [pid 5671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5671] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5671] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5671] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5670] <... futex resumed>) = 0 [pid 5671] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5671] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... openat resumed>) = 5 [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5671] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5670] <... futex resumed>) = 0 [pid 5671] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... write resumed>) = 1036288 [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... futex resumed>) = 0 [pid 5670] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... futex resumed>) = 0 [pid 5671] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5671] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5670] <... futex resumed>) = 0 [pid 5671] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] exit_group(0 [pid 5671] <... futex resumed>) = ? [pid 5670] <... exit_group resumed>) = ? [pid 5671] +++ exited with 0 +++ [pid 5670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5670, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 umount2("./285/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./285/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5672 attached , child_tidptr=0x55557f632690) = 5672 [pid 5672] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5672] chdir("./286") = 0 [pid 5672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5672] setpgid(0, 0) = 0 [pid 5672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5672] write(3, "1000", 4) = 4 [pid 5672] close(3) = 0 [pid 5672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5672] write(1, "executing program\n", 18executing program ) = 18 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5672] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5673 attached [pid 5673] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5672] <... clone3 resumed> => {parent_tid=[5673]}, 88) = 5673 [pid 5673] <... rseq resumed>) = 0 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], [pid 5673] set_robust_list(0x7f2454d0d9a0, 24 [pid 5672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5673] <... set_robust_list resumed>) = 0 [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] <... futex resumed>) = 0 [pid 5673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] memfd_create("syzkaller", 0) = 3 [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5673] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5673] munmap(0x7f244c800000, 138412032) = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5673] close(3) = 0 [pid 5673] close(4) = 0 [pid 5673] mkdir("./file2", 0777) = 0 [ 185.442505][ T5673] loop0: detected capacity change from 0 to 4096 [pid 5673] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5673] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5673] chdir("./file2") = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5673] <... openat resumed>) = 4 [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... futex resumed>) = 0 [pid 5672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5673] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] <... futex resumed>) = 0 [pid 5673] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5673] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... openat resumed>) = 5 [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... write resumed>) = 1036288 [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5672] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... mmap resumed>) = 0x20000000 [pid 5673] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] <... futex resumed>) = 0 [pid 5672] exit_group(0 [pid 5673] <... futex resumed>) = ? [pid 5673] +++ exited with 0 +++ [pid 5672] <... exit_group resumed>) = ? [pid 5672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5672, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 umount2("./286/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./286/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5674 attached , child_tidptr=0x55557f632690) = 5674 [pid 5674] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5674] chdir("./287") = 0 [pid 5674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5674] setpgid(0, 0) = 0 [pid 5674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5674] write(3, "1000", 4) = 4 [pid 5674] close(3) = 0 [pid 5674] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5674] write(1, "executing program\n", 18) = 18 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5674] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5675 attached [pid 5675] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5674] <... clone3 resumed> => {parent_tid=[5675]}, 88) = 5675 [pid 5675] <... rseq resumed>) = 0 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], [pid 5675] set_robust_list(0x7f2454d0d9a0, 24 [pid 5674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5675] <... set_robust_list resumed>) = 0 [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5674] <... futex resumed>) = 0 [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5675] memfd_create("syzkaller", 0) = 3 [pid 5675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5675] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5675] munmap(0x7f244c800000, 138412032) = 0 [pid 5675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5675] close(3) = 0 [pid 5675] close(4) = 0 [pid 5675] mkdir("./file2", 0777) = 0 [pid 5675] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5675] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 185.893566][ T5675] loop0: detected capacity change from 0 to 4096 [pid 5675] chdir("./file2") = 0 [pid 5675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... futex resumed>) = 1 [pid 5675] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5675] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5674] <... futex resumed>) = 0 [pid 5675] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5675] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... openat resumed>) = 5 [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = 0 [pid 5674] <... futex resumed>) = 1 [pid 5675] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5674] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... mmap resumed>) = 0x20000000 [pid 5675] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] <... futex resumed>) = 0 [pid 5674] exit_group(0 [pid 5675] <... futex resumed>) = ? [pid 5674] <... exit_group resumed>) = ? [pid 5675] +++ exited with 0 +++ [pid 5674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5674, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./287", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./287/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5676 attached , child_tidptr=0x55557f632690) = 5676 [pid 5676] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5676] chdir("./288") = 0 [pid 5676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5676] setpgid(0, 0) = 0 [pid 5676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5676] write(3, "1000", 4) = 4 [pid 5676] close(3) = 0 [pid 5676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5676] write(1, "executing program\n", 18executing program ) = 18 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5676] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5677 attached [pid 5677] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5676] <... clone3 resumed> => {parent_tid=[5677]}, 88) = 5677 [pid 5677] <... rseq resumed>) = 0 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] set_robust_list(0x7f2454d0d9a0, 24 [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] <... set_robust_list resumed>) = 0 [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] <... futex resumed>) = 0 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5677] memfd_create("syzkaller", 0) = 3 [pid 5677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5677] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5677] munmap(0x7f244c800000, 138412032) = 0 [pid 5677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5677] close(3) = 0 [pid 5677] close(4) = 0 [pid 5677] mkdir("./file2", 0777) = 0 [pid 5677] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5677] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5677] chdir("./file2") = 0 [pid 5677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... openat resumed>) = 4 [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [ 186.443707][ T5677] loop0: detected capacity change from 0 to 4096 [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5677] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5676] <... futex resumed>) = 1 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... openat resumed>) = 5 [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5676] <... futex resumed>) = 0 [pid 5677] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... write resumed>) = 1036288 [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5676] <... futex resumed>) = 0 [pid 5677] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5676] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... mmap resumed>) = 0x20000000 [pid 5677] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] exit_group(0 [pid 5677] <... futex resumed>) = ? [pid 5677] +++ exited with 0 +++ [pid 5676] <... exit_group resumed>) = ? [pid 5676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5676, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./288/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5678 ./strace-static-x86_64: Process 5678 attached [pid 5678] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5678] chdir("./289") = 0 [pid 5678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5678] setpgid(0, 0) = 0 [pid 5678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5678] write(3, "1000", 4) = 4 [pid 5678] close(3) = 0 [pid 5678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5678] write(1, "executing program\n", 18executing program ) = 18 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5678] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5678] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5678] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5679 attached [pid 5679] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5678] <... clone3 resumed> => {parent_tid=[5679]}, 88) = 5679 [pid 5679] <... rseq resumed>) = 0 [pid 5678] rt_sigprocmask(SIG_SETMASK, [], [pid 5679] set_robust_list(0x7f2454d0d9a0, 24 [pid 5678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5679] <... set_robust_list resumed>) = 0 [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5679] memfd_create("syzkaller", 0) = 3 [pid 5679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5679] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5679] munmap(0x7f244c800000, 138412032) = 0 [pid 5679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5679] close(3) = 0 [pid 5679] close(4) = 0 [pid 5679] mkdir("./file2", 0777) = 0 [pid 5679] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5679] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 186.853926][ T5679] loop0: detected capacity change from 0 to 4096 [pid 5679] chdir("./file2") = 0 [pid 5679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = 0 [pid 5678] <... futex resumed>) = 1 [pid 5679] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... openat resumed>) = 4 [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5678] <... futex resumed>) = 0 [pid 5679] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5678] <... futex resumed>) = 0 [pid 5679] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... openat resumed>) = 5 [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5678] <... futex resumed>) = 0 [pid 5679] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... write resumed>) = 1036288 [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = 0 [pid 5678] <... futex resumed>) = 1 [pid 5679] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5678] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... mmap resumed>) = 0x20000000 [pid 5679] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] exit_group(0 [pid 5679] <... futex resumed>) = ? [pid 5678] <... exit_group resumed>) = ? [pid 5679] +++ exited with 0 +++ [pid 5678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5678, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./289", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./289/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5680 attached , child_tidptr=0x55557f632690) = 5680 [pid 5680] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5680] chdir("./290") = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] write(1, "executing program\n", 18executing program ) = 18 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5680] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5681 attached => {parent_tid=[5681]}, 88) = 5681 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5681] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5681] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5681] memfd_create("syzkaller", 0) = 3 [pid 5681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5681] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5681] munmap(0x7f244c800000, 138412032) = 0 [pid 5681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5681] close(3) = 0 [pid 5681] close(4) = 0 [pid 5681] mkdir("./file2", 0777) = 0 [pid 5681] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5681] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5681] chdir("./file2") = 0 [pid 5681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [ 187.285554][ T5681] loop0: detected capacity change from 0 to 4096 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... openat resumed>) = 4 [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5680] <... futex resumed>) = 0 [pid 5681] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5681] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] <... openat resumed>) = 5 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... write resumed>) = 1036288 [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... futex resumed>) = 1 [pid 5681] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5681] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5681] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] exit_group(0 [pid 5681] <... futex resumed>) = ? [pid 5680] <... exit_group resumed>) = ? [pid 5681] +++ exited with 0 +++ [pid 5680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5680, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./290", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./290/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached , child_tidptr=0x55557f632690) = 5682 [pid 5682] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5682] chdir("./291") = 0 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5682] write(1, "executing program\n", 18) = 18 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5682] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5683 attached [pid 5683] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5682] <... clone3 resumed> => {parent_tid=[5683]}, 88) = 5683 [pid 5683] <... rseq resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] set_robust_list(0x7f2454d0d9a0, 24 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] <... set_robust_list resumed>) = 0 [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... futex resumed>) = 0 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5683] memfd_create("syzkaller", 0) = 3 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5683] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5683] munmap(0x7f244c800000, 138412032) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] close(4) = 0 [pid 5683] mkdir("./file2", 0777) = 0 [pid 5683] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5683] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./file2") = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [ 187.714897][ T5683] loop0: detected capacity change from 0 to 4096 [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... openat resumed>) = 4 [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5682] <... futex resumed>) = 1 [pid 5683] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5683] <... futex resumed>) = 1 [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... openat resumed>) = 5 [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5683] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... write resumed>) = 1036288 [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5682] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5683] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5682] exit_group(0 [pid 5683] <... futex resumed>) = ? [pid 5682] <... exit_group resumed>) = ? [pid 5683] +++ exited with 0 +++ [pid 5682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5682, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./291", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./291/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5684 attached , child_tidptr=0x55557f632690) = 5684 [pid 5684] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5684] chdir("./292") = 0 [pid 5684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5684] setpgid(0, 0) = 0 [pid 5684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5684] write(3, "1000", 4) = 4 [pid 5684] close(3) = 0 [pid 5684] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5684] write(1, "executing program\n", 18) = 18 [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5684] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5684] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5685 attached => {parent_tid=[5685]}, 88) = 5685 [pid 5684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5685] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] set_robust_list(0x7f2454d0d9a0, 24 [pid 5684] <... futex resumed>) = 0 [pid 5685] <... set_robust_list resumed>) = 0 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] memfd_create("syzkaller", 0) = 3 [pid 5685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5685] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5685] munmap(0x7f244c800000, 138412032) = 0 [pid 5685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5685] close(3) = 0 [pid 5685] close(4) = 0 [pid 5685] mkdir("./file2", 0777) = 0 [pid 5685] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5685] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5685] chdir("./file2") = 0 [pid 5685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] <... futex resumed>) = 0 [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = 0 [pid 5684] <... futex resumed>) = 1 [pid 5685] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... openat resumed>) = 4 [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5684] <... futex resumed>) = 0 [pid 5685] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5684] <... futex resumed>) = 0 [pid 5685] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... openat resumed>) = 5 [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] <... futex resumed>) = 0 [ 188.175107][ T5685] loop0: detected capacity change from 0 to 4096 [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = 0 [pid 5684] <... futex resumed>) = 1 [pid 5685] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... write resumed>) = 1036288 [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5684] <... futex resumed>) = 0 [pid 5685] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5684] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... mmap resumed>) = 0x20000000 [pid 5685] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] exit_group(0 [pid 5685] <... futex resumed>) = ? [pid 5685] +++ exited with 0 +++ [pid 5684] <... exit_group resumed>) = ? [pid 5684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5684, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 umount2("./292/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./292/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./292/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5686 attached , child_tidptr=0x55557f632690) = 5686 [pid 5686] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5686] chdir("./293") = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] write(1, "executing program\n", 18executing program ) = 18 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5686] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5687 attached [pid 5687] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5686] <... clone3 resumed> => {parent_tid=[5687]}, 88) = 5687 [pid 5687] <... rseq resumed>) = 0 [pid 5687] set_robust_list(0x7f2454d0d9a0, 24 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] <... set_robust_list resumed>) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5687] memfd_create("syzkaller", 0) = 3 [pid 5687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5687] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5687] munmap(0x7f244c800000, 138412032) = 0 [pid 5687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5687] close(3) = 0 [pid 5687] close(4) = 0 [pid 5687] mkdir("./file2", 0777) = 0 [ 188.585204][ T5687] loop0: detected capacity change from 0 to 4096 [pid 5687] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5687] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5687] chdir("./file2") = 0 [pid 5687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... openat resumed>) = 4 [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5686] <... futex resumed>) = 1 [pid 5687] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] <... futex resumed>) = 0 [pid 5687] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... openat resumed>) = 5 [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] <... futex resumed>) = 0 [pid 5687] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5686] <... futex resumed>) = 0 [pid 5687] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... write resumed>) = 1036288 [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5686] <... futex resumed>) = 1 [pid 5687] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5686] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... mmap resumed>) = 0x20000000 [pid 5687] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] <... futex resumed>) = 0 [pid 5687] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] exit_group(0) = ? [pid 5687] <... futex resumed>) = ? [pid 5687] +++ exited with 0 +++ [pid 5686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5686, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./293", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 umount2("./293/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./293/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./293/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5688 attached [pid 5688] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5688] chdir("./294") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5688 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5688] write(3, "1000", 4) = 4 [pid 5688] close(3) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5688] write(1, "executing program\n", 18executing program ) = 18 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5688] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5689 attached [pid 5689] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5688] <... clone3 resumed> => {parent_tid=[5689]}, 88) = 5689 [pid 5689] set_robust_list(0x7f2454d0d9a0, 24 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] <... set_robust_list resumed>) = 0 [pid 5688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5689] memfd_create("syzkaller", 0) = 3 [pid 5689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5689] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5689] munmap(0x7f244c800000, 138412032) = 0 [pid 5689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5689] close(3) = 0 [pid 5689] close(4) = 0 [pid 5689] mkdir("./file2", 0777) = 0 [pid 5689] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5689] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5689] chdir("./file2") = 0 [pid 5689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] <... openat resumed>) = 4 [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5689] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5689] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5688] <... futex resumed>) = 1 [pid 5689] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [ 189.067122][ T5689] loop0: detected capacity change from 0 to 4096 [pid 5689] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] <... futex resumed>) = 0 [pid 5689] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] <... openat resumed>) = 5 [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] <... write resumed>) = 1036288 [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5689] <... mmap resumed>) = 0x20000000 [pid 5689] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5689] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] exit_group(0 [pid 5689] <... futex resumed>) = ? [pid 5688] <... exit_group resumed>) = ? [pid 5689] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5688, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./294", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 umount2("./294/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./294/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./294/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5690 attached , child_tidptr=0x55557f632690) = 5690 [pid 5690] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5690] chdir("./295") = 0 [pid 5690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5690] setpgid(0, 0) = 0 [pid 5690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5690] write(3, "1000", 4) = 4 [pid 5690] close(3) = 0 [pid 5690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5690] write(1, "executing program\n", 18executing program ) = 18 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5690] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5690] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5691 attached => {parent_tid=[5691]}, 88) = 5691 [pid 5691] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5691] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] rt_sigprocmask(SIG_SETMASK, [], [pid 5691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5691] memfd_create("syzkaller", 0) = 3 [pid 5691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5691] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5691] munmap(0x7f244c800000, 138412032) = 0 [pid 5691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5691] close(3) = 0 [pid 5691] close(4) = 0 [pid 5691] mkdir("./file2", 0777) = 0 [ 189.500760][ T5691] loop0: detected capacity change from 0 to 4096 [pid 5691] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5691] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5691] chdir("./file2") = 0 [pid 5691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5690] <... futex resumed>) = 0 [pid 5691] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] <... openat resumed>) = 5 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... write resumed>) = 1036288 [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5690] <... futex resumed>) = 0 [pid 5691] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5690] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... mmap resumed>) = 0x20000000 [pid 5691] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] exit_group(0 [pid 5691] <... futex resumed>) = ? [pid 5691] +++ exited with 0 +++ [pid 5690] <... exit_group resumed>) = ? [pid 5690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5690, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 umount2("./295/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./295/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./295/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5692 attached , child_tidptr=0x55557f632690) = 5692 [pid 5692] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5692] chdir("./296") = 0 [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] write(1, "executing program\n", 18) = 18 executing program [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5692] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5693 attached [pid 5693] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5692] <... clone3 resumed> => {parent_tid=[5693]}, 88) = 5693 [pid 5693] set_robust_list(0x7f2454d0d9a0, 24 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5693] <... set_robust_list resumed>) = 0 [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5693] memfd_create("syzkaller", 0) = 3 [pid 5693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5693] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5693] munmap(0x7f244c800000, 138412032) = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5693] close(3) = 0 [pid 5693] close(4) = 0 [pid 5693] mkdir("./file2", 0777) = 0 [pid 5693] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5693] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5693] chdir("./file2") = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 189.929059][ T5693] loop0: detected capacity change from 0 to 4096 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5693] <... futex resumed>) = 1 [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... openat resumed>) = 4 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... openat resumed>) = 5 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... write resumed>) = 1036288 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5692] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... mmap resumed>) = 0x20000000 [pid 5693] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] exit_group(0) = ? [pid 5693] <... futex resumed>) = ? [pid 5693] +++ exited with 0 +++ [pid 5692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5692, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 umount2("./296/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./296/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5694 ./strace-static-x86_64: Process 5694 attached [pid 5694] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5694] chdir("./297") = 0 [pid 5694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5694] setpgid(0, 0) = 0 [pid 5694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5694] write(3, "1000", 4) = 4 [pid 5694] close(3) = 0 [pid 5694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5694] write(1, "executing program\n", 18executing program ) = 18 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5694] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5695 attached [pid 5695] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5694] <... clone3 resumed> => {parent_tid=[5695]}, 88) = 5695 [pid 5695] <... rseq resumed>) = 0 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], [pid 5695] set_robust_list(0x7f2454d0d9a0, 24 [pid 5694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5695] <... set_robust_list resumed>) = 0 [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5695] memfd_create("syzkaller", 0) = 3 [pid 5695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5695] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5695] munmap(0x7f244c800000, 138412032) = 0 [pid 5695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5695] close(3) = 0 [pid 5695] close(4) = 0 [pid 5695] mkdir("./file2", 0777) = 0 [pid 5695] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5695] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5695] chdir("./file2") = 0 [ 190.360065][ T5695] loop0: detected capacity change from 0 to 4096 [pid 5695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5694] <... futex resumed>) = 1 [pid 5695] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... openat resumed>) = 4 [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5694] <... futex resumed>) = 0 [pid 5695] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5694] <... futex resumed>) = 0 [pid 5695] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = 0 [pid 5695] <... futex resumed>) = 1 [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... openat resumed>) = 5 [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... write resumed>) = 1036288 [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = 0 [pid 5695] <... futex resumed>) = 1 [pid 5694] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5694] <... futex resumed>) = 0 [pid 5694] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... mmap resumed>) = 0x20000000 [pid 5695] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5694] <... futex resumed>) = 0 [pid 5695] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] exit_group(0 [pid 5695] <... futex resumed>) = ? [pid 5694] <... exit_group resumed>) = ? [pid 5695] +++ exited with 0 +++ [pid 5694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5694, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 umount2("./297/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./297/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./297/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5696 attached [pid 5696] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5696] chdir("./298") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5696 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] write(1, "executing program\n", 18executing program ) = 18 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5696] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5697 attached [pid 5697] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5696] <... clone3 resumed> => {parent_tid=[5697]}, 88) = 5697 [pid 5697] <... rseq resumed>) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] set_robust_list(0x7f2454d0d9a0, 24 [pid 5696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5697] <... set_robust_list resumed>) = 0 [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] <... futex resumed>) = 0 [pid 5697] memfd_create("syzkaller", 0 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5697] <... memfd_create resumed>) = 3 [pid 5697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5697] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5697] munmap(0x7f244c800000, 138412032) = 0 [pid 5697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5697] close(3) = 0 [pid 5697] close(4) = 0 [pid 5697] mkdir("./file2", 0777) = 0 [ 190.844724][ T5697] loop0: detected capacity change from 0 to 4096 [pid 5697] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5697] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5697] chdir("./file2") = 0 [pid 5697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5697] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] <... futex resumed>) = 0 [pid 5697] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... openat resumed>) = 4 [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5697] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5697] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... write resumed>) = 1036288 [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5697] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5696] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... mmap resumed>) = 0x20000000 [pid 5697] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5697] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] exit_group(0) = ? [pid 5697] <... futex resumed>) = ? [pid 5697] +++ exited with 0 +++ [pid 5696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5696, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./298", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 umount2("./298/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./298/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./298/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5698 attached , child_tidptr=0x55557f632690) = 5698 [pid 5698] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5698] chdir("./299") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] write(1, "executing program\n", 18executing program ) = 18 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5698] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5699 attached [pid 5699] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5698] <... clone3 resumed> => {parent_tid=[5699]}, 88) = 5699 [pid 5699] <... rseq resumed>) = 0 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], [pid 5699] set_robust_list(0x7f2454d0d9a0, 24 [pid 5698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5699] <... set_robust_list resumed>) = 0 [pid 5699] rt_sigprocmask(SIG_SETMASK, [], [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5698] <... futex resumed>) = 0 [pid 5699] memfd_create("syzkaller", 0 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5699] <... memfd_create resumed>) = 3 [pid 5699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5699] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5699] munmap(0x7f244c800000, 138412032) = 0 [pid 5699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5699] close(3) = 0 [pid 5699] close(4) = 0 [pid 5699] mkdir("./file2", 0777) = 0 [pid 5699] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 191.414669][ T5699] loop0: detected capacity change from 0 to 4096 [pid 5699] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5699] chdir("./file2") = 0 [pid 5699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... openat resumed>) = 4 [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5699] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... openat resumed>) = 5 [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... write resumed>) = 1036288 [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5698] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... mmap resumed>) = 0x20000000 [pid 5699] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] exit_group(0 [pid 5699] <... futex resumed>) = ? [pid 5698] <... exit_group resumed>) = ? [pid 5699] +++ exited with 0 +++ [pid 5698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5698, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 umount2("./299/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./299/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./299/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5700 attached , child_tidptr=0x55557f632690) = 5700 [pid 5700] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5700] chdir("./300") = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5700] setpgid(0, 0) = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5700] write(3, "1000", 4) = 4 [pid 5700] close(3) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5700] write(1, "executing program\n", 18executing program ) = 18 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5700] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5700] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5700] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5700] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5701 attached [pid 5701] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5700] <... clone3 resumed> => {parent_tid=[5701]}, 88) = 5701 [pid 5701] set_robust_list(0x7f2454d0d9a0, 24 [pid 5700] rt_sigprocmask(SIG_SETMASK, [], [pid 5701] <... set_robust_list resumed>) = 0 [pid 5700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5700] <... futex resumed>) = 0 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5701] memfd_create("syzkaller", 0) = 3 [pid 5701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5701] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5701] munmap(0x7f244c800000, 138412032) = 0 [pid 5701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5701] close(3) = 0 [pid 5701] close(4) = 0 [pid 5701] mkdir("./file2", 0777) = 0 [pid 5701] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5701] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 191.852927][ T5701] loop0: detected capacity change from 0 to 4096 [pid 5701] chdir("./file2") = 0 [pid 5701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5700] <... futex resumed>) = 0 [pid 5701] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5700] <... futex resumed>) = 0 [pid 5701] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... openat resumed>) = 4 [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... futex resumed>) = 0 [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = 0 [pid 5700] <... futex resumed>) = 1 [pid 5701] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5700] <... futex resumed>) = 0 [pid 5701] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... openat resumed>) = 5 [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5700] <... futex resumed>) = 0 [pid 5701] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5700] <... futex resumed>) = 0 [pid 5701] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... write resumed>) = 1036288 [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... futex resumed>) = 0 [pid 5700] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] <... futex resumed>) = 0 [pid 5700] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5701] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... futex resumed>) = 0 [pid 5700] exit_group(0 [pid 5701] <... futex resumed>) = ? [pid 5700] <... exit_group resumed>) = ? [pid 5701] +++ exited with 0 +++ [pid 5700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./300", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 umount2("./300/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./300/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./300/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5702 ./strace-static-x86_64: Process 5702 attached [pid 5702] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5702] chdir("./301") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5702] write(1, "executing program\n", 18) = 18 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5702] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5703 attached [pid 5703] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5702] <... clone3 resumed> => {parent_tid=[5703]}, 88) = 5703 [pid 5703] <... rseq resumed>) = 0 [pid 5703] set_robust_list(0x7f2454d0d9a0, 24 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5703] <... set_robust_list resumed>) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5703] memfd_create("syzkaller", 0) = 3 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5703] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5703] munmap(0x7f244c800000, 138412032) = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5703] close(3) = 0 [pid 5703] close(4) = 0 [pid 5703] mkdir("./file2", 0777) = 0 [pid 5703] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5703] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5703] chdir("./file2") = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 192.366342][ T5703] loop0: detected capacity change from 0 to 4096 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5703] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 4 [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5703] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 5 [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... write resumed>) = 1036288 [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5703] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5702] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... mmap resumed>) = 0x20000000 [pid 5703] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] exit_group(0) = ? [pid 5703] <... futex resumed>) = ? [pid 5703] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./301", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 umount2("./301/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./301/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./301/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5704 attached , child_tidptr=0x55557f632690) = 5704 [pid 5704] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5704] chdir("./302") = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] write(1, "executing program\n", 18executing program ) = 18 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5704] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5705 attached [pid 5705] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5704] <... clone3 resumed> => {parent_tid=[5705]}, 88) = 5705 [pid 5705] <... rseq resumed>) = 0 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] set_robust_list(0x7f2454d0d9a0, 24 [pid 5704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5705] <... set_robust_list resumed>) = 0 [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5705] memfd_create("syzkaller", 0) = 3 [pid 5705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5705] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5705] munmap(0x7f244c800000, 138412032) = 0 [pid 5705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5705] close(3) = 0 [pid 5705] close(4) = 0 [pid 5705] mkdir("./file2", 0777) = 0 [pid 5705] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5705] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5705] chdir("./file2") = 0 [pid 5705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 192.788772][ T5705] loop0: detected capacity change from 0 to 4096 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... openat resumed>) = 4 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... openat resumed>) = 5 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... write resumed>) = 1036288 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5705] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5704] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... mmap resumed>) = 0x20000000 [pid 5705] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] exit_group(0 [pid 5705] <... futex resumed>) = ? [pid 5704] <... exit_group resumed>) = ? [pid 5705] +++ exited with 0 +++ [pid 5704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5704, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./302", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 umount2("./302/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./302/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./302/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5706 attached [pid 5706] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5706] chdir("./303") = 0 [pid 5706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5706 [pid 5706] setpgid(0, 0) = 0 [pid 5706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5706] write(3, "1000", 4) = 4 [pid 5706] close(3) = 0 [pid 5706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5706] write(1, "executing program\n", 18executing program ) = 18 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5706] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5706] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5706] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5706] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5707 attached [pid 5707] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5706] <... clone3 resumed> => {parent_tid=[5707]}, 88) = 5707 [pid 5707] set_robust_list(0x7f2454d0d9a0, 24 [pid 5706] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] <... set_robust_list resumed>) = 0 [pid 5706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5706] <... futex resumed>) = 0 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5707] memfd_create("syzkaller", 0) = 3 [pid 5707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5707] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5707] munmap(0x7f244c800000, 138412032) = 0 [pid 5707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5707] close(3) = 0 [pid 5707] close(4) = 0 [pid 5707] mkdir("./file2", 0777) = 0 [pid 5707] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5707] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 193.200577][ T5707] loop0: detected capacity change from 0 to 4096 [pid 5707] chdir("./file2") = 0 [pid 5707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] <... futex resumed>) = 0 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5707] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... openat resumed>) = 4 [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] <... futex resumed>) = 0 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5707] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] <... futex resumed>) = 0 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5706] <... futex resumed>) = 0 [pid 5707] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... openat resumed>) = 5 [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] <... futex resumed>) = 0 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5706] <... futex resumed>) = 0 [pid 5707] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... write resumed>) = 1036288 [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... futex resumed>) = 0 [pid 5706] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5707] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5706] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... mmap resumed>) = 0x20000000 [pid 5707] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... futex resumed>) = 0 [pid 5706] exit_group(0 [pid 5707] <... futex resumed>) = ? [pid 5706] <... exit_group resumed>) = ? [pid 5707] +++ exited with 0 +++ [pid 5706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5706, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./303", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 umount2("./303/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./303/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./303/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5708] chdir("./304" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5708 [pid 5708] <... chdir resumed>) = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] write(1, "executing program\n", 18executing program ) = 18 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5708] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5708] <... clone3 resumed> => {parent_tid=[5709]}, 88) = 5709 [pid 5709] set_robust_list(0x7f2454d0d9a0, 24 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] <... set_robust_list resumed>) = 0 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] memfd_create("syzkaller", 0) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5709] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5709] munmap(0x7f244c800000, 138412032) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] close(4) = 0 [pid 5709] mkdir("./file2", 0777) = 0 [pid 5709] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5709] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./file2") = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.636473][ T5709] loop0: detected capacity change from 0 to 4096 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5709] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... write resumed>) = 1036288 [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5708] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... mmap resumed>) = 0x20000000 [pid 5709] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] exit_group(0 [pid 5709] <... futex resumed>) = ? [pid 5708] <... exit_group resumed>) = ? [pid 5709] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 umount2("./304/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./304/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./304/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5710 attached , child_tidptr=0x55557f632690) = 5710 [pid 5710] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5710] chdir("./305") = 0 [pid 5710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5710] setpgid(0, 0) = 0 [pid 5710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5710] write(3, "1000", 4) = 4 [pid 5710] close(3) = 0 [pid 5710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5710] write(1, "executing program\n", 18executing program ) = 18 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5710] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5710] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5710] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5711 attached [pid 5711] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5710] <... clone3 resumed> => {parent_tid=[5711]}, 88) = 5711 [pid 5711] set_robust_list(0x7f2454d0d9a0, 24 [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5711] <... set_robust_list resumed>) = 0 [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5711] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] <... futex resumed>) = 0 [pid 5711] memfd_create("syzkaller", 0 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5711] <... memfd_create resumed>) = 3 [pid 5711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5711] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5711] munmap(0x7f244c800000, 138412032) = 0 [pid 5711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5711] close(3) = 0 [pid 5711] close(4) = 0 [pid 5711] mkdir("./file2", 0777) = 0 [pid 5711] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5711] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 194.062232][ T5711] loop0: detected capacity change from 0 to 4096 [pid 5711] chdir("./file2") = 0 [pid 5711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5711] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] <... openat resumed>) = 4 [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] <... futex resumed>) = 0 [pid 5711] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5710] <... futex resumed>) = 0 [pid 5711] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = 1 [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5710] <... futex resumed>) = 0 [pid 5711] <... openat resumed>) = 5 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5711] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5710] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] <... mmap resumed>) = 0x20000000 [pid 5711] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] exit_group(0 [pid 5711] <... futex resumed>) = ? [pid 5710] <... exit_group resumed>) = ? [pid 5711] +++ exited with 0 +++ [pid 5710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5710, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./305", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/binderfs") = 0 umount2("./305/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./305/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./305/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5712 attached , child_tidptr=0x55557f632690) = 5712 [pid 5712] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5712] chdir("./306") = 0 [pid 5712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5712] setpgid(0, 0) = 0 [pid 5712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5712] write(3, "1000", 4) = 4 [pid 5712] close(3) = 0 [pid 5712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5712] write(1, "executing program\n", 18executing program ) = 18 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5712] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5712] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5713 attached [pid 5713] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5712] <... clone3 resumed> => {parent_tid=[5713]}, 88) = 5713 [pid 5713] <... rseq resumed>) = 0 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] set_robust_list(0x7f2454d0d9a0, 24 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... set_robust_list resumed>) = 0 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5712] <... futex resumed>) = 0 [pid 5713] memfd_create("syzkaller", 0 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5713] <... memfd_create resumed>) = 3 [pid 5713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5713] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5713] munmap(0x7f244c800000, 138412032) = 0 [pid 5713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5713] close(3) = 0 [pid 5713] close(4) = 0 [pid 5713] mkdir("./file2", 0777) = 0 [ 194.657341][ T5713] loop0: detected capacity change from 0 to 4096 [pid 5713] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5713] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5713] chdir("./file2") = 0 [pid 5713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... futex resumed>) = 1 [pid 5713] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... futex resumed>) = 1 [pid 5713] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] <... futex resumed>) = 1 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] <... futex resumed>) = 1 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5713] <... futex resumed>) = 1 [pid 5712] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... mmap resumed>) = 0x20000000 [pid 5713] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] <... futex resumed>) = 0 [pid 5712] exit_group(0 [pid 5713] <... futex resumed>) = ? [pid 5712] <... exit_group resumed>) = ? [pid 5713] +++ exited with 0 +++ [pid 5712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5712, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- umount2("./306", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/binderfs") = 0 umount2("./306/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./306/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./306/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5714 attached , child_tidptr=0x55557f632690) = 5714 [pid 5714] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5714] chdir("./307") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5714] write(1, "executing program\n", 18) = 18 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5714] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5715 attached [pid 5715] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5715] set_robust_list(0x7f2454d0d9a0, 24 [pid 5714] <... clone3 resumed> => {parent_tid=[5715]}, 88) = 5715 [pid 5715] <... set_robust_list resumed>) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5715] memfd_create("syzkaller", 0 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5715] <... memfd_create resumed>) = 3 [pid 5715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5715] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5715] munmap(0x7f244c800000, 138412032) = 0 [pid 5715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5715] close(3) = 0 [pid 5715] close(4) = 0 [pid 5715] mkdir("./file2", 0777) = 0 [pid 5715] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5715] chdir("./file2") = 0 [pid 5715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [ 195.204539][ T5715] loop0: detected capacity change from 0 to 4096 [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... openat resumed>) = 4 [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5715] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5714] <... futex resumed>) = 0 [pid 5715] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... openat resumed>) = 5 [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5715] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... write resumed>) = 1036288 [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... mmap resumed>) = 0x20000000 [pid 5715] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] exit_group(0) = ? [pid 5715] <... futex resumed>) = ? [pid 5715] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5714, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/binderfs") = 0 umount2("./307/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./307/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./307/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5716 attached , child_tidptr=0x55557f632690) = 5716 [pid 5716] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5716] chdir("./308") = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5716] setpgid(0, 0) = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5716] write(1, "executing program\n", 18) = 18 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5716] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5716] <... clone3 resumed> => {parent_tid=[5717]}, 88) = 5717 [pid 5717] set_robust_list(0x7f2454d0d9a0, 24 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5717] <... set_robust_list resumed>) = 0 [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5717] memfd_create("syzkaller", 0) = 3 [pid 5717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5717] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5717] munmap(0x7f244c800000, 138412032) = 0 [pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5717] close(3) = 0 [pid 5717] close(4) = 0 [pid 5717] mkdir("./file2", 0777) = 0 [pid 5717] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5717] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5717] chdir("./file2") = 0 [pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [ 195.598468][ T5717] loop0: detected capacity change from 0 to 4096 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... futex resumed>) = 0 [pid 5717] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5717] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = 0 [pid 5716] <... futex resumed>) = 1 [pid 5717] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... openat resumed>) = 5 [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5716] <... futex resumed>) = 0 [pid 5717] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... write resumed>) = 1036288 [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5716] <... futex resumed>) = 0 [pid 5717] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5716] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... mmap resumed>) = 0x20000000 [pid 5717] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] exit_group(0) = ? [pid 5717] <... futex resumed>) = ? [pid 5717] +++ exited with 0 +++ [pid 5716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5716, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./308", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/binderfs") = 0 umount2("./308/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./308/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./308/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5718 attached , child_tidptr=0x55557f632690) = 5718 [pid 5718] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5718] chdir("./309") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5718] write(1, "executing program\n", 18) = 18 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5718] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5719 attached [pid 5719] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5718] <... clone3 resumed> => {parent_tid=[5719]}, 88) = 5719 [pid 5719] <... rseq resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] set_robust_list(0x7f2454d0d9a0, 24 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] <... set_robust_list resumed>) = 0 [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5719] memfd_create("syzkaller", 0) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5719] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5719] munmap(0x7f244c800000, 138412032) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] close(4) = 0 [pid 5719] mkdir("./file2", 0777) = 0 [pid 5719] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5719] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 196.013474][ T5719] loop0: detected capacity change from 0 to 4096 [pid 5719] chdir("./file2") = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... openat resumed>) = 4 [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... openat resumed>) = 5 [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... write resumed>) = 1036288 [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5718] <... futex resumed>) = 1 [pid 5719] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5718] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... mmap resumed>) = 0x20000000 [pid 5719] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] <... futex resumed>) = 0 [pid 5718] exit_group(0 [pid 5719] <... futex resumed>) = ? [pid 5718] <... exit_group resumed>) = ? [pid 5719] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5718, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./309", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/binderfs") = 0 umount2("./309/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./309/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./309/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5720 attached , child_tidptr=0x55557f632690) = 5720 [pid 5720] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5720] chdir("./310") = 0 [pid 5720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5720] setpgid(0, 0) = 0 [pid 5720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5720] write(3, "1000", 4) = 4 [pid 5720] close(3) = 0 [pid 5720] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5720] write(1, "executing program\n", 18) = 18 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5720] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5721 attached [pid 5721] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5720] <... clone3 resumed> => {parent_tid=[5721]}, 88) = 5721 [pid 5720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... rseq resumed>) = 0 [pid 5721] set_robust_list(0x7f2454d0d9a0, 24 [pid 5720] <... futex resumed>) = 0 [pid 5721] <... set_robust_list resumed>) = 0 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5721] memfd_create("syzkaller", 0) = 3 [pid 5721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5721] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5721] munmap(0x7f244c800000, 138412032) = 0 [pid 5721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5721] close(3) = 0 [pid 5721] close(4) = 0 [pid 5721] mkdir("./file2", 0777) = 0 [pid 5721] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5721] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 196.494804][ T5721] loop0: detected capacity change from 0 to 4096 [pid 5721] chdir("./file2") = 0 [pid 5721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] <... futex resumed>) = 0 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5721] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] <... futex resumed>) = 0 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5721] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5720] <... futex resumed>) = 0 [pid 5721] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] <... openat resumed>) = 5 [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5721] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5720] <... futex resumed>) = 0 [pid 5721] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] <... write resumed>) = 1036288 [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5721] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5720] <... futex resumed>) = 0 [pid 5721] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5720] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] <... mmap resumed>) = 0x20000000 [pid 5721] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5721] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] exit_group(0 [pid 5721] <... futex resumed>) = ? [pid 5721] +++ exited with 0 +++ [pid 5720] <... exit_group resumed>) = ? [pid 5720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5720, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/binderfs") = 0 umount2("./310/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./310/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./310/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5722 attached , child_tidptr=0x55557f632690) = 5722 [pid 5722] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5722] chdir("./311") = 0 [pid 5722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5722] setpgid(0, 0) = 0 [pid 5722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5722] write(3, "1000", 4) = 4 [pid 5722] close(3) = 0 [pid 5722] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5722] write(1, "executing program\n", 18) = 18 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5722] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5723 attached [pid 5723] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5722] <... clone3 resumed> => {parent_tid=[5723]}, 88) = 5723 [pid 5723] <... rseq resumed>) = 0 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] set_robust_list(0x7f2454d0d9a0, 24 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] <... set_robust_list resumed>) = 0 [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] <... futex resumed>) = 0 [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5723] memfd_create("syzkaller", 0) = 3 [pid 5723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5723] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5723] munmap(0x7f244c800000, 138412032) = 0 [pid 5723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5723] close(3) = 0 [pid 5723] close(4) = 0 [pid 5723] mkdir("./file2", 0777) = 0 [pid 5723] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5723] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5723] chdir("./file2") = 0 [pid 5723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [ 197.024615][ T5723] loop0: detected capacity change from 0 to 4096 [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... openat resumed>) = 4 [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5722] <... futex resumed>) = 0 [pid 5723] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = 0 [pid 5723] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... write resumed>) = 1036288 [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = 0 [pid 5723] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5722] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... mmap resumed>) = 0x20000000 [pid 5723] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] exit_group(0 [pid 5723] <... futex resumed>) = ? [pid 5722] <... exit_group resumed>) = ? [pid 5723] +++ exited with 0 +++ [pid 5722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5722, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./311", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/binderfs") = 0 umount2("./311/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./311/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./311/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5724 ./strace-static-x86_64: Process 5724 attached [pid 5724] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5724] chdir("./312") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5724] write(1, "executing program\n", 18executing program ) = 18 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5724] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5724] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5725 attached [pid 5725] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5724] <... clone3 resumed> => {parent_tid=[5725]}, 88) = 5725 [pid 5725] <... rseq resumed>) = 0 [pid 5725] set_robust_list(0x7f2454d0d9a0, 24 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], [pid 5725] <... set_robust_list resumed>) = 0 [pid 5724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5725] rt_sigprocmask(SIG_SETMASK, [], [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5725] memfd_create("syzkaller", 0) = 3 [pid 5725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5725] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5725] munmap(0x7f244c800000, 138412032) = 0 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5725] close(3) = 0 [pid 5725] close(4) = 0 [pid 5725] mkdir("./file2", 0777) = 0 [pid 5725] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5725] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5725] chdir("./file2") = 0 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 197.435306][ T5725] loop0: detected capacity change from 0 to 4096 [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5724] <... futex resumed>) = 0 [pid 5725] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... openat resumed>) = 5 [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5725] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... write resumed>) = 1036288 [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5725] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5724] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... mmap resumed>) = 0x20000000 [pid 5725] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] exit_group(0) = ? [pid 5725] <... futex resumed>) = ? [pid 5725] +++ exited with 0 +++ [pid 5724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5724, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/binderfs") = 0 umount2("./312/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./312/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./312/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5726 attached , child_tidptr=0x55557f632690) = 5726 [pid 5726] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5726] chdir("./313") = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] write(1, "executing program\n", 18executing program ) = 18 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5726] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5727 attached => {parent_tid=[5727]}, 88) = 5727 [pid 5727] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5726] rt_sigprocmask(SIG_SETMASK, [], [pid 5727] <... rseq resumed>) = 0 [pid 5726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5727] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], [pid 5726] <... futex resumed>) = 0 [pid 5727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5727] memfd_create("syzkaller", 0) = 3 [pid 5727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5727] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5727] munmap(0x7f244c800000, 138412032) = 0 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5727] close(3) = 0 [pid 5727] close(4) = 0 [pid 5727] mkdir("./file2", 0777) = 0 [pid 5727] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5727] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5727] chdir("./file2") = 0 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5727] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5727] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5726] <... futex resumed>) = 0 [pid 5727] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5726] <... futex resumed>) = 1 [pid 5727] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] <... openat resumed>) = 5 [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 197.894815][ T5727] loop0: detected capacity change from 0 to 4096 [pid 5727] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5727] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] <... futex resumed>) = 0 [pid 5726] exit_group(0 [pid 5727] <... futex resumed>) = ? [pid 5726] <... exit_group resumed>) = ? [pid 5727] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./313", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/binderfs") = 0 umount2("./313/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./313/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./313/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5728 attached , child_tidptr=0x55557f632690) = 5728 [pid 5728] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5728] chdir("./314") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] write(1, "executing program\n", 18executing program ) = 18 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5728] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5729 attached [pid 5729] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5728] <... clone3 resumed> => {parent_tid=[5729]}, 88) = 5729 [pid 5729] set_robust_list(0x7f2454d0d9a0, 24 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5729] <... set_robust_list resumed>) = 0 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5728] <... futex resumed>) = 0 [pid 5729] memfd_create("syzkaller", 0 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5729] <... memfd_create resumed>) = 3 [pid 5729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5729] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5729] munmap(0x7f244c800000, 138412032) = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5729] close(3) = 0 [pid 5729] close(4) = 0 [pid 5729] mkdir("./file2", 0777) = 0 [pid 5729] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5729] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5729] chdir("./file2") = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [ 198.330532][ T5729] loop0: detected capacity change from 0 to 4096 [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5729] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... write resumed>) = 1036288 [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5728] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5729] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] exit_group(0 [pid 5729] <... futex resumed>) = ? [pid 5728] <... exit_group resumed>) = ? [pid 5729] +++ exited with 0 +++ [pid 5728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5728, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./314", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/binderfs") = 0 umount2("./314/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./314/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./314/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5730 attached , child_tidptr=0x55557f632690) = 5730 [pid 5730] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5730] chdir("./315") = 0 [pid 5730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5730] setpgid(0, 0) = 0 [pid 5730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5730] write(3, "1000", 4) = 4 [pid 5730] close(3) = 0 [pid 5730] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5730] write(1, "executing program\n", 18) = 18 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5730] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5731 attached [pid 5731] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5730] <... clone3 resumed> => {parent_tid=[5731]}, 88) = 5731 [pid 5731] set_robust_list(0x7f2454d0d9a0, 24 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], [pid 5731] <... set_robust_list resumed>) = 0 [pid 5730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5730] <... futex resumed>) = 0 [pid 5731] memfd_create("syzkaller", 0 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5731] <... memfd_create resumed>) = 3 [pid 5731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5731] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5731] munmap(0x7f244c800000, 138412032) = 0 [pid 5731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5731] close(3) = 0 [pid 5731] close(4) = 0 [pid 5731] mkdir("./file2", 0777) = 0 [pid 5731] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5731] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5731] chdir("./file2") = 0 [ 198.774955][ T5731] loop0: detected capacity change from 0 to 4096 [pid 5731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5731] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... openat resumed>) = 4 [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5730] <... futex resumed>) = 0 [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5731] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5731] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... openat resumed>) = 5 [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5731] <... futex resumed>) = 1 [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5730] <... futex resumed>) = 0 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... write resumed>) = 1036288 [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5731] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5730] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5730] <... futex resumed>) = 0 [pid 5731] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5730] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... mmap resumed>) = 0x20000000 [pid 5731] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5731] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5730] exit_group(0 [pid 5731] <... futex resumed>) = ? [pid 5731] +++ exited with 0 +++ [pid 5730] <... exit_group resumed>) = ? [pid 5730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5730, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/binderfs") = 0 umount2("./315/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./315/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./315/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5732 attached , child_tidptr=0x55557f632690) = 5732 [pid 5732] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5732] chdir("./316") = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5732] write(1, "executing program\n", 18) = 18 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5732] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5733 attached => {parent_tid=[5733]}, 88) = 5733 [pid 5733] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5733] <... rseq resumed>) = 0 [pid 5733] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] memfd_create("syzkaller", 0) = 3 [pid 5733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5733] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5733] munmap(0x7f244c800000, 138412032) = 0 [pid 5733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5733] close(3) = 0 [pid 5733] close(4) = 0 [pid 5733] mkdir("./file2", 0777) = 0 [pid 5733] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5733] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5733] chdir("./file2") = 0 [pid 5733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [ 199.254820][ T5733] loop0: detected capacity change from 0 to 4096 [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... openat resumed>) = 4 [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [pid 5733] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5733] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5732] <... futex resumed>) = 1 [pid 5733] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [pid 5733] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5732] <... futex resumed>) = 0 [pid 5733] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... openat resumed>) = 5 [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [pid 5733] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... write resumed>) = 1036288 [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5733] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5732] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... mmap resumed>) = 0x20000000 [pid 5733] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5732] exit_group(0) = ? [pid 5733] +++ exited with 0 +++ [pid 5732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5732, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/binderfs") = 0 umount2("./316/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./316/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./316/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5734 attached , child_tidptr=0x55557f632690) = 5734 [pid 5734] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5734] chdir("./317") = 0 [pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5734] setpgid(0, 0) = 0 [pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5734] write(3, "1000", 4) = 4 [pid 5734] close(3) = 0 [pid 5734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5734] write(1, "executing program\n", 18executing program ) = 18 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5734] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5735 attached [pid 5735] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5735] set_robust_list(0x7f2454d0d9a0, 24 [pid 5734] <... clone3 resumed> => {parent_tid=[5735]}, 88) = 5735 [pid 5735] <... set_robust_list resumed>) = 0 [pid 5734] rt_sigprocmask(SIG_SETMASK, [], [pid 5735] rt_sigprocmask(SIG_SETMASK, [], [pid 5734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] memfd_create("syzkaller", 0 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5735] <... memfd_create resumed>) = 3 [pid 5735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5735] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5735] munmap(0x7f244c800000, 138412032) = 0 [pid 5735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5735] close(3) = 0 [pid 5735] close(4) = 0 [pid 5735] mkdir("./file2", 0777) = 0 [pid 5735] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 199.749832][ T5735] loop0: detected capacity change from 0 to 4096 [pid 5735] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5735] chdir("./file2") = 0 [pid 5735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... openat resumed>) = 4 [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... openat resumed>) = 5 [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... write resumed>) = 1036288 [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5734] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... mmap resumed>) = 0x20000000 [pid 5735] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] exit_group(0) = ? [pid 5735] <... futex resumed>) = ? [pid 5735] +++ exited with 0 +++ [pid 5734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5734, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/binderfs") = 0 umount2("./317/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./317/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./317/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5736] chdir("./318") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5736 [pid 5736] <... setpgid resumed>) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] write(1, "executing program\n", 18executing program ) = 18 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5736] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5737 attached => {parent_tid=[5737]}, 88) = 5737 [pid 5737] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], [pid 5736] rt_sigprocmask(SIG_SETMASK, [], [pid 5737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5737] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5737] memfd_create("syzkaller", 0) = 3 [pid 5737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5737] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5737] munmap(0x7f244c800000, 138412032) = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5737] close(3) = 0 [pid 5737] close(4) = 0 [pid 5737] mkdir("./file2", 0777) = 0 [pid 5737] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5737] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5737] chdir("./file2") = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = 1 [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5736] <... futex resumed>) = 0 [ 200.188093][ T5737] loop0: detected capacity change from 0 to 4096 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... openat resumed>) = 4 [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5736] <... futex resumed>) = 0 [pid 5737] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5736] <... futex resumed>) = 0 [pid 5737] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... openat resumed>) = 5 [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... write resumed>) = 1036288 [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = 1 [pid 5736] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... mmap resumed>) = 0x20000000 [pid 5737] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] exit_group(0) = ? [pid 5737] <... futex resumed>) = ? [pid 5737] +++ exited with 0 +++ [pid 5736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/binderfs") = 0 umount2("./318/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./318/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./318/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5738 attached , child_tidptr=0x55557f632690) = 5738 [pid 5738] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5738] chdir("./319") = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5738] write(1, "executing program\n", 18) = 18 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5738] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5739 attached [pid 5739] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5738] <... clone3 resumed> => {parent_tid=[5739]}, 88) = 5739 [pid 5739] <... rseq resumed>) = 0 [pid 5739] set_robust_list(0x7f2454d0d9a0, 24 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], [pid 5739] <... set_robust_list resumed>) = 0 [pid 5738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] memfd_create("syzkaller", 0) = 3 [pid 5739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5739] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5739] munmap(0x7f244c800000, 138412032) = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5739] close(3) = 0 [pid 5739] close(4) = 0 [pid 5739] mkdir("./file2", 0777) = 0 [pid 5739] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5739] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5739] chdir("./file2") = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 200.591045][ T5739] loop0: detected capacity change from 0 to 4096 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... openat resumed>) = 4 [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5738] <... futex resumed>) = 0 [pid 5739] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... openat resumed>) = 5 [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... write resumed>) = 1036288 [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] <... futex resumed>) = 0 [pid 5739] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5738] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... mmap resumed>) = 0x20000000 [pid 5739] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] exit_group(0 [pid 5739] <... futex resumed>) = ? [pid 5738] <... exit_group resumed>) = ? [pid 5739] +++ exited with 0 +++ [pid 5738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5738, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/binderfs") = 0 umount2("./319/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./319/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./319/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5740 attached , child_tidptr=0x55557f632690) = 5740 [pid 5740] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5740] chdir("./320") = 0 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5740] setpgid(0, 0) = 0 [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5740] write(3, "1000", 4) = 4 [pid 5740] close(3) = 0 [pid 5740] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5740] write(1, "executing program\n", 18) = 18 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5740] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5740] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5741 attached [pid 5741] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5740] <... clone3 resumed> => {parent_tid=[5741]}, 88) = 5741 [pid 5741] <... rseq resumed>) = 0 [pid 5740] rt_sigprocmask(SIG_SETMASK, [], [pid 5741] set_robust_list(0x7f2454d0d9a0, 24 [pid 5740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5741] <... set_robust_list resumed>) = 0 [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5741] memfd_create("syzkaller", 0) = 3 [pid 5741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5741] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5741] munmap(0x7f244c800000, 138412032) = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5741] close(3) = 0 [pid 5741] close(4) = 0 [pid 5741] mkdir("./file2", 0777) = 0 [pid 5741] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5741] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5741] chdir("./file2") = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = 1 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 201.040551][ T5741] loop0: detected capacity change from 0 to 4096 [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... write resumed>) = 1036288 [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5741] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5740] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... mmap resumed>) = 0x20000000 [pid 5741] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] exit_group(0 [pid 5741] <... futex resumed>) = ? [pid 5741] +++ exited with 0 +++ [pid 5740] <... exit_group resumed>) = ? [pid 5740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5740, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./320", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/binderfs") = 0 umount2("./320/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./320/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./320/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5742 attached , child_tidptr=0x55557f632690) = 5742 [pid 5742] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5742] chdir("./321") = 0 [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5742] setpgid(0, 0) = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] write(1, "executing program\n", 18executing program ) = 18 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5742] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5743 attached [pid 5743] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5742] <... clone3 resumed> => {parent_tid=[5743]}, 88) = 5743 [pid 5743] <... rseq resumed>) = 0 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5743] set_robust_list(0x7f2454d0d9a0, 24 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5743] <... set_robust_list resumed>) = 0 [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] <... futex resumed>) = 0 [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5743] memfd_create("syzkaller", 0) = 3 [pid 5743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5743] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5743] munmap(0x7f244c800000, 138412032) = 0 [pid 5743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5743] close(3) = 0 [pid 5743] close(4) = 0 [pid 5743] mkdir("./file2", 0777) = 0 [pid 5743] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5743] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5743] chdir("./file2") = 0 [pid 5743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5742] <... futex resumed>) = 0 [pid 5743] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... openat resumed>) = 4 [ 201.455756][ T5743] loop0: detected capacity change from 0 to 4096 [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5742] <... futex resumed>) = 0 [pid 5743] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... openat resumed>) = 5 [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5742] <... futex resumed>) = 1 [pid 5743] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... write resumed>) = 1036288 [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5742] <... futex resumed>) = 0 [pid 5743] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5742] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... mmap resumed>) = 0x20000000 [pid 5743] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] exit_group(0 [pid 5743] <... futex resumed>) = ? [pid 5743] +++ exited with 0 +++ [pid 5742] <... exit_group resumed>) = ? [pid 5742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5742, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./321", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/binderfs") = 0 umount2("./321/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./321/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./321/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5744 attached , child_tidptr=0x55557f632690) = 5744 [pid 5744] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5744] chdir("./322") = 0 [pid 5744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5744] setpgid(0, 0) = 0 [pid 5744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5744] write(3, "1000", 4) = 4 [pid 5744] close(3) = 0 [pid 5744] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5744] write(1, "executing program\n", 18) = 18 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5744] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5744] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5745 attached [pid 5745] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5744] <... clone3 resumed> => {parent_tid=[5745]}, 88) = 5745 [pid 5745] <... rseq resumed>) = 0 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], [pid 5745] set_robust_list(0x7f2454d0d9a0, 24 [pid 5744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5745] <... set_robust_list resumed>) = 0 [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] <... futex resumed>) = 0 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5745] memfd_create("syzkaller", 0) = 3 [pid 5745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5745] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5745] munmap(0x7f244c800000, 138412032) = 0 [pid 5745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5745] close(3) = 0 [pid 5745] close(4) = 0 [pid 5745] mkdir("./file2", 0777) = 0 [ 201.941588][ T5745] loop0: detected capacity change from 0 to 4096 [pid 5745] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5745] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5745] chdir("./file2") = 0 [pid 5745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] <... futex resumed>) = 0 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5745] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5744] <... futex resumed>) = 0 [pid 5745] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... openat resumed>) = 5 [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5744] <... futex resumed>) = 0 [pid 5745] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... write resumed>) = 1036288 [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5745] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5744] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... mmap resumed>) = 0x20000000 [pid 5745] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... futex resumed>) = 0 [pid 5744] exit_group(0) = ? [pid 5745] <... futex resumed>) = ? [pid 5745] +++ exited with 0 +++ [pid 5744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5744, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./322/binderfs") = 0 umount2("./322/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./322/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./322/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5746 attached , child_tidptr=0x55557f632690) = 5746 [pid 5746] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5746] chdir("./323") = 0 [pid 5746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5746] setpgid(0, 0) = 0 [pid 5746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5746] write(3, "1000", 4) = 4 [pid 5746] close(3) = 0 [pid 5746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5746] write(1, "executing program\n", 18executing program ) = 18 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5746] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5747 attached [pid 5747] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5746] <... clone3 resumed> => {parent_tid=[5747]}, 88) = 5747 [pid 5747] <... rseq resumed>) = 0 [pid 5746] rt_sigprocmask(SIG_SETMASK, [], [pid 5747] set_robust_list(0x7f2454d0d9a0, 24 [pid 5746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5747] <... set_robust_list resumed>) = 0 [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5747] memfd_create("syzkaller", 0) = 3 [pid 5747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5747] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5747] munmap(0x7f244c800000, 138412032) = 0 [pid 5747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5747] close(3) = 0 [pid 5747] close(4) = 0 [pid 5747] mkdir("./file2", 0777) = 0 [pid 5747] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5747] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5747] chdir("./file2") = 0 [pid 5747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 202.471144][ T5747] loop0: detected capacity change from 0 to 4096 [pid 5747] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5747] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... futex resumed>) = 0 [pid 5747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5746] <... futex resumed>) = 0 [pid 5747] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5747] <... futex resumed>) = 1 [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... openat resumed>) = 5 [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5747] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] <... futex resumed>) = 0 [pid 5747] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... write resumed>) = 1036288 [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5747] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5747] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5747] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] exit_group(0 [pid 5747] <... futex resumed>) = ? [pid 5746] <... exit_group resumed>) = ? [pid 5747] +++ exited with 0 +++ [pid 5746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5746, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./323/binderfs") = 0 umount2("./323/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./323/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./323/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5748 attached , child_tidptr=0x55557f632690) = 5748 [pid 5748] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5748] chdir("./324") = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5748] write(1, "executing program\n", 18) = 18 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5748] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0} => {parent_tid=[5749]}, 88) = 5749 ./strace-static-x86_64: Process 5749 attached [pid 5748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5749] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5749] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] memfd_create("syzkaller", 0) = 3 [pid 5749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5749] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5749] munmap(0x7f244c800000, 138412032) = 0 [pid 5749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5749] close(3) = 0 [pid 5749] close(4) = 0 [pid 5749] mkdir("./file2", 0777) = 0 [pid 5749] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5749] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5749] chdir("./file2") = 0 [pid 5749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5749] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5749] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5749] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 202.895034][ T5749] loop0: detected capacity change from 0 to 4096 [pid 5749] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = 1 [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... write resumed>) = 1036288 [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5748] <... futex resumed>) = 1 [pid 5749] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5748] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... mmap resumed>) = 0x20000000 [pid 5749] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... futex resumed>) = 0 [pid 5748] exit_group(0 [pid 5749] <... futex resumed>) = ? [pid 5748] <... exit_group resumed>) = ? [pid 5749] +++ exited with 0 +++ [pid 5748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5748, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./324", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./324/binderfs") = 0 umount2("./324/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./324/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./324/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached , child_tidptr=0x55557f632690) = 5750 [pid 5750] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5750] chdir("./325") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5750] write(1, "executing program\n", 18) = 18 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5750] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5751 attached [pid 5751] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5750] <... clone3 resumed> => {parent_tid=[5751]}, 88) = 5751 [pid 5751] <... rseq resumed>) = 0 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5751] set_robust_list(0x7f2454d0d9a0, 24 [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5751] <... set_robust_list resumed>) = 0 [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], [pid 5750] <... futex resumed>) = 0 [pid 5751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5751] memfd_create("syzkaller", 0) = 3 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5751] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5751] munmap(0x7f244c800000, 138412032) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5751] close(3) = 0 [pid 5751] close(4) = 0 [pid 5751] mkdir("./file2", 0777) = 0 [pid 5751] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5751] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5751] chdir("./file2") = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5750] <... futex resumed>) = 0 [ 203.349563][ T5751] loop0: detected capacity change from 0 to 4096 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... openat resumed>) = 4 [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5751] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5750] <... futex resumed>) = 1 [pid 5751] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... openat resumed>) = 5 [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] <... futex resumed>) = 0 [pid 5751] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... write resumed>) = 1036288 [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5751] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5750] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... mmap resumed>) = 0x20000000 [pid 5751] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] exit_group(0 [pid 5751] <... futex resumed>) = ? [pid 5750] <... exit_group resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./325", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./325/binderfs") = 0 umount2("./325/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./325/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./325/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5752 attached , child_tidptr=0x55557f632690) = 5752 [pid 5752] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5752] chdir("./326") = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5752] setpgid(0, 0) = 0 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5752] write(3, "1000", 4) = 4 [pid 5752] close(3) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5752] write(1, "executing program\n", 18) = 18 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5752] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5753 attached [pid 5753] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5752] <... clone3 resumed> => {parent_tid=[5753]}, 88) = 5753 [pid 5753] set_robust_list(0x7f2454d0d9a0, 24 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], [pid 5753] <... set_robust_list resumed>) = 0 [pid 5753] rt_sigprocmask(SIG_SETMASK, [], [pid 5752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5753] memfd_create("syzkaller", 0) = 3 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5753] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5753] munmap(0x7f244c800000, 138412032) = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5753] close(3) = 0 [pid 5753] close(4) = 0 [pid 5753] mkdir("./file2", 0777) = 0 [pid 5753] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5753] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5753] chdir("./file2") = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 203.812885][ T5753] loop0: detected capacity change from 0 to 4096 [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = 0 [pid 5752] <... futex resumed>) = 1 [pid 5753] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... openat resumed>) = 4 [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5753] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5752] <... futex resumed>) = 0 [pid 5753] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... openat resumed>) = 5 [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... write resumed>) = 1036288 [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... mmap resumed>) = 0x20000000 [pid 5753] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] exit_group(0 [pid 5753] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5752] <... exit_group resumed>) = ? [pid 5753] +++ exited with 0 +++ [pid 5752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5752, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./326", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./326/binderfs") = 0 umount2("./326/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./326/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./326/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5754 attached [pid 5754] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5754 [pid 5754] chdir("./327") = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0) = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5754] write(1, "executing program\n", 18) = 18 executing program [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5754] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5755 attached [pid 5755] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5754] <... clone3 resumed> => {parent_tid=[5755]}, 88) = 5755 [pid 5755] <... rseq resumed>) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5755] set_robust_list(0x7f2454d0d9a0, 24 [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5755] <... set_robust_list resumed>) = 0 [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5755] memfd_create("syzkaller", 0) = 3 [pid 5755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5755] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5755] munmap(0x7f244c800000, 138412032) = 0 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5755] close(3) = 0 [pid 5755] close(4) = 0 [pid 5755] mkdir("./file2", 0777) = 0 [pid 5755] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5755] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5755] chdir("./file2") = 0 [ 204.262724][ T5755] loop0: detected capacity change from 0 to 4096 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5755] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... openat resumed>) = 4 [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... openat resumed>) = 5 [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... write resumed>) = 1036288 [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5754] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... mmap resumed>) = 0x20000000 [pid 5755] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] exit_group(0 [pid 5755] <... futex resumed>) = ? [pid 5755] +++ exited with 0 +++ [pid 5754] <... exit_group resumed>) = ? [pid 5754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5754, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./327/binderfs") = 0 umount2("./327/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./327/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./327/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5756 ./strace-static-x86_64: Process 5756 attached [pid 5756] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5756] chdir("./328") = 0 [pid 5756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5756] setpgid(0, 0) = 0 [pid 5756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5756] write(3, "1000", 4) = 4 [pid 5756] close(3) = 0 [pid 5756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5756] write(1, "executing program\n", 18executing program ) = 18 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5756] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5756] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5756] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5757 attached [pid 5757] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5756] <... clone3 resumed> => {parent_tid=[5757]}, 88) = 5757 [pid 5757] <... rseq resumed>) = 0 [pid 5757] set_robust_list(0x7f2454d0d9a0, 24 [pid 5756] rt_sigprocmask(SIG_SETMASK, [], [pid 5757] <... set_robust_list resumed>) = 0 [pid 5756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5757] rt_sigprocmask(SIG_SETMASK, [], [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5757] memfd_create("syzkaller", 0) = 3 [pid 5757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5757] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5757] munmap(0x7f244c800000, 138412032) = 0 [pid 5757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5757] close(3) = 0 [pid 5757] close(4) = 0 [pid 5757] mkdir("./file2", 0777) = 0 [pid 5757] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5757] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5757] chdir("./file2") = 0 [pid 5757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 204.724940][ T5757] loop0: detected capacity change from 0 to 4096 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... openat resumed>) = 4 [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5756] <... futex resumed>) = 0 [pid 5757] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] <... futex resumed>) = 0 [pid 5757] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... openat resumed>) = 5 [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... write resumed>) = 1036288 [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 0 [pid 5757] <... futex resumed>) = 1 [pid 5756] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... mmap resumed>) = 0x20000000 [pid 5757] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] exit_group(0 [pid 5757] <... futex resumed>) = ? [pid 5756] <... exit_group resumed>) = ? [pid 5757] +++ exited with 0 +++ [pid 5756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5756, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./328", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./328/binderfs") = 0 umount2("./328/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./328/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./328/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5758 attached , child_tidptr=0x55557f632690) = 5758 [pid 5758] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5758] chdir("./329") = 0 [pid 5758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5758] setpgid(0, 0) = 0 [pid 5758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5758] write(3, "1000", 4) = 4 [pid 5758] close(3) = 0 [pid 5758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5758] write(1, "executing program\n", 18executing program ) = 18 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5758] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5759 attached [pid 5759] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5758] <... clone3 resumed> => {parent_tid=[5759]}, 88) = 5759 [pid 5759] set_robust_list(0x7f2454d0d9a0, 24 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], [pid 5759] <... set_robust_list resumed>) = 0 [pid 5758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5759] rt_sigprocmask(SIG_SETMASK, [], [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5758] <... futex resumed>) = 0 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5759] memfd_create("syzkaller", 0) = 3 [pid 5759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5759] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5759] munmap(0x7f244c800000, 138412032) = 0 [pid 5759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5759] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5759] close(3) = 0 [pid 5759] close(4) = 0 [pid 5759] mkdir("./file2", 0777) = 0 [pid 5759] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5759] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5759] chdir("./file2") = 0 [ 205.149738][ T5759] loop0: detected capacity change from 0 to 4096 [pid 5759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] <... futex resumed>) = 0 [pid 5759] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... openat resumed>) = 4 [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] <... futex resumed>) = 0 [pid 5759] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] <... futex resumed>) = 0 [pid 5759] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] <... futex resumed>) = 0 [pid 5759] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... openat resumed>) = 5 [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = 0 [pid 5759] <... futex resumed>) = 1 [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5758] <... futex resumed>) = 0 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... write resumed>) = 1036288 [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] <... futex resumed>) = 0 [pid 5759] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] <... futex resumed>) = 0 [pid 5759] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5758] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] <... mmap resumed>) = 0x20000000 [pid 5759] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] <... futex resumed>) = 0 [pid 5759] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] exit_group(0) = ? [pid 5759] <... futex resumed>) = ? [pid 5759] +++ exited with 0 +++ [pid 5758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5758, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./329", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./329/binderfs") = 0 umount2("./329/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./329/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./329/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5760 ./strace-static-x86_64: Process 5760 attached [pid 5760] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5760] chdir("./330") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] write(1, "executing program\n", 18executing program ) = 18 [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5760] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5761 attached [pid 5761] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5760] <... clone3 resumed> => {parent_tid=[5761]}, 88) = 5761 [pid 5761] <... rseq resumed>) = 0 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] set_robust_list(0x7f2454d0d9a0, 24 [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] <... set_robust_list resumed>) = 0 [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] <... futex resumed>) = 0 [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5761] memfd_create("syzkaller", 0) = 3 [pid 5761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5761] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5761] munmap(0x7f244c800000, 138412032) = 0 [pid 5761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5761] close(3) = 0 [pid 5761] close(4) = 0 [pid 5761] mkdir("./file2", 0777) = 0 [pid 5761] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5761] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5761] chdir("./file2") = 0 [pid 5761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5761] <... futex resumed>) = 1 [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5760] <... futex resumed>) = 1 [pid 5761] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5761] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5760] <... futex resumed>) = 1 [pid 5761] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 205.595005][ T5761] loop0: detected capacity change from 0 to 4096 [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... write resumed>) = 1036288 [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5760] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... mmap resumed>) = 0x20000000 [pid 5761] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] exit_group(0 [pid 5761] <... futex resumed>) = ? [pid 5760] <... exit_group resumed>) = ? [pid 5761] +++ exited with 0 +++ [pid 5760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5760, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./330", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./330/binderfs") = 0 umount2("./330/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./330/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./330/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5762 attached , child_tidptr=0x55557f632690) = 5762 [pid 5762] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5762] chdir("./331") = 0 [pid 5762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5762] setpgid(0, 0) = 0 [pid 5762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5762] write(3, "1000", 4) = 4 [pid 5762] close(3) = 0 [pid 5762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5762] write(1, "executing program\n", 18executing program ) = 18 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5762] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5762] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5763 attached => {parent_tid=[5763]}, 88) = 5763 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5763] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] memfd_create("syzkaller", 0) = 3 [pid 5763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5763] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5763] munmap(0x7f244c800000, 138412032) = 0 [pid 5763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5763] close(3) = 0 [pid 5763] close(4) = 0 [pid 5763] mkdir("./file2", 0777) = 0 [pid 5763] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5763] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5763] chdir("./file2") = 0 [ 206.016004][ T5763] loop0: detected capacity change from 0 to 4096 [pid 5763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] <... futex resumed>) = 0 [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5763] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... openat resumed>) = 4 [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5763] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5762] <... futex resumed>) = 0 [pid 5763] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... openat resumed>) = 5 [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... write resumed>) = 1036288 [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5762] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... mmap resumed>) = 0x20000000 [pid 5763] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] exit_group(0 [pid 5763] <... futex resumed>) = ? [pid 5763] +++ exited with 0 +++ [pid 5762] <... exit_group resumed>) = ? [pid 5762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5762, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./331/binderfs") = 0 umount2("./331/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./331/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./331/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5764 attached , child_tidptr=0x55557f632690) = 5764 [pid 5764] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5764] chdir("./332") = 0 [pid 5764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5764] setpgid(0, 0) = 0 [pid 5764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5764] write(3, "1000", 4) = 4 [pid 5764] close(3) = 0 [pid 5764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5764] write(1, "executing program\n", 18executing program ) = 18 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5764] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5764] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5765 attached => {parent_tid=[5765]}, 88) = 5765 [pid 5764] rt_sigprocmask(SIG_SETMASK, [], [pid 5765] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] set_robust_list(0x7f2454d0d9a0, 24 [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... set_robust_list resumed>) = 0 [pid 5764] <... futex resumed>) = 0 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] memfd_create("syzkaller", 0) = 3 [pid 5765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5765] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5765] munmap(0x7f244c800000, 138412032) = 0 [pid 5765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5765] close(3) = 0 [pid 5765] close(4) = 0 [pid 5765] mkdir("./file2", 0777) = 0 [ 206.477086][ T5765] loop0: detected capacity change from 0 to 4096 [pid 5765] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5765] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5765] chdir("./file2") = 0 [pid 5765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... openat resumed>) = 4 [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5764] <... futex resumed>) = 0 [pid 5765] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... openat resumed>) = 5 [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... write resumed>) = 1036288 [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5764] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... mmap resumed>) = 0x20000000 [pid 5765] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] <... futex resumed>) = 0 [pid 5764] exit_group(0 [pid 5765] <... futex resumed>) = ? [pid 5764] <... exit_group resumed>) = ? [pid 5765] +++ exited with 0 +++ [pid 5764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5764, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./332", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./332/binderfs") = 0 umount2("./332/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./332/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./332/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5766 ./strace-static-x86_64: Process 5766 attached [pid 5766] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5766] chdir("./333") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5766] write(1, "executing program\n", 18executing program ) = 18 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5766] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5767 attached [pid 5767] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5766] <... clone3 resumed> => {parent_tid=[5767]}, 88) = 5767 [pid 5767] <... rseq resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5767] set_robust_list(0x7f2454d0d9a0, 24 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5767] memfd_create("syzkaller", 0) = 3 [pid 5767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5767] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5767] munmap(0x7f244c800000, 138412032) = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5767] close(3) = 0 [pid 5767] close(4) = 0 [pid 5767] mkdir("./file2", 0777) = 0 [pid 5767] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5767] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5767] chdir("./file2") = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 206.968935][ T5767] loop0: detected capacity change from 0 to 4096 [pid 5767] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 4 [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5767] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 5 [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... write resumed>) = 1036288 [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = 1 [pid 5766] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... mmap resumed>) = 0x20000000 [pid 5767] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = 0 [pid 5766] exit_group(0 [pid 5767] <... futex resumed>) = ? [pid 5766] <... exit_group resumed>) = ? [pid 5767] +++ exited with 0 +++ [pid 5766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5766, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./333", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./333/binderfs") = 0 umount2("./333/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./333/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./333/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5768 attached , child_tidptr=0x55557f632690) = 5768 [pid 5768] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5768] chdir("./334") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5768] write(1, "executing program\n", 18) = 18 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5768] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5769 attached [pid 5769] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5769] set_robust_list(0x7f2454d0d9a0, 24 [pid 5768] <... clone3 resumed> => {parent_tid=[5769]}, 88) = 5769 [pid 5769] <... set_robust_list resumed>) = 0 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] memfd_create("syzkaller", 0 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5769] <... memfd_create resumed>) = 3 [pid 5769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5769] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5769] munmap(0x7f244c800000, 138412032) = 0 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5769] close(3) = 0 [pid 5769] close(4) = 0 [pid 5769] mkdir("./file2", 0777) = 0 [pid 5769] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5769] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5769] chdir("./file2") = 0 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... futex resumed>) = 1 [pid 5769] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... futex resumed>) = 0 [pid 5769] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = 0 [ 207.435896][ T5769] loop0: detected capacity change from 0 to 4096 [pid 5769] <... futex resumed>) = 1 [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... openat resumed>) = 5 [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... write resumed>) = 1036288 [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... futex resumed>) = 0 [pid 5769] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5768] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... mmap resumed>) = 0x20000000 [pid 5769] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5768] exit_group(0) = ? [pid 5769] +++ exited with 0 +++ [pid 5768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./334/binderfs") = 0 umount2("./334/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./334/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./334/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5770 attached , child_tidptr=0x55557f632690) = 5770 [pid 5770] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5770] chdir("./335") = 0 [pid 5770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5770] setpgid(0, 0) = 0 [pid 5770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5770] write(3, "1000", 4) = 4 [pid 5770] close(3) = 0 [pid 5770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5770] write(1, "executing program\n", 18executing program ) = 18 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5770] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5770] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5771 attached [pid 5771] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5771] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5770] <... clone3 resumed> => {parent_tid=[5771]}, 88) = 5771 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5771] memfd_create("syzkaller", 0) = 3 [pid 5771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5771] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5771] munmap(0x7f244c800000, 138412032) = 0 [pid 5771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5771] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5771] close(3) = 0 [pid 5771] close(4) = 0 [pid 5771] mkdir("./file2", 0777) = 0 [pid 5771] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5771] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 207.858180][ T5771] loop0: detected capacity change from 0 to 4096 [pid 5771] chdir("./file2") = 0 [pid 5771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5771] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... openat resumed>) = 4 [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5771] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... openat resumed>) = 5 [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] <... futex resumed>) = 0 [pid 5771] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... write resumed>) = 1036288 [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] <... mmap resumed>) = 0x20000000 [pid 5771] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5771] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] exit_group(0 [pid 5771] <... futex resumed>) = ? [pid 5770] <... exit_group resumed>) = ? [pid 5771] +++ exited with 0 +++ [pid 5770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5770, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./335", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./335/binderfs") = 0 umount2("./335/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./335/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./335/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5772 attached , child_tidptr=0x55557f632690) = 5772 [pid 5772] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5772] chdir("./336") = 0 [pid 5772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5772] setpgid(0, 0) = 0 [pid 5772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5772] write(3, "1000", 4) = 4 [pid 5772] close(3) = 0 [pid 5772] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5772] write(1, "executing program\n", 18) = 18 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5772] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5773 attached [pid 5773] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5772] <... clone3 resumed> => {parent_tid=[5773]}, 88) = 5773 [pid 5773] <... rseq resumed>) = 0 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] set_robust_list(0x7f2454d0d9a0, 24 [pid 5772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] <... set_robust_list resumed>) = 0 [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5773] memfd_create("syzkaller", 0) = 3 [pid 5773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5773] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5773] munmap(0x7f244c800000, 138412032) = 0 [pid 5773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5773] close(3) = 0 [pid 5773] close(4) = 0 [pid 5773] mkdir("./file2", 0777) = 0 [pid 5773] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5773] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5773] chdir("./file2") = 0 [pid 5773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [ 208.271430][ T5773] loop0: detected capacity change from 0 to 4096 [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... openat resumed>) = 4 [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5773] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5772] <... futex resumed>) = 0 [pid 5773] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... openat resumed>) = 5 [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5773] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... write resumed>) = 1036288 [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5773] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5772] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... mmap resumed>) = 0x20000000 [pid 5773] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5773] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] exit_group(0 [pid 5773] <... futex resumed>) = ? [pid 5773] +++ exited with 0 +++ [pid 5772] <... exit_group resumed>) = ? [pid 5772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5772, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./336/binderfs") = 0 umount2("./336/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./336/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./336/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached , child_tidptr=0x55557f632690) = 5774 [pid 5774] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5774] chdir("./337") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] write(1, "executing program\n", 18executing program ) = 18 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5774] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5775 attached [pid 5775] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5774] <... clone3 resumed> => {parent_tid=[5775]}, 88) = 5775 [pid 5775] <... rseq resumed>) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] set_robust_list(0x7f2454d0d9a0, 24 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5775] <... set_robust_list resumed>) = 0 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] memfd_create("syzkaller", 0) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5775] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5775] munmap(0x7f244c800000, 138412032) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] close(4) = 0 [pid 5775] mkdir("./file2", 0777) = 0 [pid 5775] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5775] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 208.739463][ T5775] loop0: detected capacity change from 0 to 4096 [pid 5775] chdir("./file2") = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5774] <... futex resumed>) = 0 [pid 5775] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... openat resumed>) = 5 [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... write resumed>) = 1036288 [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5774] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... mmap resumed>) = 0x20000000 [pid 5775] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] exit_group(0) = ? [pid 5775] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./337", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./337/binderfs") = 0 umount2("./337/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./337/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./337/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5776 attached , child_tidptr=0x55557f632690) = 5776 [pid 5776] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5776] chdir("./338") = 0 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5776] setpgid(0, 0) = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5776] write(3, "1000", 4) = 4 [pid 5776] close(3) = 0 [pid 5776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5776] write(1, "executing program\n", 18executing program ) = 18 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5776] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5776] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5776] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5777 attached [pid 5777] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5776] <... clone3 resumed> => {parent_tid=[5777]}, 88) = 5777 [pid 5777] set_robust_list(0x7f2454d0d9a0, 24 [pid 5776] rt_sigprocmask(SIG_SETMASK, [], [pid 5777] <... set_robust_list resumed>) = 0 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], [pid 5776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] memfd_create("syzkaller", 0 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5777] <... memfd_create resumed>) = 3 [pid 5777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5777] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5777] munmap(0x7f244c800000, 138412032) = 0 [pid 5777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5777] close(3) = 0 [pid 5777] close(4) = 0 [pid 5777] mkdir("./file2", 0777) = 0 [pid 5777] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5777] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5777] chdir("./file2") = 0 [pid 5777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [ 209.192188][ T5777] loop0: detected capacity change from 0 to 4096 [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... openat resumed>) = 4 [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5777] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5777] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5777] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... openat resumed>) = 5 [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5777] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = 0 [pid 5777] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] <... futex resumed>) = 1 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... write resumed>) = 1036288 [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5777] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] <... futex resumed>) = 0 [pid 5777] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5776] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... mmap resumed>) = 0x20000000 [pid 5777] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5777] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] exit_group(0 [pid 5777] <... futex resumed>) = ? [pid 5776] <... exit_group resumed>) = ? [pid 5777] +++ exited with 0 +++ [pid 5776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5776, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./338/binderfs") = 0 umount2("./338/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./338/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./338/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5778 attached , child_tidptr=0x55557f632690) = 5778 [pid 5778] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5778] chdir("./339") = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4) = 4 [pid 5778] close(3) = 0 [pid 5778] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5778] write(1, "executing program\n", 18) = 18 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5778] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5779 attached [pid 5779] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5779] set_robust_list(0x7f2454d0d9a0, 24 [pid 5778] <... clone3 resumed> => {parent_tid=[5779]}, 88) = 5779 [pid 5779] <... set_robust_list resumed>) = 0 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], [pid 5778] <... futex resumed>) = 0 [pid 5779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5779] memfd_create("syzkaller", 0) = 3 [pid 5779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5779] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5779] munmap(0x7f244c800000, 138412032) = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5779] close(3) = 0 [pid 5779] close(4) = 0 [pid 5779] mkdir("./file2", 0777) = 0 [pid 5779] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5779] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5779] chdir("./file2") = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... openat resumed>) = 4 [ 209.586824][ T5779] loop0: detected capacity change from 0 to 4096 [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] <... futex resumed>) = 0 [pid 5779] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5778] <... futex resumed>) = 0 [pid 5779] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] <... futex resumed>) = 0 [pid 5779] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... openat resumed>) = 5 [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5779] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] <... futex resumed>) = 0 [pid 5779] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = 0 [pid 5778] <... futex resumed>) = 1 [pid 5779] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5778] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... mmap resumed>) = 0x20000000 [pid 5779] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] <... futex resumed>) = 0 [pid 5778] exit_group(0 [pid 5779] <... futex resumed>) = ? [pid 5778] <... exit_group resumed>) = ? [pid 5779] +++ exited with 0 +++ [pid 5778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5778, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./339", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./339/binderfs") = 0 umount2("./339/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./339/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./339/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5780 attached , child_tidptr=0x55557f632690) = 5780 [pid 5780] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5780] chdir("./340") = 0 [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5780] setpgid(0, 0) = 0 [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5780] write(3, "1000", 4) = 4 [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] write(1, "executing program\n", 18executing program ) = 18 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5780] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5780] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5781 attached => {parent_tid=[5781]}, 88) = 5781 [pid 5781] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5781] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5780] rt_sigprocmask(SIG_SETMASK, [], [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5781] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] memfd_create("syzkaller", 0) = 3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5781] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5781] munmap(0x7f244c800000, 138412032) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5781] close(3) = 0 [pid 5781] close(4) = 0 [pid 5781] mkdir("./file2", 0777) = 0 [pid 5781] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 210.026068][ T5781] loop0: detected capacity change from 0 to 4096 [pid 5781] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./file2") = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... openat resumed>) = 4 [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... openat resumed>) = 5 [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... write resumed>) = 1036288 [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5780] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... mmap resumed>) = 0x20000000 [pid 5781] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5780] exit_group(0) = ? [pid 5781] +++ exited with 0 +++ [pid 5780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5780, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./340", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./340/binderfs") = 0 umount2("./340/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./340/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./340/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5782 attached , child_tidptr=0x55557f632690) = 5782 [pid 5782] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5782] chdir("./341") = 0 [pid 5782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5782] setpgid(0, 0) = 0 [pid 5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1000", 4) = 4 [pid 5782] close(3) = 0 [pid 5782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5782] write(1, "executing program\n", 18executing program ) = 18 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5782] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5782] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5782] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5783 attached => {parent_tid=[5783]}, 88) = 5783 [pid 5783] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5783] set_robust_list(0x7f2454d0d9a0, 24 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] <... set_robust_list resumed>) = 0 [pid 5782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5783] memfd_create("syzkaller", 0) = 3 [pid 5783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5783] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5783] munmap(0x7f244c800000, 138412032) = 0 [pid 5783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5783] close(3) = 0 [pid 5783] close(4) = 0 [pid 5783] mkdir("./file2", 0777) = 0 [pid 5783] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5783] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5783] chdir("./file2") = 0 [pid 5783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5782] <... futex resumed>) = 0 [ 210.454590][ T5783] loop0: detected capacity change from 0 to 4096 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... openat resumed>) = 4 [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5783] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5783] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5783] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5783] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... openat resumed>) = 5 [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... futex resumed>) = 0 [pid 5783] <... futex resumed>) = 1 [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... write resumed>) = 1036288 [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5783] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5782] <... futex resumed>) = 0 [pid 5783] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5782] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... mmap resumed>) = 0x20000000 [pid 5783] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5783] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] exit_group(0 [pid 5783] <... futex resumed>) = ? [pid 5783] +++ exited with 0 +++ [pid 5782] <... exit_group resumed>) = ? [pid 5782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5782, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./341/binderfs") = 0 umount2("./341/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./341/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./341/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5784 attached , child_tidptr=0x55557f632690) = 5784 [pid 5784] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5784] chdir("./342") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] write(1, "executing program\n", 18executing program ) = 18 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5784] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5785 attached [pid 5785] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5784] <... clone3 resumed> => {parent_tid=[5785]}, 88) = 5785 [pid 5785] <... rseq resumed>) = 0 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] set_robust_list(0x7f2454d0d9a0, 24 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] <... futex resumed>) = 0 [pid 5785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5785] memfd_create("syzkaller", 0) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5785] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5785] munmap(0x7f244c800000, 138412032) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] close(4) = 0 [pid 5785] mkdir("./file2", 0777) = 0 [ 210.933738][ T5785] loop0: detected capacity change from 0 to 4096 [pid 5785] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5785] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./file2") = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... openat resumed>) = 4 [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5785] <... futex resumed>) = 1 [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5784] <... futex resumed>) = 0 [pid 5785] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5785] <... futex resumed>) = 0 [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... openat resumed>) = 5 [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] <... futex resumed>) = 0 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 1 [pid 5785] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5784] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mmap resumed>) = 0x20000000 [pid 5785] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] exit_group(0 [pid 5785] <... futex resumed>) = ? [pid 5785] +++ exited with 0 +++ [pid 5784] <... exit_group resumed>) = ? [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./342", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./342/binderfs") = 0 umount2("./342/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./342/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./342/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5786 attached , child_tidptr=0x55557f632690) = 5786 [pid 5786] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5786] chdir("./343") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] write(1, "executing program\n", 18executing program ) = 18 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5786] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5787 attached [pid 5787] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5786] <... clone3 resumed> => {parent_tid=[5787]}, 88) = 5787 [pid 5787] <... rseq resumed>) = 0 [pid 5786] rt_sigprocmask(SIG_SETMASK, [], [pid 5787] set_robust_list(0x7f2454d0d9a0, 24 [pid 5786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5787] <... set_robust_list resumed>) = 0 [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5787] memfd_create("syzkaller", 0) = 3 [pid 5787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5787] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5787] munmap(0x7f244c800000, 138412032) = 0 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5787] close(3) = 0 [pid 5787] close(4) = 0 [pid 5787] mkdir("./file2", 0777) = 0 [pid 5787] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5787] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5787] chdir("./file2") = 0 [ 211.433494][ T5787] loop0: detected capacity change from 0 to 4096 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... openat resumed>) = 4 [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] <... futex resumed>) = 0 [pid 5787] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... openat resumed>) = 5 [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... write resumed>) = 1036288 [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = 1 [pid 5787] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5786] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... mmap resumed>) = 0x20000000 [pid 5787] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] exit_group(0 [pid 5787] <... futex resumed>) = ? [pid 5786] <... exit_group resumed>) = ? [pid 5787] +++ exited with 0 +++ [pid 5786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5786, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./343", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./343/binderfs") = 0 umount2("./343/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./343/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./343/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5788 attached , child_tidptr=0x55557f632690) = 5788 [pid 5788] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5788] chdir("./344") = 0 [pid 5788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5788] setpgid(0, 0) = 0 [pid 5788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5788] write(3, "1000", 4) = 4 [pid 5788] close(3) = 0 [pid 5788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5788] write(1, "executing program\n", 18executing program ) = 18 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5788] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5789 attached [pid 5789] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5788] <... clone3 resumed> => {parent_tid=[5789]}, 88) = 5789 [pid 5789] set_robust_list(0x7f2454d0d9a0, 24 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] <... set_robust_list resumed>) = 0 [pid 5788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5789] memfd_create("syzkaller", 0) = 3 [pid 5789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5789] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5789] munmap(0x7f244c800000, 138412032) = 0 [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5789] close(3) = 0 [pid 5789] close(4) = 0 [pid 5789] mkdir("./file2", 0777) = 0 [pid 5789] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 211.939468][ T5789] loop0: detected capacity change from 0 to 4096 [pid 5789] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5789] chdir("./file2") = 0 [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] <... futex resumed>) = 0 [pid 5789] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... openat resumed>) = 4 [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] <... futex resumed>) = 0 [pid 5789] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... openat resumed>) = 5 [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... write resumed>) = 1036288 [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5788] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... mmap resumed>) = 0x20000000 [pid 5789] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] exit_group(0) = ? [pid 5789] <... futex resumed>) = ? [pid 5789] +++ exited with 0 +++ [pid 5788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5788, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./344/binderfs") = 0 umount2("./344/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./344/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./344/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5790 ./strace-static-x86_64: Process 5790 attached [pid 5790] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5790] chdir("./345") = 0 [pid 5790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5790] setpgid(0, 0) = 0 [pid 5790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5790] write(3, "1000", 4) = 4 [pid 5790] close(3) = 0 [pid 5790] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5790] write(1, "executing program\n", 18) = 18 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5790] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5791 attached [pid 5791] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5790] <... clone3 resumed> => {parent_tid=[5791]}, 88) = 5791 [pid 5791] set_robust_list(0x7f2454d0d9a0, 24 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] <... set_robust_list resumed>) = 0 [pid 5790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5791] memfd_create("syzkaller", 0) = 3 [pid 5791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5791] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5791] munmap(0x7f244c800000, 138412032) = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5791] close(3) = 0 [pid 5791] close(4) = 0 [pid 5791] mkdir("./file2", 0777) = 0 [pid 5791] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5791] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5791] chdir("./file2") = 0 [pid 5791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [ 212.409771][ T5791] loop0: detected capacity change from 0 to 4096 [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... openat resumed>) = 4 [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5791] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5790] <... futex resumed>) = 0 [pid 5791] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5791] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... openat resumed>) = 5 [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5791] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... write resumed>) = 1036288 [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 1 [pid 5790] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... mmap resumed>) = 0x20000000 [pid 5791] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5790] exit_group(0) = ? [pid 5791] <... futex resumed>) = ? [pid 5791] +++ exited with 0 +++ [pid 5790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5790, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./345", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./345/binderfs") = 0 umount2("./345/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./345/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./345/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5792 attached , child_tidptr=0x55557f632690) = 5792 [pid 5792] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5792] chdir("./346") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] write(1, "executing program\n", 18executing program ) = 18 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5792] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5792] <... clone3 resumed> => {parent_tid=[5793]}, 88) = 5793 [pid 5793] <... rseq resumed>) = 0 [pid 5793] set_robust_list(0x7f2454d0d9a0, 24 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5793] memfd_create("syzkaller", 0 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5793] <... memfd_create resumed>) = 3 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5793] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5793] munmap(0x7f244c800000, 138412032) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5793] close(3) = 0 [pid 5793] close(4) = 0 [pid 5793] mkdir("./file2", 0777) = 0 [pid 5793] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5793] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5793] chdir("./file2") = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 212.882763][ T5793] loop0: detected capacity change from 0 to 4096 [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... openat resumed>) = 4 [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5792] <... futex resumed>) = 0 [pid 5793] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... openat resumed>) = 5 [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 1 [pid 5793] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... write resumed>) = 1036288 [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... mmap resumed>) = 0x20000000 [pid 5793] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5793] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] exit_group(0) = ? [pid 5793] <... futex resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./346/binderfs") = 0 umount2("./346/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./346/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./346/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached , child_tidptr=0x55557f632690) = 5794 [pid 5794] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5794] chdir("./347") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] write(1, "executing program\n", 18executing program ) = 18 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5794] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5795 attached [pid 5795] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5794] <... clone3 resumed> => {parent_tid=[5795]}, 88) = 5795 [pid 5795] set_robust_list(0x7f2454d0d9a0, 24 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5795] <... set_robust_list resumed>) = 0 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5795] memfd_create("syzkaller", 0) = 3 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5795] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5795] munmap(0x7f244c800000, 138412032) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5795] close(3) = 0 [pid 5795] close(4) = 0 [pid 5795] mkdir("./file2", 0777) = 0 [pid 5795] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5795] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5795] chdir("./file2") = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.368025][ T5795] loop0: detected capacity change from 0 to 4096 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5795] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... openat resumed>) = 5 [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... write resumed>) = 1036288 [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5795] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5794] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... mmap resumed>) = 0x20000000 [pid 5795] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] exit_group(0 [pid 5795] <... futex resumed>) = ? [pid 5795] +++ exited with 0 +++ [pid 5794] <... exit_group resumed>) = ? [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./347", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./347/binderfs") = 0 umount2("./347/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./347/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./347/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5796 attached , child_tidptr=0x55557f632690) = 5796 [pid 5796] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5796] chdir("./348") = 0 [pid 5796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5796] setpgid(0, 0) = 0 [pid 5796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5796] write(3, "1000", 4) = 4 [pid 5796] close(3) = 0 [pid 5796] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5796] write(1, "executing program\n", 18) = 18 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5796] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5796] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5796] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5797 attached [pid 5797] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5796] <... clone3 resumed> => {parent_tid=[5797]}, 88) = 5797 [pid 5797] set_robust_list(0x7f2454d0d9a0, 24 [pid 5796] rt_sigprocmask(SIG_SETMASK, [], [pid 5797] <... set_robust_list resumed>) = 0 [pid 5797] rt_sigprocmask(SIG_SETMASK, [], [pid 5796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] memfd_create("syzkaller", 0 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5797] <... memfd_create resumed>) = 3 [pid 5797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5797] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5797] munmap(0x7f244c800000, 138412032) = 0 [pid 5797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5797] close(3) = 0 [pid 5797] close(4) = 0 [pid 5797] mkdir("./file2", 0777) = 0 [pid 5797] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5797] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5797] chdir("./file2") = 0 [pid 5797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5797] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5797] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... openat resumed>) = 4 [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5797] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5797] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... openat resumed>) = 5 [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5797] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5797] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 213.759385][ T5797] loop0: detected capacity change from 0 to 4096 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... write resumed>) = 1036288 [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5797] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 0 [pid 5796] <... futex resumed>) = 1 [pid 5797] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5796] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... mmap resumed>) = 0x20000000 [pid 5797] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5796] exit_group(0) = ? [pid 5797] <... futex resumed>) = ? [pid 5797] +++ exited with 0 +++ [pid 5796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5796, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./348", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./348/binderfs") = 0 umount2("./348/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./348/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./348/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5798 attached , child_tidptr=0x55557f632690) = 5798 [pid 5798] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5798] chdir("./349") = 0 [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5798] setpgid(0, 0) = 0 [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5798] write(3, "1000", 4) = 4 [pid 5798] close(3) = 0 [pid 5798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5798] write(1, "executing program\n", 18executing program ) = 18 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5798] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5799 attached [pid 5799] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5798] <... clone3 resumed> => {parent_tid=[5799]}, 88) = 5799 [pid 5799] <... rseq resumed>) = 0 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], [pid 5799] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] memfd_create("syzkaller", 0) = 3 [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5799] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5799] munmap(0x7f244c800000, 138412032) = 0 [pid 5799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5799] close(3) = 0 [pid 5799] close(4) = 0 [pid 5799] mkdir("./file2", 0777) = 0 [pid 5799] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5799] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5799] chdir("./file2") = 0 [pid 5799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5798] <... futex resumed>) = 0 [ 214.151473][ T5799] loop0: detected capacity change from 0 to 4096 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... openat resumed>) = 4 [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5798] <... futex resumed>) = 0 [pid 5799] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5798] <... futex resumed>) = 1 [pid 5799] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... openat resumed>) = 5 [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... futex resumed>) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... write resumed>) = 1036288 [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5798] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5799] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] exit_group(0 [pid 5799] <... futex resumed>) = ? [pid 5798] <... exit_group resumed>) = ? [pid 5799] +++ exited with 0 +++ [pid 5798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5798, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./349", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./349/binderfs") = 0 umount2("./349/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./349/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./349/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5800 attached [pid 5800] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5800 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5800] chdir("./350") = 0 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5800] write(1, "executing program\n", 18) = 18 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5800] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5800] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5801 attached [pid 5801] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5801] set_robust_list(0x7f2454d0d9a0, 24 [pid 5800] <... clone3 resumed> => {parent_tid=[5801]}, 88) = 5801 [pid 5801] <... set_robust_list resumed>) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5800] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [pid 5801] memfd_create("syzkaller", 0 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5801] <... memfd_create resumed>) = 3 [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5801] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5801] munmap(0x7f244c800000, 138412032) = 0 [pid 5801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5801] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5801] close(3) = 0 [pid 5801] close(4) = 0 [pid 5801] mkdir("./file2", 0777) = 0 [ 214.555342][ T5801] loop0: detected capacity change from 0 to 4096 [pid 5801] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5801] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5801] chdir("./file2") = 0 [pid 5801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [pid 5801] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... openat resumed>) = 4 [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5801] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... openat resumed>) = 5 [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [pid 5801] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... write resumed>) = 1036288 [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [pid 5801] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5800] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... mmap resumed>) = 0x20000000 [pid 5801] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] exit_group(0) = ? [pid 5801] <... futex resumed>) = ? [pid 5801] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5800, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./350/binderfs") = 0 umount2("./350/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./350/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./350/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5802 attached , child_tidptr=0x55557f632690) = 5802 [pid 5802] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5802] chdir("./351") = 0 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5802] setpgid(0, 0) = 0 [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5802] write(3, "1000", 4) = 4 [pid 5802] close(3) = 0 [pid 5802] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5802] write(1, "executing program\n", 18) = 18 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5802] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5802] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5803 attached => {parent_tid=[5803]}, 88) = 5803 [pid 5803] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5803] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5802] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] <... futex resumed>) = 0 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5803] memfd_create("syzkaller", 0) = 3 [pid 5803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5803] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5803] munmap(0x7f244c800000, 138412032) = 0 [pid 5803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5803] close(3) = 0 [pid 5803] close(4) = 0 [pid 5803] mkdir("./file2", 0777) = 0 [pid 5803] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5803] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5803] chdir("./file2") = 0 [ 215.002323][ T5803] loop0: detected capacity change from 0 to 4096 [pid 5803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] <... futex resumed>) = 0 [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 0 [pid 5802] <... futex resumed>) = 1 [pid 5803] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... openat resumed>) = 4 [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] <... futex resumed>) = 0 [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 0 [pid 5802] <... futex resumed>) = 1 [pid 5803] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] <... futex resumed>) = 0 [pid 5803] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... openat resumed>) = 5 [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] <... futex resumed>) = 0 [pid 5803] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... write resumed>) = 1036288 [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 0 [pid 5802] <... futex resumed>) = 1 [pid 5803] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5802] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... mmap resumed>) = 0x20000000 [pid 5803] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5802] exit_group(0 [pid 5803] <... futex resumed>) = ? [pid 5802] <... exit_group resumed>) = ? [pid 5803] +++ exited with 0 +++ [pid 5802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5802, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./351", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./351/binderfs") = 0 umount2("./351/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./351/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./351/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached , child_tidptr=0x55557f632690) = 5804 [pid 5804] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5804] chdir("./352") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] write(1, "executing program\n", 18executing program ) = 18 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5804] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5805 attached [pid 5805] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5804] <... clone3 resumed> => {parent_tid=[5805]}, 88) = 5805 [pid 5805] <... rseq resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5805] set_robust_list(0x7f2454d0d9a0, 24 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5805] memfd_create("syzkaller", 0) = 3 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5805] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5805] munmap(0x7f244c800000, 138412032) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5805] close(3) = 0 [pid 5805] close(4) = 0 [pid 5805] mkdir("./file2", 0777) = 0 [pid 5805] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5805] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5805] chdir("./file2") = 0 [ 215.480627][ T5805] loop0: detected capacity change from 0 to 4096 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = 1 [pid 5805] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... openat resumed>) = 4 [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = 0 [pid 5805] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... openat resumed>) = 5 [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... write resumed>) = 1036288 [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5804] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... mmap resumed>) = 0x20000000 [pid 5805] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] exit_group(0 [pid 5805] <... futex resumed>) = ? [pid 5804] <... exit_group resumed>) = ? [pid 5805] +++ exited with 0 +++ [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./352", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./352/binderfs") = 0 umount2("./352/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./352/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./352/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5806 attached , child_tidptr=0x55557f632690) = 5806 [pid 5806] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5806] chdir("./353") = 0 [pid 5806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5806] setpgid(0, 0) = 0 [pid 5806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] write(3, "1000", 4) = 4 [pid 5806] close(3) = 0 [pid 5806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5806] write(1, "executing program\n", 18executing program ) = 18 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5806] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5807 attached [pid 5807] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5806] <... clone3 resumed> => {parent_tid=[5807]}, 88) = 5807 [pid 5807] <... rseq resumed>) = 0 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], [pid 5807] set_robust_list(0x7f2454d0d9a0, 24 [pid 5806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5807] <... set_robust_list resumed>) = 0 [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], [pid 5806] <... futex resumed>) = 0 [pid 5807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5807] memfd_create("syzkaller", 0) = 3 [pid 5807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5807] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5807] munmap(0x7f244c800000, 138412032) = 0 [pid 5807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5807] close(3) = 0 [pid 5807] close(4) = 0 [pid 5807] mkdir("./file2", 0777) = 0 [pid 5807] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5807] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5807] chdir("./file2") = 0 [pid 5807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5807] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5807] <... openat resumed>) = 4 [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5807] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5806] <... futex resumed>) = 0 [pid 5807] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] <... futex resumed>) = 0 [pid 5807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 215.993345][ T5807] loop0: detected capacity change from 0 to 4096 [pid 5807] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5807] <... openat resumed>) = 5 [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5807] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5807] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5806] <... futex resumed>) = 0 [pid 5807] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5806] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5807] <... mmap resumed>) = 0x20000000 [pid 5807] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5806] <... futex resumed>) = 0 [pid 5807] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5806] exit_group(0 [pid 5807] <... futex resumed>) = ? [pid 5806] <... exit_group resumed>) = ? [pid 5807] +++ exited with 0 +++ [pid 5806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5806, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./353", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./353/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./353/binderfs") = 0 umount2("./353/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./353/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./353/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5808 attached , child_tidptr=0x55557f632690) = 5808 [pid 5808] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5808] chdir("./354") = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4) = 4 [pid 5808] close(3) = 0 [pid 5808] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5808] write(1, "executing program\n", 18) = 18 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5808] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5809 attached [pid 5809] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5808] <... clone3 resumed> => {parent_tid=[5809]}, 88) = 5809 [pid 5809] <... rseq resumed>) = 0 [pid 5809] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5809] memfd_create("syzkaller", 0) = 3 [pid 5809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5809] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5809] munmap(0x7f244c800000, 138412032) = 0 [pid 5809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5809] close(3) = 0 [pid 5809] close(4) = 0 [pid 5809] mkdir("./file2", 0777) = 0 [pid 5809] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5809] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5809] chdir("./file2") = 0 [pid 5809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5808] <... futex resumed>) = 0 [ 216.414145][ T5809] loop0: detected capacity change from 0 to 4096 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... openat resumed>) = 4 [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5809] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 0 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5809] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... openat resumed>) = 5 [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5809] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5809] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... write resumed>) = 1036288 [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = 0 [pid 5808] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5809] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5808] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... mmap resumed>) = 0x20000000 [pid 5809] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5809] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] exit_group(0 [pid 5809] <... futex resumed>) = ? [pid 5808] <... exit_group resumed>) = ? [pid 5809] +++ exited with 0 +++ [pid 5808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5808, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./354", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./354/binderfs") = 0 umount2("./354/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./354/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./354/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5810 attached , child_tidptr=0x55557f632690) = 5810 [pid 5810] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5810] chdir("./355") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5810] write(1, "executing program\n", 18) = 18 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5810] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5811 attached [pid 5811] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5810] <... clone3 resumed> => {parent_tid=[5811]}, 88) = 5811 [pid 5811] <... rseq resumed>) = 0 [pid 5811] set_robust_list(0x7f2454d0d9a0, 24 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5811] <... set_robust_list resumed>) = 0 [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5811] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5811] munmap(0x7f244c800000, 138412032) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] close(4) = 0 [pid 5811] mkdir("./file2", 0777) = 0 [pid 5811] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5811] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./file2") = 0 [ 216.880472][ T5811] loop0: detected capacity change from 0 to 4096 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5811] <... futex resumed>) = 1 [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 4 [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5811] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5810] <... futex resumed>) = 1 [pid 5811] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 5 [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... write resumed>) = 1036288 [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5810] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5811] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5810] exit_group(0) = ? [pid 5811] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./355", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./355/binderfs") = 0 umount2("./355/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./355/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./355/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5812 attached , child_tidptr=0x55557f632690) = 5812 [pid 5812] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5812] chdir("./356") = 0 [pid 5812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5812] setpgid(0, 0) = 0 [pid 5812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5812] write(3, "1000", 4) = 4 [pid 5812] close(3) = 0 [pid 5812] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5812] write(1, "executing program\n", 18) = 18 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5812] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5813 attached [pid 5813] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5813] set_robust_list(0x7f2454d0d9a0, 24 [pid 5812] <... clone3 resumed> => {parent_tid=[5813]}, 88) = 5813 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5812] rt_sigprocmask(SIG_SETMASK, [], [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5813] memfd_create("syzkaller", 0) = 3 [pid 5813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5813] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5813] munmap(0x7f244c800000, 138412032) = 0 [pid 5813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5813] close(3) = 0 [pid 5813] close(4) = 0 [pid 5813] mkdir("./file2", 0777) = 0 [pid 5813] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5813] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5813] chdir("./file2") = 0 [pid 5813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 1 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 1 [pid 5813] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 217.346025][ T5813] loop0: detected capacity change from 0 to 4096 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... openat resumed>) = 5 [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... write resumed>) = 1036288 [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 1 [pid 5813] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5812] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... mmap resumed>) = 0x20000000 [pid 5813] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] <... futex resumed>) = 0 [pid 5812] exit_group(0 [pid 5813] <... futex resumed>) = ? [pid 5812] <... exit_group resumed>) = ? [pid 5813] +++ exited with 0 +++ [pid 5812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5812, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./356/binderfs") = 0 umount2("./356/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./356/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./356/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5814 attached , child_tidptr=0x55557f632690) = 5814 [pid 5814] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5814] chdir("./357") = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0) = 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5814] write(1, "executing program\n", 18) = 18 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5814] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5815 attached [pid 5815] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5815] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5815] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... clone3 resumed> => {parent_tid=[5815]}, 88) = 5815 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5814] <... futex resumed>) = 1 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5815] memfd_create("syzkaller", 0) = 3 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5815] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5815] munmap(0x7f244c800000, 138412032) = 0 [pid 5815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5815] close(3) = 0 [pid 5815] close(4) = 0 [pid 5815] mkdir("./file2", 0777) = 0 [pid 5815] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5815] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5815] chdir("./file2") = 0 [pid 5815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5814] <... futex resumed>) = 0 [ 217.778408][ T5815] loop0: detected capacity change from 0 to 4096 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... openat resumed>) = 4 [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 1 [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5814] <... futex resumed>) = 0 [pid 5815] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5815] <... futex resumed>) = 0 [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... openat resumed>) = 5 [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] <... futex resumed>) = 0 [pid 5815] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... write resumed>) = 1036288 [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 1 [pid 5814] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... mmap resumed>) = 0x20000000 [pid 5815] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] exit_group(0) = ? [pid 5815] <... futex resumed>) = ? [pid 5815] +++ exited with 0 +++ [pid 5814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5814, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./357/binderfs") = 0 umount2("./357/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./357/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./357/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5816 attached , child_tidptr=0x55557f632690) = 5816 [pid 5816] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5816] chdir("./358") = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] write(1, "executing program\n", 18executing program ) = 18 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5816] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5817 attached [pid 5817] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5816] <... clone3 resumed> => {parent_tid=[5817]}, 88) = 5817 [pid 5817] set_robust_list(0x7f2454d0d9a0, 24 [pid 5816] rt_sigprocmask(SIG_SETMASK, [], [pid 5817] <... set_robust_list resumed>) = 0 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5817] memfd_create("syzkaller", 0) = 3 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5817] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5817] munmap(0x7f244c800000, 138412032) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5817] close(3) = 0 [pid 5817] close(4) = 0 [pid 5817] mkdir("./file2", 0777) = 0 [pid 5817] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5817] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5817] chdir("./file2") = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [ 218.240393][ T5817] loop0: detected capacity change from 0 to 4096 [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... openat resumed>) = 4 [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5816] <... futex resumed>) = 0 [pid 5817] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5817] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5817] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... openat resumed>) = 5 [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5817] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... write resumed>) = 1036288 [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5817] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5816] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... mmap resumed>) = 0x20000000 [pid 5817] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... futex resumed>) = 0 [pid 5816] exit_group(0) = ? [pid 5817] <... futex resumed>) = ? [pid 5817] +++ exited with 0 +++ [pid 5816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./358/binderfs") = 0 umount2("./358/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./358/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./358/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5818 attached , child_tidptr=0x55557f632690) = 5818 [pid 5818] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5818] chdir("./359") = 0 [pid 5818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5818] setpgid(0, 0) = 0 [pid 5818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5818] write(3, "1000", 4) = 4 [pid 5818] close(3) = 0 [pid 5818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5818] write(1, "executing program\n", 18executing program ) = 18 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5818] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5819 attached [pid 5819] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5818] <... clone3 resumed> => {parent_tid=[5819]}, 88) = 5819 [pid 5819] set_robust_list(0x7f2454d0d9a0, 24 [pid 5818] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... set_robust_list resumed>) = 0 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] memfd_create("syzkaller", 0 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... memfd_create resumed>) = 3 [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5819] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5819] munmap(0x7f244c800000, 138412032) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5819] close(3) = 0 [pid 5819] close(4) = 0 [pid 5819] mkdir("./file2", 0777) = 0 [pid 5819] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5819] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] chdir("./file2") = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] <... futex resumed>) = 0 [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... futex resumed>) = 0 [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 0 [pid 5818] <... futex resumed>) = 1 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 218.667728][ T5819] loop0: detected capacity change from 0 to 4096 [pid 5819] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] <... futex resumed>) = 0 [pid 5819] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5818] <... futex resumed>) = 0 [pid 5819] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... openat resumed>) = 5 [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] <... futex resumed>) = 0 [pid 5819] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5818] <... futex resumed>) = 0 [pid 5819] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... write resumed>) = 1036288 [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... futex resumed>) = 0 [pid 5818] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5819] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5818] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... mmap resumed>) = 0x20000000 [pid 5819] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] <... futex resumed>) = 0 [pid 5819] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] exit_group(0 [pid 5819] <... futex resumed>) = ? [pid 5818] <... exit_group resumed>) = ? [pid 5819] +++ exited with 0 +++ [pid 5818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5818, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./359", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./359/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./359/binderfs") = 0 umount2("./359/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./359/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./359/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5820 ./strace-static-x86_64: Process 5820 attached [pid 5820] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5820] chdir("./360") = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] write(1, "executing program\n", 18executing program ) = 18 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5820] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5821 attached [pid 5821] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5820] <... clone3 resumed> => {parent_tid=[5821]}, 88) = 5821 [pid 5821] <... rseq resumed>) = 0 [pid 5821] set_robust_list(0x7f2454d0d9a0, 24 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... set_robust_list resumed>) = 0 [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] memfd_create("syzkaller", 0) = 3 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5821] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5821] munmap(0x7f244c800000, 138412032) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5821] close(3) = 0 [pid 5821] close(4) = 0 [pid 5821] mkdir("./file2", 0777) = 0 [pid 5821] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5821] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5821] chdir("./file2") = 0 [ 219.131381][ T5821] loop0: detected capacity change from 0 to 4096 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5821] <... futex resumed>) = 1 [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 4 [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5821] <... futex resumed>) = 1 [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 5 [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5821] <... futex resumed>) = 1 [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... write resumed>) = 1036288 [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... mmap resumed>) = 0x20000000 [pid 5821] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] exit_group(0 [pid 5821] <... futex resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5820] <... exit_group resumed>) = ? [pid 5820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./360", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./360/binderfs") = 0 umount2("./360/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./360/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./360/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5822 attached , child_tidptr=0x55557f632690) = 5822 [pid 5822] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5822] chdir("./361") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5822] write(1, "executing program\n", 18) = 18 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5822] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5823 attached [pid 5823] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5822] <... clone3 resumed> => {parent_tid=[5823]}, 88) = 5823 [pid 5823] <... rseq resumed>) = 0 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5823] set_robust_list(0x7f2454d0d9a0, 24 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] <... set_robust_list resumed>) = 0 [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... futex resumed>) = 0 [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5823] memfd_create("syzkaller", 0) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5823] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5823] munmap(0x7f244c800000, 138412032) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] close(3) = 0 [pid 5823] close(4) = 0 [pid 5823] mkdir("./file2", 0777) = 0 [pid 5823] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5823] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5823] chdir("./file2") = 0 [ 219.502407][ T5823] loop0: detected capacity change from 0 to 4096 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... openat resumed>) = 4 [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5823] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... openat resumed>) = 5 [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... write resumed>) = 1036288 [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5822] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... mmap resumed>) = 0x20000000 [pid 5823] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = 0 [pid 5822] exit_group(0 [pid 5823] <... futex resumed>) = ? [pid 5822] <... exit_group resumed>) = ? [pid 5823] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./361/binderfs") = 0 umount2("./361/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./361/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./361/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached , child_tidptr=0x55557f632690) = 5824 [pid 5824] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5824] chdir("./362") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5824] write(1, "executing program\n", 18executing program ) = 18 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5824] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5825 attached [pid 5825] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5824] <... clone3 resumed> => {parent_tid=[5825]}, 88) = 5825 [pid 5825] set_robust_list(0x7f2454d0d9a0, 24 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... set_robust_list resumed>) = 0 [pid 5824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] <... futex resumed>) = 0 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5825] memfd_create("syzkaller", 0) = 3 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5825] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5825] munmap(0x7f244c800000, 138412032) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5825] close(3) = 0 [pid 5825] close(4) = 0 [pid 5825] mkdir("./file2", 0777) = 0 [pid 5825] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5825] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5825] chdir("./file2") = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... futex resumed>) = 0 [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 219.921812][ T5825] loop0: detected capacity change from 0 to 4096 [pid 5825] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] <... futex resumed>) = 0 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5824] <... futex resumed>) = 0 [pid 5825] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] <... futex resumed>) = 0 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5824] <... futex resumed>) = 0 [pid 5825] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... openat resumed>) = 5 [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] <... futex resumed>) = 0 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5824] <... futex resumed>) = 1 [pid 5825] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... write resumed>) = 1036288 [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... futex resumed>) = 0 [pid 5824] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5824] <... futex resumed>) = 1 [pid 5825] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5824] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... mmap resumed>) = 0x20000000 [pid 5825] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] <... futex resumed>) = 0 [pid 5825] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] exit_group(0 [pid 5825] <... futex resumed>) = ? [pid 5825] +++ exited with 0 +++ [pid 5824] <... exit_group resumed>) = ? [pid 5824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5824, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./362", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./362/binderfs") = 0 umount2("./362/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./362/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./362/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached , child_tidptr=0x55557f632690) = 5826 [pid 5826] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5826] chdir("./363") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] write(1, "executing program\n", 18executing program ) = 18 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5826] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5827 attached => {parent_tid=[5827]}, 88) = 5827 [pid 5827] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5827] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] <... futex resumed>) = 0 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5827] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5827] munmap(0x7f244c800000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file2", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5827] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file2") = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [ 220.382500][ T5827] loop0: detected capacity change from 0 to 4096 [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... openat resumed>) = 4 [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... openat resumed>) = 5 [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... write resumed>) = 1036288 [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... mmap resumed>) = 0x20000000 [pid 5827] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] exit_group(0 [pid 5827] <... futex resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5826] <... exit_group resumed>) = ? [pid 5826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./363", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./363/binderfs") = 0 umount2("./363/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./363/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./363/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x55557f632690) = 5829 [pid 5829] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5829] chdir("./364") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5829] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5830 attached [pid 5830] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5829] <... clone3 resumed> => {parent_tid=[5830]}, 88) = 5830 [pid 5830] <... rseq resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] set_robust_list(0x7f2454d0d9a0, 24 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5830] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5830] munmap(0x7f244c800000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file2", 0777) = 0 [pid 5830] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5830] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file2") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [ 220.871532][ T5830] loop0: detected capacity change from 0 to 4096 [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 4 [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5830] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5830] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 5 [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... write resumed>) = 1036288 [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5829] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... mmap resumed>) = 0x20000000 [pid 5830] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] exit_group(0 [pid 5830] <... futex resumed>) = ? [pid 5829] <... exit_group resumed>) = ? [pid 5830] +++ exited with 0 +++ [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./364/binderfs") = 0 umount2("./364/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./364/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./364/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x55557f632690) = 5832 [pid 5832] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5832] chdir("./365") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5832] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] set_robust_list(0x7f2454d0d9a0, 24 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5833] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5833] munmap(0x7f244c800000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file2", 0777) = 0 [pid 5833] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5833] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] chdir("./file2") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 221.300452][ T5833] loop0: detected capacity change from 0 to 4096 [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 4 [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5832] <... futex resumed>) = 0 [pid 5833] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 5 [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... write resumed>) = 1036288 [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... mmap resumed>) = 0x20000000 [pid 5833] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] exit_group(0) = ? [pid 5833] <... futex resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./365/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./365/binderfs") = 0 umount2("./365/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./365/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./365/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached , child_tidptr=0x55557f632690) = 5834 [pid 5834] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5834] chdir("./366") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] write(1, "executing program\n", 18executing program ) = 18 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5834] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5835 attached => {parent_tid=[5835]}, 88) = 5835 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] set_robust_list(0x7f2454d0d9a0, 24 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5835] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5835] munmap(0x7f244c800000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./file2", 0777) = 0 [pid 5835] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5835] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 221.783871][ T5835] loop0: detected capacity change from 0 to 4096 [pid 5835] chdir("./file2") = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 4 [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5834] <... futex resumed>) = 0 [pid 5835] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 5 [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... write resumed>) = 1036288 [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5835] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5835] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] exit_group(0 [pid 5835] <... futex resumed>) = ? [pid 5834] <... exit_group resumed>) = ? [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./366", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./366/binderfs") = 0 umount2("./366/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./366/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./366/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached , child_tidptr=0x55557f632690) = 5837 [pid 5837] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5837] chdir("./367") = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] write(1, "executing program\n", 18executing program ) = 18 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5837] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5837] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] <... rseq resumed>) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] set_robust_list(0x7f2454d0d9a0, 24 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... futex resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5838] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5838] munmap(0x7f244c800000, 138412032) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] close(4) = 0 [pid 5838] mkdir("./file2", 0777) = 0 [pid 5838] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5838] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./file2") = 0 [ 222.223878][ T5838] loop0: detected capacity change from 0 to 4096 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... openat resumed>) = 5 [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... write resumed>) = 1036288 [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5837] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... mmap resumed>) = 0x20000000 [pid 5838] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] exit_group(0 [pid 5838] <... futex resumed>) = ? [pid 5837] <... exit_group resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./367/binderfs") = 0 umount2("./367/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./367/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./367/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached , child_tidptr=0x55557f632690) = 5839 [pid 5839] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5839] chdir("./368") = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5839] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5839] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] <... rseq resumed>) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] set_robust_list(0x7f2454d0d9a0, 24 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5840] memfd_create("syzkaller", 0) = 3 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5840] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5840] munmap(0x7f244c800000, 138412032) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5840] close(3) = 0 [pid 5840] close(4) = 0 [pid 5840] mkdir("./file2", 0777) = 0 [pid 5840] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5840] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] chdir("./file2") = 0 [ 222.692846][ T5840] loop0: detected capacity change from 0 to 4096 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... openat resumed>) = 4 [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5840] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... openat resumed>) = 5 [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5840] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... write resumed>) = 1036288 [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5840] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5839] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... mmap resumed>) = 0x20000000 [pid 5840] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... futex resumed>) = 0 [pid 5839] exit_group(0 [pid 5840] <... futex resumed>) = ? [pid 5839] <... exit_group resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./368", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./368/binderfs") = 0 umount2("./368/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./368/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./368/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x55557f632690) = 5841 [pid 5841] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5841] chdir("./369") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5841] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5841] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] set_robust_list(0x7f2454d0d9a0, 24 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] memfd_create("syzkaller", 0) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5842] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5842] munmap(0x7f244c800000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./file2", 0777) = 0 [pid 5842] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5842] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file2") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... openat resumed>) = 4 [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] <... futex resumed>) = 0 [pid 5842] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... openat resumed>) = 5 [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 223.179557][ T5842] loop0: detected capacity change from 0 to 4096 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] <... futex resumed>) = 1 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5841] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5842] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5841] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... mmap resumed>) = 0x20000000 [pid 5842] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = 0 [pid 5841] exit_group(0) = ? [pid 5842] <... futex resumed>) = ? [pid 5842] +++ exited with 0 +++ [pid 5841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./369/binderfs") = 0 umount2("./369/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./369/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./369/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x55557f632690) = 5844 [pid 5844] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5844] chdir("./370") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] write(1, "executing program\n", 18executing program ) = 18 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5844] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5845 attached [pid 5845] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5844] <... clone3 resumed> => {parent_tid=[5845]}, 88) = 5845 [pid 5845] <... rseq resumed>) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] set_robust_list(0x7f2454d0d9a0, 24 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... futex resumed>) = 0 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5845] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5845] munmap(0x7f244c800000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file2", 0777) = 0 [pid 5845] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5845] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file2") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5845] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 223.613244][ T5845] loop0: detected capacity change from 0 to 4096 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... openat resumed>) = 4 [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5845] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5845] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... openat resumed>) = 5 [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... write resumed>) = 1036288 [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5845] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5844] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... mmap resumed>) = 0x20000000 [pid 5845] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] exit_group(0) = ? [pid 5845] <... futex resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./370", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./370/binderfs") = 0 umount2("./370/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./370/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./370/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached , child_tidptr=0x55557f632690) = 5846 [pid 5846] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5846] chdir("./371") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] write(1, "executing program\n", 18executing program ) = 18 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5846] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5848 attached => {parent_tid=[5848]}, 88) = 5848 [pid 5848] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5848] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5848] munmap(0x7f244c800000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file2", 0777) = 0 [pid 5848] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5848] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./file2") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [ 224.124406][ T5848] loop0: detected capacity change from 0 to 4096 [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... openat resumed>) = 4 [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5848] <... futex resumed>) = 1 [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5846] <... futex resumed>) = 0 [pid 5848] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5848] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5848] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... openat resumed>) = 5 [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5848] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5848] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... write resumed>) = 1036288 [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5846] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5848] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] <... futex resumed>) = 0 [pid 5846] exit_group(0 [pid 5848] <... futex resumed>) = ? [pid 5846] <... exit_group resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./371", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./371/binderfs") = 0 umount2("./371/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./371/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./371/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5849] chdir("./372") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5849] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5849] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] <... rseq resumed>) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] set_robust_list(0x7f2454d0d9a0, 24 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] <... futex resumed>) = 0 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5850] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5850] munmap(0x7f244c800000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file2", 0777) = 0 [pid 5850] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5850] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 224.563821][ T5850] loop0: detected capacity change from 0 to 4096 [pid 5850] chdir("./file2") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5850] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... openat resumed>) = 4 [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] <... futex resumed>) = 0 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5850] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5849] <... futex resumed>) = 1 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... write resumed>) = 1036288 [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5849] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... mmap resumed>) = 0x20000000 [pid 5850] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./372", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./372/binderfs") = 0 umount2("./372/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./372/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./372/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x55557f632690) = 5852 [pid 5852] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5852] chdir("./373") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5852] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5853 attached => {parent_tid=[5853]}, 88) = 5853 [pid 5853] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5853] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5853] munmap(0x7f244c800000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file2", 0777) = 0 [pid 5853] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5853] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 224.974606][ T5853] loop0: detected capacity change from 0 to 4096 [pid 5853] chdir("./file2") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 4 [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 5 [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5853] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... write resumed>) = 1036288 [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5852] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... mmap resumed>) = 0x20000000 [pid 5853] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0) = ? [pid 5853] <... futex resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./373/binderfs") = 0 umount2("./373/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./373/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./373/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5854 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5854] chdir("./374") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18executing program ) = 18 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5854] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5855] munmap(0x7f244c800000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file2", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5855] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file2") = 0 [ 225.449535][ T5855] loop0: detected capacity change from 0 to 4096 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... openat resumed>) = 4 [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... openat resumed>) = 5 [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... write resumed>) = 1036288 [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5854] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5855] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5854] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./374", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./374/binderfs") = 0 umount2("./374/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./374/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./374/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] chdir("./375") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5856] write(1, "executing program\n", 18) = 18 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5856] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5857 attached [pid 5857] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5856] <... clone3 resumed> => {parent_tid=[5857]}, 88) = 5857 [pid 5857] <... rseq resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] set_robust_list(0x7f2454d0d9a0, 24 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5857] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5857] munmap(0x7f244c800000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5857] close(3) = 0 [pid 5857] close(4) = 0 [pid 5857] mkdir("./file2", 0777) = 0 [pid 5857] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5857] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] chdir("./file2") = 0 [ 225.969788][ T5857] loop0: detected capacity change from 0 to 4096 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... futex resumed>) = 0 [pid 5857] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... openat resumed>) = 5 [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... write resumed>) = 1036288 [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5856] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... mmap resumed>) = 0x20000000 [pid 5857] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] <... futex resumed>) = 0 [pid 5856] exit_group(0 [pid 5857] <... futex resumed>) = ? [pid 5857] +++ exited with 0 +++ [pid 5856] <... exit_group resumed>) = ? [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./375", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./375/binderfs") = 0 umount2("./375/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./375/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./375/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x55557f632690) = 5858 [pid 5858] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5858] chdir("./376") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5858] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5859 attached [pid 5859] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5858] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5859] <... rseq resumed>) = 0 [pid 5859] set_robust_list(0x7f2454d0d9a0, 24 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5859] munmap(0x7f244c800000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./file2", 0777) = 0 [pid 5859] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5859] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file2") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 226.450304][ T5859] loop0: detected capacity change from 0 to 4096 [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [pid 5859] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 4 [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5858] <... futex resumed>) = 0 [pid 5859] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 5 [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [pid 5859] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... write resumed>) = 1036288 [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [pid 5859] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5858] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... mmap resumed>) = 0x20000000 [pid 5859] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] exit_group(0 [pid 5859] <... futex resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5858] <... exit_group resumed>) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./376/binderfs") = 0 umount2("./376/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./376/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./376/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x55557f632690) = 5860 [pid 5860] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5860] chdir("./377") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5860] write(1, "executing program\n", 18) = 18 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5860] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5860] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5861] munmap(0x7f244c800000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./file2", 0777) = 0 [pid 5861] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5861] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file2") = 0 [ 226.898113][ T5861] loop0: detected capacity change from 0 to 4096 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... openat resumed>) = 4 [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5861] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... openat resumed>) = 5 [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... write resumed>) = 1036288 [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5861] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5860] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... mmap resumed>) = 0x20000000 [pid 5861] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5860] exit_group(0 [pid 5861] <... futex resumed>) = ? [pid 5860] <... exit_group resumed>) = ? [pid 5861] +++ exited with 0 +++ [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./377", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./377/binderfs") = 0 umount2("./377/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./377/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./377/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x55557f632690) = 5862 [pid 5862] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5862] chdir("./378") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] write(1, "executing program\n", 18executing program ) = 18 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5862] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5863 attached [pid 5863] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5862] <... clone3 resumed> => {parent_tid=[5863]}, 88) = 5863 [pid 5863] set_robust_list(0x7f2454d0d9a0, 24 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] <... set_robust_list resumed>) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... futex resumed>) = 0 [pid 5863] memfd_create("syzkaller", 0 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5863] <... memfd_create resumed>) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5863] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5863] munmap(0x7f244c800000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5863] close(3) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./file2", 0777) = 0 [pid 5863] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5863] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5863] chdir("./file2") = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5862] <... futex resumed>) = 0 [ 227.345749][ T5863] loop0: detected capacity change from 0 to 4096 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... openat resumed>) = 4 [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5863] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... write resumed>) = 1036288 [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5863] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5862] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... mmap resumed>) = 0x20000000 [pid 5863] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] exit_group(0 [pid 5863] <... futex resumed>) = ? [pid 5862] <... exit_group resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./378/binderfs") = 0 umount2("./378/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./378/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./378/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached , child_tidptr=0x55557f632690) = 5864 [pid 5864] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5864] chdir("./379") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5864] write(1, "executing program\n", 18) = 18 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5864] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5864] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] <... rseq resumed>) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] set_robust_list(0x7f2454d0d9a0, 24 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] <... futex resumed>) = 0 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5865] munmap(0x7f244c800000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./file2", 0777) = 0 [pid 5865] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file2") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5864] <... futex resumed>) = 0 [pid 5865] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... openat resumed>) = 4 [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5864] <... futex resumed>) = 0 [pid 5865] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 227.795307][ T5865] loop0: detected capacity change from 0 to 4096 [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... openat resumed>) = 5 [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5865] <... futex resumed>) = 1 [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... write resumed>) = 1036288 [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5864] <... futex resumed>) = 0 [pid 5865] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5864] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... mmap resumed>) = 0x20000000 [pid 5865] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] exit_group(0 [pid 5865] <... futex resumed>) = ? [pid 5864] <... exit_group resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./379/binderfs") = 0 umount2("./379/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./379/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./379/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached , child_tidptr=0x55557f632690) = 5866 [pid 5866] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5866] chdir("./380") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] write(1, "executing program\n", 18executing program ) = 18 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5866] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5866] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] set_robust_list(0x7f2454d0d9a0, 24 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5867] munmap(0x7f244c800000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file2", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5867] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file2") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [ 228.187518][ T5867] loop0: detected capacity change from 0 to 4096 [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... openat resumed>) = 4 [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... openat resumed>) = 5 [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... write resumed>) = 1036288 [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] <... mmap resumed>) = 0x20000000 [pid 5866] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = 0 [pid 5866] exit_group(0 [pid 5867] <... futex resumed>) = ? [pid 5866] <... exit_group resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./380", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./380/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./380/binderfs") = 0 umount2("./380/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./380/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./380/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55557f632690) = 5868 [pid 5868] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5868] chdir("./381") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5868] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5868] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] <... rseq resumed>) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] set_robust_list(0x7f2454d0d9a0, 24 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... futex resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5869] munmap(0x7f244c800000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./file2", 0777) = 0 [ 228.647747][ T5869] loop0: detected capacity change from 0 to 4096 [pid 5869] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5869] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./file2") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5869] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 4 [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5869] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 5 [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... write resumed>) = 1036288 [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5868] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5869] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5868] exit_group(0 [pid 5869] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] <... exit_group resumed>) = ? [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./381", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./381/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./381/binderfs") = 0 umount2("./381/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./381/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./381/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached , child_tidptr=0x55557f632690) = 5870 [pid 5870] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5870] chdir("./382") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5870] write(1, "executing program\n", 18) = 18 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5870] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5870] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] <... rseq resumed>) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] set_robust_list(0x7f2454d0d9a0, 24 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... futex resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5871] munmap(0x7f244c800000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file2", 0777) = 0 [pid 5871] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5871] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 229.099197][ T5871] loop0: detected capacity change from 0 to 4096 [pid 5871] chdir("./file2") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 4 [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... futex resumed>) = 0 [pid 5871] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... openat resumed>) = 5 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... write resumed>) = 1036288 [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 1 [pid 5871] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5871] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] exit_group(0 [pid 5871] <... futex resumed>) = ? [pid 5870] <... exit_group resumed>) = ? [pid 5871] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./382", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./382/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./382/binderfs") = 0 umount2("./382/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./382/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./382/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x55557f632690) = 5872 [pid 5872] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5872] chdir("./383") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5872] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] set_robust_list(0x7f2454d0d9a0, 24 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... set_robust_list resumed>) = 0 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5873] munmap(0x7f244c800000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./file2", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5873] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file2") = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 229.552362][ T5873] loop0: detected capacity change from 0 to 4096 [pid 5873] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... openat resumed>) = 4 [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5872] <... futex resumed>) = 0 [pid 5873] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... openat resumed>) = 5 [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... write resumed>) = 1036288 [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5872] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... mmap resumed>) = 0x20000000 [pid 5873] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] exit_group(0 [pid 5873] <... futex resumed>) = ? [pid 5872] <... exit_group resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./383", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./383/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./383/binderfs") = 0 umount2("./383/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./383/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./383/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached , child_tidptr=0x55557f632690) = 5874 [pid 5874] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5874] chdir("./384") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] write(1, "executing program\n", 18executing program ) = 18 [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5874] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5875 attached => {parent_tid=[5875]}, 88) = 5875 [pid 5875] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] <... rseq resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] set_robust_list(0x7f2454d0d9a0, 24 [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5874] <... futex resumed>) = 0 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5875] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5875] munmap(0x7f244c800000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file2", 0777) = 0 [pid 5875] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5875] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file2") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 229.980262][ T5875] loop0: detected capacity change from 0 to 4096 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... openat resumed>) = 4 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5875] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5875] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... openat resumed>) = 5 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5875] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... write resumed>) = 1036288 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5875] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5874] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... mmap resumed>) = 0x20000000 [pid 5875] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] exit_group(0 [pid 5875] <... futex resumed>) = ? [pid 5875] +++ exited with 0 +++ [pid 5874] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./384", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./384/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./384/binderfs") = 0 umount2("./384/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./384/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./384/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5876] chdir("./385" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5876 [pid 5876] <... chdir resumed>) = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5876] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5876] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] <... rseq resumed>) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] set_robust_list(0x7f2454d0d9a0, 24 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5877] munmap(0x7f244c800000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file2", 0777) = 0 [pid 5877] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5877] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 230.415993][ T5877] loop0: detected capacity change from 0 to 4096 [pid 5877] chdir("./file2") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 4 [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 5 [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5876] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... mmap resumed>) = 0x20000000 [pid 5877] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] exit_group(0 [pid 5877] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./385", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./385/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./385/binderfs") = 0 umount2("./385/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./385/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./385/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x55557f632690) = 5878 [pid 5878] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5878] chdir("./386") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5878] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5879 attached => {parent_tid=[5879]}, 88) = 5879 [pid 5879] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5879] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5879] munmap(0x7f244c800000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file2", 0777) = 0 [pid 5879] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5879] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file2") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 230.851977][ T5879] loop0: detected capacity change from 0 to 4096 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 0 [pid 5879] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... openat resumed>) = 5 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... write resumed>) = 1036288 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5879] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5878] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... mmap resumed>) = 0x20000000 [pid 5879] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] exit_group(0 [pid 5879] <... futex resumed>) = ? [pid 5878] <... exit_group resumed>) = ? [pid 5879] +++ exited with 0 +++ [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./386", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./386/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./386/binderfs") = 0 umount2("./386/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./386/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./386/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x55557f632690) = 5880 [pid 5880] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5880] chdir("./387") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] write(1, "executing program\n", 18executing program ) = 18 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5880] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5881 attached => {parent_tid=[5881]}, 88) = 5881 [pid 5881] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5881] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5881] memfd_create("syzkaller", 0) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5881] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5881] munmap(0x7f244c800000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file2", 0777) = 0 [pid 5881] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 231.324402][ T5881] loop0: detected capacity change from 0 to 4096 [pid 5881] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file2") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5880] <... futex resumed>) = 1 [pid 5881] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5881] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5880] <... futex resumed>) = 1 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... openat resumed>) = 5 [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5881] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [pid 5881] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... write resumed>) = 1036288 [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5881] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [pid 5881] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5880] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... mmap resumed>) = 0x20000000 [pid 5881] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5881] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] exit_group(0) = ? [pid 5881] <... futex resumed>) = ? [pid 5881] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./387/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./387/binderfs") = 0 umount2("./387/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./387/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./387/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached , child_tidptr=0x55557f632690) = 5882 [pid 5882] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5882] chdir("./388") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] write(1, "executing program\n", 18executing program ) = 18 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5882] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5883 attached => {parent_tid=[5883]}, 88) = 5883 [pid 5883] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5883] <... rseq resumed>) = 0 [pid 5883] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5883] munmap(0x7f244c800000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file2", 0777) = 0 [pid 5883] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5883] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file2") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5883] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... openat resumed>) = 4 [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [ 231.811866][ T5883] loop0: detected capacity change from 0 to 4096 [pid 5883] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 1 [pid 5883] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... openat resumed>) = 5 [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5883] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5882] <... futex resumed>) = 1 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... write resumed>) = 1036288 [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5883] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] exit_group(0 [pid 5883] <... futex resumed>) = ? [pid 5882] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./388/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./388/binderfs") = 0 umount2("./388/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./388/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./388/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x55557f632690) = 5884 [pid 5884] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5884] chdir("./389") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5884] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5884] <... clone3 resumed> => {parent_tid=[5885]}, 88) = 5885 [pid 5885] set_robust_list(0x7f2454d0d9a0, 24 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... set_robust_list resumed>) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] memfd_create("syzkaller", 0) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5885] munmap(0x7f244c800000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file2", 0777) = 0 [pid 5885] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5885] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file2") = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 232.252573][ T5885] loop0: detected capacity change from 0 to 4096 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... futex resumed>) = 0 [pid 5885] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... openat resumed>) = 5 [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5885] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... write resumed>) = 1036288 [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... futex resumed>) = 0 [pid 5885] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5884] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... mmap resumed>) = 0x20000000 [pid 5885] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] exit_group(0 [pid 5885] <... futex resumed>) = ? [pid 5885] +++ exited with 0 +++ [pid 5884] <... exit_group resumed>) = ? [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./389", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./389/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./389/binderfs") = 0 umount2("./389/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./389/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./389/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5886 ./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5886] chdir("./390") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18executing program ) = 18 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5886] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5887 attached [pid 5887] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5886] <... clone3 resumed> => {parent_tid=[5887]}, 88) = 5887 [pid 5887] <... rseq resumed>) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] set_robust_list(0x7f2454d0d9a0, 24 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... futex resumed>) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5887] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5887] munmap(0x7f244c800000, 138412032) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./file2", 0777) = 0 [pid 5887] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5887] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file2") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 232.700219][ T5887] loop0: detected capacity change from 0 to 4096 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... openat resumed>) = 4 [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... openat resumed>) = 5 [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... write resumed>) = 1036288 [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5886] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5887] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5886] exit_group(0 [pid 5887] <... futex resumed>) = ? [pid 5886] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./390", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./390/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./390/binderfs") = 0 umount2("./390/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./390/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./390/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5888] chdir("./391") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5888] write(1, "executing program\n", 18) = 18 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5888] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5888] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] <... rseq resumed>) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] set_robust_list(0x7f2454d0d9a0, 24 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] <... futex resumed>) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5889] munmap(0x7f244c800000, 138412032) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./file2", 0777) = 0 [pid 5889] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file2") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5889] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 233.148673][ T5889] loop0: detected capacity change from 0 to 4096 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 4 [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] <... futex resumed>) = 0 [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 5 [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5889] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... write resumed>) = 1036288 [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5889] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] exit_group(0) = ? [pid 5889] <... futex resumed>) = ? [pid 5889] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./391", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./391/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./391/binderfs") = 0 umount2("./391/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./391/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./391/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5890 ./strace-static-x86_64: Process 5890 attached [pid 5890] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5890] chdir("./392") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] write(1, "executing program\n", 18executing program ) = 18 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5890] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5891 attached => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5891] set_robust_list(0x7f2454d0d9a0, 24 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5891] munmap(0x7f244c800000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file2", 0777) = 0 [pid 5891] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5891] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file2") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [ 233.548086][ T5891] loop0: detected capacity change from 0 to 4096 [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... openat resumed>) = 4 [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = 1 [pid 5891] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... openat resumed>) = 5 [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... write resumed>) = 1036288 [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5890] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... mmap resumed>) = 0x20000000 [pid 5891] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] exit_group(0 [pid 5891] <... futex resumed>) = ? [pid 5890] <... exit_group resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./392", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./392/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./392/binderfs") = 0 umount2("./392/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./392/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./392/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x55557f632690) = 5892 [pid 5892] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5892] chdir("./393") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] write(1, "executing program\n", 18executing program ) = 18 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5892] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5893 attached => {parent_tid=[5893]}, 88) = 5893 [pid 5893] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] <... rseq resumed>) = 0 [pid 5893] set_robust_list(0x7f2454d0d9a0, 24 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] <... set_robust_list resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5893] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5893] munmap(0x7f244c800000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file2", 0777) = 0 [pid 5893] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5893] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file2") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5893] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... openat resumed>) = 4 [ 233.998532][ T5893] loop0: detected capacity change from 0 to 4096 [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... openat resumed>) = 5 [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... write resumed>) = 1036288 [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... futex resumed>) = 1 [pid 5893] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5893] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5892] exit_group(0) = ? [pid 5893] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./393", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./393/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./393/binderfs") = 0 umount2("./393/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./393/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./393/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached , child_tidptr=0x55557f632690) = 5894 [pid 5894] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5894] chdir("./394") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] write(1, "executing program\n", 18executing program ) = 18 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5894] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5894] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] <... rseq resumed>) = 0 [pid 5895] set_robust_list(0x7f2454d0d9a0, 24 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5895] munmap(0x7f244c800000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file2", 0777) = 0 [pid 5895] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5895] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file2") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [ 234.430146][ T5895] loop0: detected capacity change from 0 to 4096 [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... openat resumed>) = 4 [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5895] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5895] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... openat resumed>) = 5 [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5895] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... write resumed>) = 1036288 [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5895] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5894] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... mmap resumed>) = 0x20000000 [pid 5895] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] exit_group(0 [pid 5895] <... futex resumed>) = ? [pid 5894] <... exit_group resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./394", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./394/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./394/binderfs") = 0 umount2("./394/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./394/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./394/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5896 ./strace-static-x86_64: Process 5896 attached [pid 5896] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5896] chdir("./395") = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] write(1, "executing program\n", 18executing program ) = 18 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5896] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5897 attached [pid 5897] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5896] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] set_robust_list(0x7f2454d0d9a0, 24 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] <... set_robust_list resumed>) = 0 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5897] munmap(0x7f244c800000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file2", 0777) = 0 [pid 5897] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5897] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file2") = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 234.897185][ T5897] loop0: detected capacity change from 0 to 4096 [pid 5897] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... openat resumed>) = 4 [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5896] <... futex resumed>) = 1 [pid 5897] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5897] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... openat resumed>) = 5 [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... write resumed>) = 1036288 [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5896] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... mmap resumed>) = 0x20000000 [pid 5897] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5896] exit_group(0 [pid 5897] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5896] <... exit_group resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./395/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./395/binderfs") = 0 umount2("./395/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./395/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./395/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached , child_tidptr=0x55557f632690) = 5898 [pid 5898] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5898] chdir("./396") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] write(1, "executing program\n", 18executing program ) = 18 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5898] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5899 attached => {parent_tid=[5899]}, 88) = 5899 [pid 5899] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5899] <... rseq resumed>) = 0 [pid 5899] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5899] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5899] munmap(0x7f244c800000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file2", 0777) = 0 [pid 5899] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5899] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file2") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 235.356662][ T5899] loop0: detected capacity change from 0 to 4096 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5899] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... openat resumed>) = 4 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5899] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... write resumed>) = 1036288 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5898] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... mmap resumed>) = 0x20000000 [pid 5899] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] exit_group(0 [pid 5899] <... futex resumed>) = ? [pid 5898] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./396", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./396/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./396/binderfs") = 0 umount2("./396/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./396/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./396/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached [pid 5900] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5900 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5900] chdir("./397") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] write(1, "executing program\n", 18executing program ) = 18 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5900] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5901 attached [pid 5901] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5900] <... clone3 resumed> => {parent_tid=[5901]}, 88) = 5901 [pid 5901] <... rseq resumed>) = 0 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] set_robust_list(0x7f2454d0d9a0, 24 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5901] munmap(0x7f244c800000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file2", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5901] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 235.776334][ T5901] loop0: detected capacity change from 0 to 4096 [pid 5901] chdir("./file2") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = 1 [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... write resumed>) = 1036288 [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5901] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5900] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... mmap resumed>) = 0x20000000 [pid 5901] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] exit_group(0 [pid 5901] <... futex resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5900] <... exit_group resumed>) = ? [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./397", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./397/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./397/binderfs") = 0 umount2("./397/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./397/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./397/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached , child_tidptr=0x55557f632690) = 5902 [pid 5902] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5902] chdir("./398") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] write(1, "executing program\n", 18executing program ) = 18 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5902] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5902] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5902] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] <... rseq resumed>) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] set_robust_list(0x7f2454d0d9a0, 24 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5903] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5903] munmap(0x7f244c800000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file2", 0777) = 0 [pid 5903] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5903] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file2") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [ 236.269902][ T5903] loop0: detected capacity change from 0 to 4096 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5903] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5903] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... openat resumed>) = 5 [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5903] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... write resumed>) = 1036288 [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5903] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5902] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... mmap resumed>) = 0x20000000 [pid 5903] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5902] <... exit_group resumed>) = ? [pid 5902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./398", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./398/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./398/binderfs") = 0 umount2("./398/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./398/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./398/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x55557f632690) = 5904 [pid 5904] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5904] chdir("./399") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5904] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5904] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] set_robust_list(0x7f2454d0d9a0, 24 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... set_robust_list resumed>) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5905] memfd_create("syzkaller", 0 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5905] <... memfd_create resumed>) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5905] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5905] munmap(0x7f244c800000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./file2", 0777) = 0 [ 236.750921][ T5905] loop0: detected capacity change from 0 to 4096 [pid 5905] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5905] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file2") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... openat resumed>) = 4 [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... openat resumed>) = 5 [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... write resumed>) = 1036288 [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5905] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5904] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... mmap resumed>) = 0x20000000 [pid 5905] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0 [pid 5905] <... futex resumed>) = ? [pid 5904] <... exit_group resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./399", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./399/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./399/binderfs") = 0 umount2("./399/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./399/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./399/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached , child_tidptr=0x55557f632690) = 5906 [pid 5906] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5906] chdir("./400") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5906] write(1, "executing program\n", 18) = 18 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5906] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5906] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] <... rseq resumed>) = 0 [pid 5907] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5907] munmap(0x7f244c800000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file2", 0777) = 0 [pid 5907] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5907] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file2") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 237.221423][ T5907] loop0: detected capacity change from 0 to 4096 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... openat resumed>) = 4 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5907] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5907] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5906] <... futex resumed>) = 1 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... openat resumed>) = 5 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5907] <... futex resumed>) = 1 [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... write resumed>) = 1036288 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5906] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... mmap resumed>) = 0x20000000 [pid 5907] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] exit_group(0 [pid 5907] <... futex resumed>) = ? [pid 5906] <... exit_group resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./400", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./400/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./400/binderfs") = 0 umount2("./400/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./400/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./400/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached , child_tidptr=0x55557f632690) = 5908 [pid 5908] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5908] chdir("./401") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18executing program ) = 18 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5908] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5909] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5908] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] memfd_create("syzkaller", 0 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5909] munmap(0x7f244c800000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file2", 0777) = 0 [pid 5909] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5909] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file2") = 0 [ 237.671957][ T5909] loop0: detected capacity change from 0 to 4096 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... openat resumed>) = 4 [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... openat resumed>) = 5 [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... write resumed>) = 1036288 [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5908] <... futex resumed>) = 1 [pid 5908] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... mmap resumed>) = 0x20000000 [pid 5909] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... futex resumed>) = 0 [pid 5908] exit_group(0 [pid 5909] <... futex resumed>) = ? [pid 5908] <... exit_group resumed>) = ? [pid 5909] +++ exited with 0 +++ [pid 5908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./401", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./401/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./401/binderfs") = 0 umount2("./401/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./401/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./401/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5910 [pid 5910] chdir("./402") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] write(1, "executing program\n", 18executing program ) = 18 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5910] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5911 attached [pid 5911] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5910] <... clone3 resumed> => {parent_tid=[5911]}, 88) = 5911 [pid 5911] set_robust_list(0x7f2454d0d9a0, 24 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... set_robust_list resumed>) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5911] munmap(0x7f244c800000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file2", 0777) = 0 [pid 5911] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5911] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file2") = 0 [ 238.066707][ T5911] loop0: detected capacity change from 0 to 4096 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... openat resumed>) = 5 [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... write resumed>) = 1036288 [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... mmap resumed>) = 0x20000000 [pid 5911] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0 [pid 5911] <... futex resumed>) = ? [pid 5910] <... exit_group resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./402", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./402/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./402/binderfs") = 0 umount2("./402/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./402/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./402/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached , child_tidptr=0x55557f632690) = 5912 [pid 5912] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5912] chdir("./403") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] write(1, "executing program\n", 18executing program ) = 18 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5912] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5913 attached => {parent_tid=[5913]}, 88) = 5913 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5913] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5913] munmap(0x7f244c800000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file2", 0777) = 0 [ 238.503474][ T5913] loop0: detected capacity change from 0 to 4096 [pid 5913] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./file2") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 0 [pid 5913] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] <... futex resumed>) = 0 [pid 5913] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] <... futex resumed>) = 0 [pid 5913] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... openat resumed>) = 5 [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... write resumed>) = 1036288 [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] <... futex resumed>) = 0 [pid 5913] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5912] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... mmap resumed>) = 0x20000000 [pid 5913] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] exit_group(0 [pid 5913] <... futex resumed>) = ? [pid 5912] <... exit_group resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./403", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./403/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./403/binderfs") = 0 umount2("./403/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./403/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./403/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached , child_tidptr=0x55557f632690) = 5914 [pid 5914] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5914] chdir("./404") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] write(1, "executing program\n", 18executing program ) = 18 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5914] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5914] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5915] <... rseq resumed>) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5915] munmap(0x7f244c800000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file2", 0777) = 0 [pid 5915] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5915] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 238.963172][ T5915] loop0: detected capacity change from 0 to 4096 [pid 5915] chdir("./file2") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5915] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... openat resumed>) = 4 [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5915] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] <... futex resumed>) = 0 [pid 5915] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5915] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... openat resumed>) = 5 [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5915] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5915] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... write resumed>) = 1036288 [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 0 [pid 5915] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5915] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5914] exit_group(0 [pid 5915] <... futex resumed>) = ? [pid 5914] <... exit_group resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./404", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./404/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./404/binderfs") = 0 umount2("./404/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./404/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./404/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5916] chdir("./405") = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5916 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5916] write(1, "executing program\n", 18executing program ) = 18 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5916] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5917 attached => {parent_tid=[5917]}, 88) = 5917 [pid 5917] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] set_robust_list(0x7f2454d0d9a0, 24 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... futex resumed>) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5917] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5917] munmap(0x7f244c800000, 138412032) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] close(4) = 0 [pid 5917] mkdir("./file2", 0777) = 0 [pid 5917] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [ 239.435952][ T5917] loop0: detected capacity change from 0 to 4096 [pid 5917] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file2") = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5917] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... openat resumed>) = 4 [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5917] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5916] <... futex resumed>) = 1 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... openat resumed>) = 5 [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [pid 5917] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... write resumed>) = 1036288 [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... mmap resumed>) = 0x20000000 [pid 5917] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5916] exit_group(0 [pid 5917] +++ exited with 0 +++ [pid 5916] <... exit_group resumed>) = ? [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./405", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./405/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./405/binderfs") = 0 umount2("./405/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./405/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./405/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached , child_tidptr=0x55557f632690) = 5918 [pid 5918] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5918] chdir("./406") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5918] write(1, "executing program\n", 18) = 18 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5918] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5919 attached [pid 5919] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5918] <... clone3 resumed> => {parent_tid=[5919]}, 88) = 5919 [pid 5919] <... rseq resumed>) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] set_robust_list(0x7f2454d0d9a0, 24 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... futex resumed>) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5919] munmap(0x7f244c800000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file2", 0777) = 0 [pid 5919] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5919] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file2") = 0 [ 239.899988][ T5919] loop0: detected capacity change from 0 to 4096 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... openat resumed>) = 4 [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... openat resumed>) = 5 [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... write resumed>) = 1036288 [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5919] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5918] exit_group(0) = ? [pid 5919] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./406", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./406/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./406/binderfs") = 0 umount2("./406/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./406/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./406/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached , child_tidptr=0x55557f632690) = 5920 [pid 5920] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5920] chdir("./407") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5920] write(1, "executing program\n", 18) = 18 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5920] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5921 attached [pid 5921] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5920] <... clone3 resumed> => {parent_tid=[5921]}, 88) = 5921 [pid 5921] <... rseq resumed>) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] set_robust_list(0x7f2454d0d9a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] <... futex resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5921] munmap(0x7f244c800000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file2", 0777) = 0 [pid 5921] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5921] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 240.372709][ T5921] loop0: detected capacity change from 0 to 4096 [pid 5921] chdir("./file2") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 4 [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5921] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 5 [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5921] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... write resumed>) = 1036288 [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... mmap resumed>) = 0x20000000 [pid 5921] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5920] exit_group(0 [pid 5921] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5921] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./407", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./407/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./407/binderfs") = 0 umount2("./407/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./407/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./407/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached , child_tidptr=0x55557f632690) = 5922 [pid 5922] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5922] chdir("./408") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5922] write(1, "executing program\n", 18executing program ) = 18 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5922] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5922] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... rseq resumed>) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5923] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5923] munmap(0x7f244c800000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] close(4) = 0 [pid 5923] mkdir("./file2", 0777) = 0 [pid 5923] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5923] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file2") = 0 [ 240.859745][ T5923] loop0: detected capacity change from 0 to 4096 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5923] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] <... futex resumed>) = 0 [pid 5923] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... openat resumed>) = 4 [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5923] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5923] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5923] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... openat resumed>) = 5 [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... write resumed>) = 1036288 [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5922] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5922] <... futex resumed>) = 0 [pid 5923] <... mmap resumed>) = 0x20000000 [pid 5922] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] exit_group(0 [pid 5923] <... futex resumed>) = ? [pid 5922] <... exit_group resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./408", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./408/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./408/binderfs") = 0 umount2("./408/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./408/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./408/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5924] chdir("./409" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5924 [pid 5924] <... chdir resumed>) = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] write(1, "executing program\n", 18executing program ) = 18 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5924] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5925 attached [pid 5925] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5924] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] <... rseq resumed>) = 0 [pid 5925] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5925] munmap(0x7f244c800000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file2", 0777) = 0 [pid 5925] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5925] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 241.305556][ T5925] loop0: detected capacity change from 0 to 4096 [pid 5925] chdir("./file2") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5924] <... futex resumed>) = 0 [pid 5925] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5925] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... openat resumed>) = 5 [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 0 [pid 5925] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5925] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5924] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mmap resumed>) = 0x20000000 [pid 5925] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] exit_group(0) = ? [pid 5925] <... futex resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./409", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./409/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./409/binderfs") = 0 umount2("./409/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./409/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./409/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x55557f632690) = 5926 [pid 5926] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5926] chdir("./410") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5926] write(1, "executing program\n", 18) = 18 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5926] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5926] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] set_robust_list(0x7f2454d0d9a0, 24 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5927] munmap(0x7f244c800000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./file2", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5927] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file2") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 241.744300][ T5927] loop0: detected capacity change from 0 to 4096 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5927] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... openat resumed>) = 4 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5926] <... futex resumed>) = 0 [pid 5927] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5927] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... openat resumed>) = 5 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... write resumed>) = 1036288 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5926] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5927] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = 0 [pid 5926] exit_group(0 [pid 5927] <... futex resumed>) = ? [pid 5926] <... exit_group resumed>) = ? [pid 5927] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./410", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./410/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./410/binderfs") = 0 umount2("./410/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./410/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./410/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5928 ./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5928] chdir("./411") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5928] write(1, "executing program\n", 18) = 18 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5928] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5929 attached => {parent_tid=[5929]}, 88) = 5929 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5929] <... rseq resumed>) = 0 [pid 5929] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5929] munmap(0x7f244c800000, 138412032) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file2", 0777) = 0 [pid 5929] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5929] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file2") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 242.243842][ T5929] loop0: detected capacity change from 0 to 4096 [pid 5929] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5929] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... openat resumed>) = 5 [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5929] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... write resumed>) = 1036288 [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5929] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5928] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... mmap resumed>) = 0x20000000 [pid 5929] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] exit_group(0 [pid 5929] <... futex resumed>) = ? [pid 5928] <... exit_group resumed>) = ? [pid 5929] +++ exited with 0 +++ [pid 5928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./411", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./411/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./411/binderfs") = 0 umount2("./411/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./411/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./411/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x55557f632690) = 5930 [pid 5930] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5930] chdir("./412") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5930] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5931 attached => {parent_tid=[5931]}, 88) = 5931 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] set_robust_list(0x7f2454d0d9a0, 24 [pid 5930] <... futex resumed>) = 0 [pid 5931] <... set_robust_list resumed>) = 0 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5931] munmap(0x7f244c800000, 138412032) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5931] close(3) = 0 [pid 5931] close(4) = 0 [pid 5931] mkdir("./file2", 0777) = 0 [pid 5931] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5931] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./file2") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 242.676616][ T5931] loop0: detected capacity change from 0 to 4096 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... openat resumed>) = 4 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5931] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... openat resumed>) = 5 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5930] <... futex resumed>) = 0 [pid 5931] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... write resumed>) = 1036288 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5930] <... futex resumed>) = 0 [pid 5931] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5930] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... mmap resumed>) = 0x20000000 [pid 5931] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] exit_group(0) = ? [pid 5931] <... futex resumed>) = ? [pid 5931] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./412", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./412/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./412/binderfs") = 0 umount2("./412/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./412/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./412/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached , child_tidptr=0x55557f632690) = 5932 [pid 5932] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5932] chdir("./413") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] write(1, "executing program\n", 18executing program ) = 18 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5932] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5932] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] <... rseq resumed>) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5933] set_robust_list(0x7f2454d0d9a0, 24 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... futex resumed>) = 0 [pid 5933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5933] munmap(0x7f244c800000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./file2", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5933] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 243.079980][ T5933] loop0: detected capacity change from 0 to 4096 [pid 5933] chdir("./file2") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 0 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... futex resumed>) = 0 [pid 5933] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5933] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5932] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5933] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5932] exit_group(0 [pid 5933] <... futex resumed>) = ? [pid 5932] <... exit_group resumed>) = ? [pid 5933] +++ exited with 0 +++ [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./413/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./413/binderfs") = 0 umount2("./413/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./413/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./413/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached , child_tidptr=0x55557f632690) = 5934 [pid 5934] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5934] chdir("./414") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] write(1, "executing program\n", 18executing program ) = 18 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5934] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5935 attached => {parent_tid=[5935]}, 88) = 5935 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] set_robust_list(0x7f2454d0d9a0, 24 [pid 5934] <... futex resumed>) = 0 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] memfd_create("syzkaller", 0) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5935] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5935] munmap(0x7f244c800000, 138412032) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5935] close(3) = 0 [pid 5935] close(4) = 0 [pid 5935] mkdir("./file2", 0777) = 0 [pid 5935] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5935] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5935] chdir("./file2") = 0 [ 243.537758][ T5935] loop0: detected capacity change from 0 to 4096 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = 1 [pid 5935] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... openat resumed>) = 4 [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = 1 [pid 5935] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... openat resumed>) = 5 [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5935] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... write resumed>) = 1036288 [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... futex resumed>) = 0 [pid 5935] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5935] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5934] exit_group(0 [pid 5935] <... futex resumed>) = ? [pid 5934] <... exit_group resumed>) = ? [pid 5935] +++ exited with 0 +++ [pid 5934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./414", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./414/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./414/binderfs") = 0 umount2("./414/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./414/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./414/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached [pid 5936] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5936 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5936] chdir("./415") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5936] write(1, "executing program\n", 18) = 18 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5936] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5936] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5937 attached => {parent_tid=[5937]}, 88) = 5937 [pid 5937] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] <... rseq resumed>) = 0 [pid 5937] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5937] munmap(0x7f244c800000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file2", 0777) = 0 [pid 5937] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5937] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./file2") = 0 [ 244.001301][ T5937] loop0: detected capacity change from 0 to 4096 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... openat resumed>) = 4 [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5936] <... futex resumed>) = 0 [pid 5937] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5937] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... openat resumed>) = 5 [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] <... futex resumed>) = 0 [pid 5937] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... write resumed>) = 1036288 [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... mmap resumed>) = 0x20000000 [pid 5937] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] exit_group(0 [pid 5937] <... futex resumed>) = ? [pid 5936] <... exit_group resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./415", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./415/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./415/binderfs") = 0 umount2("./415/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./415/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./415/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5938 ./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5938] chdir("./416") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] write(1, "executing program\n", 18executing program ) = 18 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5938] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5939] set_robust_list(0x7f2454d0d9a0, 24 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5939] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5939] munmap(0x7f244c800000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./file2", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5939] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 244.453050][ T5939] loop0: detected capacity change from 0 to 4096 [pid 5939] chdir("./file2") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5939] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 4 [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5939] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 5 [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = 0 [pid 5939] <... futex resumed>) = 1 [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... write resumed>) = 1036288 [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5938] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... mmap resumed>) = 0x20000000 [pid 5939] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] exit_group(0 [pid 5939] <... futex resumed>) = ? [pid 5939] +++ exited with 0 +++ [pid 5938] <... exit_group resumed>) = ? [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./416", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./416/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./416/binderfs") = 0 umount2("./416/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./416/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./416/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached [pid 5940] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5940] chdir("./417" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5940 [pid 5940] <... chdir resumed>) = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5940] write(1, "executing program\n", 18executing program ) = 18 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5940] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5940] <... clone3 resumed> => {parent_tid=[5941]}, 88) = 5941 [pid 5941] set_robust_list(0x7f2454d0d9a0, 24 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... set_robust_list resumed>) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5941] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5941] munmap(0x7f244c800000, 138412032) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] close(4) = 0 [pid 5941] mkdir("./file2", 0777) = 0 [pid 5941] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5941] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./file2") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5940] <... futex resumed>) = 0 [ 244.915613][ T5941] loop0: detected capacity change from 0 to 4096 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... openat resumed>) = 4 [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5941] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5941] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5941] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5941] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5941] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... write resumed>) = 1036288 [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5940] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... mmap resumed>) = 0x20000000 [pid 5941] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5940] exit_group(0) = ? [pid 5941] <... futex resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./417/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./417/binderfs") = 0 umount2("./417/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./417/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./417/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5942 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5942] chdir("./418") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] write(1, "executing program\n", 18executing program ) = 18 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5942] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] <... rseq resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] set_robust_list(0x7f2454d0d9a0, 24 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5943] munmap(0x7f244c800000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./file2", 0777) = 0 [ 245.385348][ T5943] loop0: detected capacity change from 0 to 4096 [pid 5943] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5943] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./file2") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... openat resumed>) = 5 [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5943] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5942] <... futex resumed>) = 1 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... write resumed>) = 1036288 [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... mmap resumed>) = 0x20000000 [pid 5943] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] exit_group(0 [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] <... exit_group resumed>) = ? [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./418", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./418/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./418/binderfs") = 0 umount2("./418/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./418/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./418/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached [pid 5944] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5944] chdir("./419" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5944 [pid 5944] <... chdir resumed>) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5944] write(1, "executing program\n", 18) = 18 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5944] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5945 attached [pid 5945] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5944] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5945] set_robust_list(0x7f2454d0d9a0, 24 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5945] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5945] munmap(0x7f244c800000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file2", 0777) = 0 [pid 5945] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5945] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file2") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 245.840887][ T5945] loop0: detected capacity change from 0 to 4096 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5945] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5945] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... openat resumed>) = 5 [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... write resumed>) = 1036288 [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5944] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... mmap resumed>) = 0x20000000 [pid 5945] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./419", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./419/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./419/binderfs") = 0 umount2("./419/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./419/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./419/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x55557f632690) = 5946 [pid 5946] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5946] chdir("./420") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] write(1, "executing program\n", 18executing program ) = 18 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5946] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5947 attached [pid 5947] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5946] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5947] <... rseq resumed>) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] set_robust_list(0x7f2454d0d9a0, 24 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... futex resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] <... memfd_create resumed>) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5947] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5947] munmap(0x7f244c800000, 138412032) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./file2", 0777) = 0 [pid 5947] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5947] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file2") = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5947] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 246.260210][ T5947] loop0: detected capacity change from 0 to 4096 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... openat resumed>) = 4 [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5947] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... openat resumed>) = 5 [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5947] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... write resumed>) = 1036288 [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5947] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5946] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... mmap resumed>) = 0x20000000 [pid 5947] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] exit_group(0 [pid 5947] <... futex resumed>) = ? [pid 5946] <... exit_group resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./420", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./420/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./420/binderfs") = 0 umount2("./420/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./420/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./420/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5948 [pid 5948] chdir("./421") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18executing program ) = 18 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5948] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5949 attached => {parent_tid=[5949]}, 88) = 5949 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... rseq resumed>) = 0 [pid 5949] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5949] munmap(0x7f244c800000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file2", 0777) = 0 [pid 5949] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5949] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file2") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [ 246.743100][ T5949] loop0: detected capacity change from 0 to 4096 [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... openat resumed>) = 4 [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5948] <... futex resumed>) = 0 [pid 5949] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... futex resumed>) = 0 [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... openat resumed>) = 5 [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5949] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... write resumed>) = 1036288 [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5949] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5948] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... mmap resumed>) = 0x20000000 [pid 5949] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] exit_group(0 [pid 5949] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./421", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./421/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./421/binderfs") = 0 umount2("./421/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./421/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./421/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached , child_tidptr=0x55557f632690) = 5950 [pid 5950] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5950] chdir("./422") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5950] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5950] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] <... rseq resumed>) = 0 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] set_robust_list(0x7f2454d0d9a0, 24 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5951] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5951] munmap(0x7f244c800000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./file2", 0777) = 0 [pid 5951] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5951] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./file2") = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [ 247.230277][ T5951] loop0: detected capacity change from 0 to 4096 [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... openat resumed>) = 4 [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5951] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5951] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] <... futex resumed>) = 0 [pid 5951] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... openat resumed>) = 5 [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5951] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... write resumed>) = 1036288 [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5951] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5950] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... mmap resumed>) = 0x20000000 [pid 5951] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... futex resumed>) = 0 [pid 5950] exit_group(0 [pid 5951] <... futex resumed>) = ? [pid 5950] <... exit_group resumed>) = ? [pid 5951] +++ exited with 0 +++ [pid 5950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./422", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./422/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./422/binderfs") = 0 umount2("./422/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./422/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./422/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./422/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5952 attached , child_tidptr=0x55557f632690) = 5952 [pid 5952] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5952] chdir("./423") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5952] write(1, "executing program\n", 18executing program ) = 18 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5952] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5953 attached [pid 5953] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5953] set_robust_list(0x7f2454d0d9a0, 24 [pid 5952] <... clone3 resumed> => {parent_tid=[5953]}, 88) = 5953 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5953] <... memfd_create resumed>) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5953] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5953] munmap(0x7f244c800000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./file2", 0777) = 0 [pid 5953] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5953] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./file2") = 0 [ 247.690518][ T5953] loop0: detected capacity change from 0 to 4096 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... openat resumed>) = 4 [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5952] <... futex resumed>) = 0 [pid 5953] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... openat resumed>) = 5 [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... write resumed>) = 1036288 [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mmap resumed>) = 0x20000000 [pid 5953] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] exit_group(0 [pid 5953] <... futex resumed>) = ? [pid 5952] <... exit_group resumed>) = ? [pid 5953] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./423", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./423/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./423/binderfs") = 0 umount2("./423/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./423/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./423/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./423/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached , child_tidptr=0x55557f632690) = 5954 [pid 5954] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5954] chdir("./424") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5954] write(1, "executing program\n", 18) = 18 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5954] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5955 attached [pid 5955] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5955] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] <... clone3 resumed> => {parent_tid=[5955]}, 88) = 5955 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5955] memfd_create("syzkaller", 0 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] <... memfd_create resumed>) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5955] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5955] munmap(0x7f244c800000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] close(4) = 0 [pid 5955] mkdir("./file2", 0777) = 0 [pid 5955] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5955] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file2") = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [ 248.213230][ T5955] loop0: detected capacity change from 0 to 4096 [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... openat resumed>) = 4 [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5955] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] <... futex resumed>) = 0 [pid 5955] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... openat resumed>) = 5 [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... write resumed>) = 1036288 [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... mmap resumed>) = 0x20000000 [pid 5955] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] exit_group(0) = ? [pid 5955] <... futex resumed>) = ? [pid 5955] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./424", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./424/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./424/binderfs") = 0 umount2("./424/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./424/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./424/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached , child_tidptr=0x55557f632690) = 5956 [pid 5956] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5956] chdir("./425") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] write(1, "executing program\n", 18executing program ) = 18 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5956] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5957 attached => {parent_tid=[5957]}, 88) = 5957 [pid 5957] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5957] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5957] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 1 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5957] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5957] munmap(0x7f244c800000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file2", 0777) = 0 [pid 5957] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5957] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file2") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 248.691452][ T5957] loop0: detected capacity change from 0 to 4096 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5957] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... openat resumed>) = 4 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5957] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... openat resumed>) = 5 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... write resumed>) = 1036288 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5957] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5956] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... mmap resumed>) = 0x20000000 [pid 5957] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] exit_group(0 [pid 5957] <... futex resumed>) = ? [pid 5957] +++ exited with 0 +++ [pid 5956] <... exit_group resumed>) = ? [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./425", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./425/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./425/binderfs") = 0 umount2("./425/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./425/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./425/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached , child_tidptr=0x55557f632690) = 5958 [pid 5958] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5958] chdir("./426") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5958] write(1, "executing program\n", 18executing program ) = 18 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5958] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5959 attached [pid 5959] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5958] <... clone3 resumed> => {parent_tid=[5959]}, 88) = 5959 [pid 5959] <... rseq resumed>) = 0 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] set_robust_list(0x7f2454d0d9a0, 24 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] <... set_robust_list resumed>) = 0 [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] <... futex resumed>) = 0 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] memfd_create("syzkaller", 0) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5959] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5959] munmap(0x7f244c800000, 138412032) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5959] close(3) = 0 [pid 5959] close(4) = 0 [pid 5959] mkdir("./file2", 0777) = 0 [pid 5959] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5959] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5959] chdir("./file2") = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 249.119071][ T5959] loop0: detected capacity change from 0 to 4096 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5958] <... futex resumed>) = 0 [pid 5959] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... openat resumed>) = 4 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5959] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5958] <... futex resumed>) = 0 [pid 5959] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... openat resumed>) = 5 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5959] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... write resumed>) = 1036288 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5959] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5958] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... mmap resumed>) = 0x20000000 [pid 5959] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5959] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] exit_group(0 [pid 5959] <... futex resumed>) = ? [pid 5958] <... exit_group resumed>) = ? [pid 5959] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./426", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./426/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./426/binderfs") = 0 umount2("./426/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./426/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./426/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5960 attached , child_tidptr=0x55557f632690) = 5960 [pid 5960] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5960] chdir("./427") = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5960] setpgid(0, 0) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5960] write(3, "1000", 4) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5960] write(1, "executing program\n", 18) = 18 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5960] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5961 attached => {parent_tid=[5961]}, 88) = 5961 [pid 5961] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] set_robust_list(0x7f2454d0d9a0, 24 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] <... futex resumed>) = 0 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5961] memfd_create("syzkaller", 0) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5961] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5961] munmap(0x7f244c800000, 138412032) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5961] close(3) = 0 [pid 5961] close(4) = 0 [pid 5961] mkdir("./file2", 0777) = 0 [pid 5961] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5961] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./file2") = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5960] <... futex resumed>) = 1 [pid 5961] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... openat resumed>) = 4 [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5961] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 249.610237][ T5961] loop0: detected capacity change from 0 to 4096 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5960] <... futex resumed>) = 1 [pid 5961] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... write resumed>) = 1036288 [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5961] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] <... futex resumed>) = 0 [pid 5961] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5960] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... mmap resumed>) = 0x20000000 [pid 5961] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] <... futex resumed>) = 0 [pid 5960] exit_group(0 [pid 5961] <... futex resumed>) = ? [pid 5960] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- umount2("./427", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./427/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./427/binderfs") = 0 umount2("./427/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./427/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./427/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x55557f632690) = 5962 [pid 5962] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5962] chdir("./428") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5962] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] <... rseq resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] set_robust_list(0x7f2454d0d9a0, 24 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5963] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5963] munmap(0x7f244c800000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./file2", 0777) = 0 [pid 5963] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5963] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 250.060560][ T5963] loop0: detected capacity change from 0 to 4096 [pid 5963] chdir("./file2") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... openat resumed>) = 4 [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5962] <... futex resumed>) = 0 [pid 5963] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... openat resumed>) = 5 [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5962] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... mmap resumed>) = 0x20000000 [pid 5963] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] exit_group(0 [pid 5963] <... futex resumed>) = ? [pid 5962] <... exit_group resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./428", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./428/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./428/binderfs") = 0 umount2("./428/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./428/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./428/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x55557f632690) = 5964 [pid 5964] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5964] chdir("./429") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5964] write(1, "executing program\n", 18) = 18 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5964] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5965 attached => {parent_tid=[5965]}, 88) = 5965 [pid 5965] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] set_robust_list(0x7f2454d0d9a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... set_robust_list resumed>) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5965] munmap(0x7f244c800000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file2", 0777) = 0 [pid 5965] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5965] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file2") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [ 250.522011][ T5965] loop0: detected capacity change from 0 to 4096 [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... openat resumed>) = 4 [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5964] <... futex resumed>) = 0 [pid 5965] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... openat resumed>) = 5 [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... write resumed>) = 1036288 [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5964] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5965] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5964] exit_group(0 [pid 5965] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5964] <... exit_group resumed>) = ? [pid 5965] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./429", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./429/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./429/binderfs") = 0 umount2("./429/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./429/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./429/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached , child_tidptr=0x55557f632690) = 5966 [pid 5966] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5966] chdir("./430") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5966] write(1, "executing program\n", 18) = 18 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5966] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5967 attached => {parent_tid=[5967]}, 88) = 5967 [pid 5967] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5967] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5967] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5967] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5967] munmap(0x7f244c800000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4) = 0 [pid 5967] mkdir("./file2", 0777) = 0 [ 250.942390][ T5967] loop0: detected capacity change from 0 to 4096 [pid 5967] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5967] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./file2") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5967] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 4 [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 0 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5967] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 5 [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... write resumed>) = 1036288 [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5967] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5966] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... mmap resumed>) = 0x20000000 [pid 5967] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] exit_group(0 [pid 5967] <... futex resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./430", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./430/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./430/binderfs") = 0 umount2("./430/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./430/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./430/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached , child_tidptr=0x55557f632690) = 5968 [pid 5968] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5968] chdir("./431") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5968] write(1, "executing program\n", 18executing program ) = 18 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5968] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5969] set_robust_list(0x7f2454d0d9a0, 24 [pid 5968] <... clone3 resumed> => {parent_tid=[5969]}, 88) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5969] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5969] munmap(0x7f244c800000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./file2", 0777) = 0 [pid 5969] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5969] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 251.452800][ T5969] loop0: detected capacity change from 0 to 4096 [pid 5969] chdir("./file2") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5968] <... futex resumed>) = 1 [pid 5969] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... openat resumed>) = 4 [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5968] <... futex resumed>) = 0 [pid 5969] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... openat resumed>) = 5 [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... write resumed>) = 1036288 [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] <... futex resumed>) = 0 [pid 5969] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5968] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... mmap resumed>) = 0x20000000 [pid 5969] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] <... futex resumed>) = 0 [pid 5968] exit_group(0 [pid 5969] <... futex resumed>) = ? [pid 5968] <... exit_group resumed>) = ? [pid 5969] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./431", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./431/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./431/binderfs") = 0 umount2("./431/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./431/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./431/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5970 ./strace-static-x86_64: Process 5970 attached [pid 5970] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5970] chdir("./432") = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] setpgid(0, 0) = 0 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5970] close(3) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5970] write(1, "executing program\n", 18) = 18 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5970] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5971 attached [pid 5971] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5970] <... clone3 resumed> => {parent_tid=[5971]}, 88) = 5971 [pid 5971] <... rseq resumed>) = 0 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] set_robust_list(0x7f2454d0d9a0, 24 [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5971] <... set_robust_list resumed>) = 0 [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... futex resumed>) = 0 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5971] memfd_create("syzkaller", 0) = 3 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5971] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5971] munmap(0x7f244c800000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] close(4) = 0 [pid 5971] mkdir("./file2", 0777) = 0 [pid 5971] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5971] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./file2") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [ 251.926160][ T5971] loop0: detected capacity change from 0 to 4096 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5971] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5970] <... futex resumed>) = 0 [pid 5971] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... openat resumed>) = 5 [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5970] <... futex resumed>) = 0 [pid 5971] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... write resumed>) = 1036288 [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5971] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... mmap resumed>) = 0x20000000 [pid 5971] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] exit_group(0 [pid 5971] <... futex resumed>) = ? [pid 5970] <... exit_group resumed>) = ? [pid 5971] +++ exited with 0 +++ [pid 5970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./432", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./432/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./432/binderfs") = 0 umount2("./432/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./432/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./432/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5972 ./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5972] chdir("./433") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5972] write(1, "executing program\n", 18executing program ) = 18 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5972] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5973 attached [pid 5973] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5972] <... clone3 resumed> => {parent_tid=[5973]}, 88) = 5973 [pid 5973] <... rseq resumed>) = 0 [pid 5972] rt_sigprocmask(SIG_SETMASK, [], [pid 5973] set_robust_list(0x7f2454d0d9a0, 24 [pid 5972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], [pid 5972] <... futex resumed>) = 0 [pid 5973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5973] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5973] munmap(0x7f244c800000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./file2", 0777) = 0 [pid 5973] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5973] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./file2") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [ 252.390617][ T5973] loop0: detected capacity change from 0 to 4096 [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... openat resumed>) = 4 [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5972] <... futex resumed>) = 1 [pid 5973] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5973] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... openat resumed>) = 5 [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5973] <... futex resumed>) = 1 [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... write resumed>) = 1036288 [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5973] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] <... futex resumed>) = 0 [pid 5973] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5972] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... mmap resumed>) = 0x20000000 [pid 5973] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5973] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] exit_group(0) = ? [pid 5973] <... futex resumed>) = ? [pid 5973] +++ exited with 0 +++ [pid 5972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./433", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./433/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./433/binderfs") = 0 umount2("./433/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./433/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./433/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x55557f632690) = 5974 [pid 5974] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5974] chdir("./434") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] write(1, "executing program\n", 18executing program ) = 18 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5974] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5974] <... clone3 resumed> => {parent_tid=[5975]}, 88) = 5975 [pid 5975] set_robust_list(0x7f2454d0d9a0, 24 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] <... set_robust_list resumed>) = 0 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5975] munmap(0x7f244c800000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./file2", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file2") = 0 [ 252.840162][ T5975] loop0: detected capacity change from 0 to 4096 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5975] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... openat resumed>) = 4 [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = 1 [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5974] <... futex resumed>) = 0 [pid 5975] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5975] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5975] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... write resumed>) = 1036288 [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5975] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5974] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... mmap resumed>) = 0x20000000 [pid 5975] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] exit_group(0 [pid 5975] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./434", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./434/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./434/binderfs") = 0 umount2("./434/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./434/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./434/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached , child_tidptr=0x55557f632690) = 5976 [pid 5976] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5976] chdir("./435") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5976] write(1, "executing program\n", 18) = 18 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5976] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5977 attached [pid 5977] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5976] <... clone3 resumed> => {parent_tid=[5977]}, 88) = 5977 [pid 5977] <... rseq resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] set_robust_list(0x7f2454d0d9a0, 24 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5977] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5977] munmap(0x7f244c800000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file2", 0777) = 0 [pid 5977] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5977] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file2") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5977] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 253.282036][ T5977] loop0: detected capacity change from 0 to 4096 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... openat resumed>) = 4 [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5977] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5977] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... openat resumed>) = 5 [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... write resumed>) = 1036288 [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5977] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5976] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... mmap resumed>) = 0x20000000 [pid 5977] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] exit_group(0 [pid 5977] <... futex resumed>) = ? [pid 5976] <... exit_group resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- umount2("./435", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./435/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./435/binderfs") = 0 umount2("./435/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./435/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./435/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./435/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached [pid 5978] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5978] chdir("./436") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 5978 [pid 5978] <... prctl resumed>) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] write(1, "executing program\n", 18executing program ) = 18 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5978] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5979 attached [pid 5979] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5979] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5979] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] <... clone3 resumed> => {parent_tid=[5979]}, 88) = 5979 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5979] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5979] munmap(0x7f244c800000, 138412032) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] close(4) = 0 [pid 5979] mkdir("./file2", 0777) = 0 [pid 5979] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5979] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./file2") = 0 [ 253.695250][ T5979] loop0: detected capacity change from 0 to 4096 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5979] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5979] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... openat resumed>) = 4 [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5979] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... openat resumed>) = 5 [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 1 [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... write resumed>) = 1036288 [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5979] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5978] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... mmap resumed>) = 0x20000000 [pid 5979] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] exit_group(0 [pid 5979] <... futex resumed>) = ? [pid 5978] <... exit_group resumed>) = ? [pid 5979] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./436", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./436/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./436/binderfs") = 0 umount2("./436/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./436/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./436/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5980 attached , child_tidptr=0x55557f632690) = 5980 [pid 5980] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5980] chdir("./437") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] write(1, "executing program\n", 18executing program ) = 18 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5980] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5981 attached [pid 5981] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5980] <... clone3 resumed> => {parent_tid=[5981]}, 88) = 5981 [pid 5981] set_robust_list(0x7f2454d0d9a0, 24 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], [pid 5981] <... set_robust_list resumed>) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], [pid 5980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5981] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5981] munmap(0x7f244c800000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./file2", 0777) = 0 [pid 5981] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5981] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file2") = 0 [ 254.153016][ T5981] loop0: detected capacity change from 0 to 4096 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... openat resumed>) = 4 [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5980] <... futex resumed>) = 0 [pid 5981] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... openat resumed>) = 5 [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... write resumed>) = 1036288 [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5980] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5981] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... futex resumed>) = 0 [pid 5980] exit_group(0) = ? [pid 5981] <... futex resumed>) = ? [pid 5981] +++ exited with 0 +++ [pid 5980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./437", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./437/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./437/binderfs") = 0 umount2("./437/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./437/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./437/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5982 attached , child_tidptr=0x55557f632690) = 5982 [pid 5982] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5982] chdir("./438") = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5982] write(3, "1000", 4) = 4 [pid 5982] close(3) = 0 [pid 5982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5982] write(1, "executing program\n", 18executing program ) = 18 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5982] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5983 attached [pid 5983] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5982] <... clone3 resumed> => {parent_tid=[5983]}, 88) = 5983 [pid 5983] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] memfd_create("syzkaller", 0 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5983] <... memfd_create resumed>) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5983] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5983] munmap(0x7f244c800000, 138412032) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5983] close(3) = 0 [pid 5983] close(4) = 0 [pid 5983] mkdir("./file2", 0777) = 0 [pid 5983] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5983] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5983] chdir("./file2") = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5983] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = 0 [pid 5983] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 254.645695][ T5983] loop0: detected capacity change from 0 to 4096 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... openat resumed>) = 4 [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5982] <... futex resumed>) = 1 [pid 5983] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... openat resumed>) = 5 [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... write resumed>) = 1036288 [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5982] <... futex resumed>) = 1 [pid 5983] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5982] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... mmap resumed>) = 0x20000000 [pid 5983] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = 0 [pid 5982] exit_group(0 [pid 5983] <... futex resumed>) = ? [pid 5982] <... exit_group resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./438", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./438/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./438/binderfs") = 0 umount2("./438/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./438/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./438/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x55557f632690) = 5984 [pid 5984] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5984] chdir("./439") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] write(1, "executing program\n", 18executing program ) = 18 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5984] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5984] <... clone3 resumed> => {parent_tid=[5985]}, 88) = 5985 [pid 5985] <... rseq resumed>) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] set_robust_list(0x7f2454d0d9a0, 24 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... futex resumed>) = 0 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5985] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5985] munmap(0x7f244c800000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./file2", 0777) = 0 [pid 5985] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5985] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file2") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... openat resumed>) = 4 [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 255.069854][ T5985] loop0: detected capacity change from 0 to 4096 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 0 [pid 5985] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... openat resumed>) = 5 [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... write resumed>) = 1036288 [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5984] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... mmap resumed>) = 0x20000000 [pid 5985] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] exit_group(0 [pid 5985] <... futex resumed>) = ? [pid 5984] <... exit_group resumed>) = ? [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./439", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./439/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./439/binderfs") = 0 umount2("./439/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./439/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./439/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached , child_tidptr=0x55557f632690) = 5986 [pid 5986] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5986] chdir("./440") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5986] write(1, "executing program\n", 18) = 18 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5986] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5987 attached [pid 5987] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5986] <... clone3 resumed> => {parent_tid=[5987]}, 88) = 5987 [pid 5987] set_robust_list(0x7f2454d0d9a0, 24 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] <... set_robust_list resumed>) = 0 [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5987] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5987] munmap(0x7f244c800000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] close(4) = 0 [pid 5987] mkdir("./file2", 0777) = 0 [ 255.509241][ T5987] loop0: detected capacity change from 0 to 4096 [pid 5987] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5987] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./file2") = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... openat resumed>) = 4 [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5987] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] <... openat resumed>) = 5 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5987] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... write resumed>) = 1036288 [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5986] <... futex resumed>) = 0 [pid 5987] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5986] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... mmap resumed>) = 0x20000000 [pid 5987] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] exit_group(0 [pid 5987] <... futex resumed>) = ? [pid 5987] +++ exited with 0 +++ [pid 5986] <... exit_group resumed>) = ? [pid 5986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./440", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./440/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./440/binderfs") = 0 umount2("./440/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./440/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./440/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached , child_tidptr=0x55557f632690) = 5988 [pid 5988] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5988] chdir("./441") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5988] write(1, "executing program\n", 18) = 18 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5988] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5989 attached [pid 5989] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5988] <... clone3 resumed> => {parent_tid=[5989]}, 88) = 5989 [pid 5989] <... rseq resumed>) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] set_robust_list(0x7f2454d0d9a0, 24 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] <... futex resumed>) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5989] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5989] munmap(0x7f244c800000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./file2", 0777) = 0 [ 256.042243][ T5989] loop0: detected capacity change from 0 to 4096 [pid 5989] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5989] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./file2") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... openat resumed>) = 4 [pid 5989] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5988] <... futex resumed>) = 0 [pid 5989] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5989] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5988] futex(0x7f2454dfe6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ccc000 [pid 5988] mprotect(0x7f2454ccd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454cec990, parent_tid=0x7f2454cec990, exit_signal=0, stack=0x7f2454ccc000, stack_size=0x20300, tls=0x7f2454cec6c0}./strace-static-x86_64: Process 5990 attached => {parent_tid=[5990]}, 88) = 5990 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5988] futex(0x7f2454dfe6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f2454dfe6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] rseq(0x7f2454cecfe0, 0x20, 0, 0x53053053) = 0 [pid 5990] set_robust_list(0x7f2454cec9a0, 24) = 0 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5990] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5988] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 256.290654][ T5990] [ 256.293002][ T5990] ====================================================== [ 256.300024][ T5990] WARNING: possible circular locking dependency detected [ 256.307018][ T5990] 6.9.0-next-20240523-syzkaller #0 Not tainted [ 256.313145][ T5990] ------------------------------------------------------ [ 256.320141][ T5990] syz-executor370/5990 is trying to acquire lock: [ 256.326536][ T5990] ffff88806658e0e0 (&ni->ni_lock/4){+.+.}-{3:3}, at: attr_data_get_block+0x444/0x2e10 [ 256.336113][ T5990] [ 256.336113][ T5990] but task is already holding lock: [ 256.343458][ T5990] ffff88802be50b18 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 [ 256.352398][ T5990] [ 256.352398][ T5990] which lock already depends on the new lock. [ 256.352398][ T5990] [ 256.362784][ T5990] [ 256.362784][ T5990] the existing dependency chain (in reverse order) is: [ 256.371781][ T5990] [ 256.371781][ T5990] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 256.379327][ T5990] lock_acquire+0x1ed/0x550 [ 256.384341][ T5990] __might_fault+0xc6/0x120 [ 256.389350][ T5990] _copy_to_user+0x2a/0xb0 [ 256.394282][ T5990] fiemap_fill_next_extent+0x235/0x410 [ 256.400248][ T5990] ni_fiemap+0x100b/0x1230 [ 256.405170][ T5990] ntfs_fiemap+0x132/0x180 [ 256.410092][ T5990] do_vfs_ioctl+0x1c07/0x2e50 [ 256.415274][ T5990] __se_sys_ioctl+0x81/0x170 [ 256.420372][ T5990] do_syscall_64+0xf3/0x230 [ 256.425387][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.431795][ T5990] [ 256.431795][ T5990] -> #0 (&ni->ni_lock/4){+.+.}-{3:3}: [ 256.439341][ T5990] validate_chain+0x18e0/0x5900 [ 256.444704][ T5990] __lock_acquire+0x1346/0x1fd0 [ 256.450061][ T5990] lock_acquire+0x1ed/0x550 [ 256.455071][ T5990] __mutex_lock+0x136/0xd70 [ 256.460086][ T5990] attr_data_get_block+0x444/0x2e10 [ 256.465792][ T5990] ntfs_file_mmap+0x505/0x880 [ 256.470973][ T5990] mmap_region+0xe8f/0x2090 [ 256.475980][ T5990] do_mmap+0x8ad/0xfa0 [ 256.480560][ T5990] vm_mmap_pgoff+0x1dd/0x3d0 [ 256.485654][ T5990] ksys_mmap_pgoff+0x4f1/0x720 [ 256.490923][ T5990] do_syscall_64+0xf3/0x230 [ 256.495933][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.502332][ T5990] [ 256.502332][ T5990] other info that might help us debug this: [ 256.502332][ T5990] [ 256.512543][ T5990] Possible unsafe locking scenario: [ 256.512543][ T5990] [ 256.519976][ T5990] CPU0 CPU1 [ 256.525323][ T5990] ---- ---- [ 256.530668][ T5990] lock(&mm->mmap_lock); [ 256.534986][ T5990] lock(&ni->ni_lock/4); [ 256.541825][ T5990] lock(&mm->mmap_lock); [ 256.548662][ T5990] lock(&ni->ni_lock/4); [ 256.552981][ T5990] [ 256.552981][ T5990] *** DEADLOCK *** [ 256.552981][ T5990] [ 256.561105][ T5990] 1 lock held by syz-executor370/5990: [ 256.566545][ T5990] #0: ffff88802be50b18 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 [ 256.575931][ T5990] [ 256.575931][ T5990] stack backtrace: [ 256.581811][ T5990] CPU: 1 PID: 5990 Comm: syz-executor370 Not tainted 6.9.0-next-20240523-syzkaller #0 [ 256.591337][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 256.601387][ T5990] Call Trace: [ 256.604655][ T5990] [ 256.607573][ T5990] dump_stack_lvl+0x241/0x360 [ 256.612245][ T5990] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.617435][ T5990] ? print_circular_bug+0x130/0x1a0 [ 256.622628][ T5990] check_noncircular+0x36a/0x4a0 [ 256.627564][ T5990] ? __pfx_check_noncircular+0x10/0x10 [ 256.633015][ T5990] ? lockdep_lock+0x123/0x2b0 [ 256.637683][ T5990] ? validate_chain+0x11e/0x5900 [ 256.642609][ T5990] ? __lock_acquire+0x1346/0x1fd0 [ 256.647622][ T5990] validate_chain+0x18e0/0x5900 [ 256.652460][ T5990] ? __pfx_validate_chain+0x10/0x10 [ 256.657652][ T5990] ? __pfx_validate_chain+0x10/0x10 [ 256.662838][ T5990] ? __pfx_validate_chain+0x10/0x10 [ 256.668030][ T5990] ? deref_stack_reg+0x1c7/0x260 [ 256.672958][ T5990] ? mark_lock+0x9a/0x350 [ 256.677273][ T5990] ? look_up_lock_class+0x77/0x160 [ 256.682369][ T5990] ? register_lock_class+0x102/0x980 [ 256.687642][ T5990] ? __pfx_register_lock_class+0x10/0x10 [ 256.693260][ T5990] ? mark_lock+0x9a/0x350 [ 256.697579][ T5990] __lock_acquire+0x1346/0x1fd0 [ 256.702423][ T5990] lock_acquire+0x1ed/0x550 [ 256.706912][ T5990] ? attr_data_get_block+0x444/0x2e10 [ 256.712271][ T5990] ? __pfx_lock_acquire+0x10/0x10 [ 256.717282][ T5990] ? __pfx_lock_acquire+0x10/0x10 [ 256.722290][ T5990] ? __pfx___might_resched+0x10/0x10 [ 256.727564][ T5990] ? __pfx_lock_release+0x10/0x10 [ 256.732573][ T5990] __mutex_lock+0x136/0xd70 [ 256.737065][ T5990] ? attr_data_get_block+0x444/0x2e10 [ 256.742426][ T5990] ? attr_data_get_block+0x34b/0x2e10 [ 256.747783][ T5990] ? attr_data_get_block+0x444/0x2e10 [ 256.753138][ T5990] ? __pfx___mutex_lock+0x10/0x10 [ 256.758149][ T5990] ? __up_read+0x2c2/0x6b0 [ 256.762556][ T5990] ? __pfx___up_read+0x10/0x10 [ 256.767310][ T5990] ? run_lookup_entry+0xb1/0x560 [ 256.772239][ T5990] attr_data_get_block+0x444/0x2e10 [ 256.777421][ T5990] ? __pfx_validate_mm+0x10/0x10 [ 256.782347][ T5990] ? __kasan_slab_alloc+0x66/0x80 [ 256.787361][ T5990] ? kmem_cache_alloc_noprof+0x135/0x2a0 [ 256.792983][ T5990] ? vm_area_alloc+0x10e/0x1d0 [ 256.797732][ T5990] ? __pfx_attr_data_get_block+0x10/0x10 [ 256.803351][ T5990] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.809414][ T5990] ? __asan_memset+0x23/0x50 [ 256.813988][ T5990] ? lockdep_init_map_type+0xa1/0x910 [ 256.819348][ T5990] ntfs_file_mmap+0x505/0x880 [ 256.824013][ T5990] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 256.829805][ T5990] ? __pfx_ntfs_file_mmap+0x10/0x10 [ 256.834990][ T5990] ? __mas_set_range+0x133/0x3c0 [ 256.839915][ T5990] mmap_region+0xe8f/0x2090 [ 256.844408][ T5990] ? __pfx_mmap_region+0x10/0x10 [ 256.849336][ T5990] ? thp_get_unmapped_area_vmflags+0x1bf/0x380 [ 256.855479][ T5990] ? cap_mmap_addr+0x163/0x2c0 [ 256.860237][ T5990] ? __get_unmapped_area+0x2f0/0x360 [ 256.865514][ T5990] do_mmap+0x8ad/0xfa0 [ 256.869576][ T5990] ? __pfx_do_mmap+0x10/0x10 [ 256.874155][ T5990] ? __pfx_ima_file_mmap+0x10/0x10 [ 256.879253][ T5990] vm_mmap_pgoff+0x1dd/0x3d0 [ 256.883832][ T5990] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 256.888926][ T5990] ? __fget_files+0x29/0x470 [ 256.893508][ T5990] ? __fget_files+0x3f6/0x470 [ 256.898175][ T5990] ksys_mmap_pgoff+0x4f1/0x720 [ 256.902924][ T5990] ? __x64_sys_mmap+0x7f/0x140 [ 256.907679][ T5990] do_syscall_64+0xf3/0x230 [ 256.912169][ T5990] ? clear_bhb_loop+0x35/0x90 [ 256.916833][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.922724][ T5990] RIP: 0033:0x7f2454d56c99 [ 256.927140][ T5990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 256.946735][ T5990] RSP: 002b:00007f2454cec208 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 256.955136][ T5990] RAX: ffffffffffffffda RBX: 00007f2454dfe6d8 RCX: 00007f2454d56c99 [ 256.963090][ T5990] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 256.971060][ T5990] RBP: 00007f2454dfe6d0 R08: 0000000000000005 R09: 0000000000000000 [ 256.979026][ T5990] R10: 0000000000028011 R11: 0000000000000246 R12: 00007f2454dcaa18 [pid 5990] <... mmap resumed>) = 0x20000000 [pid 5989] <... write resumed>) = 868352 [pid 5990] futex(0x7f2454dfe6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] exit_group(0 [pid 5990] <... futex resumed>) = ? [pid 5989] <... futex resumed>) = ? [pid 5988] <... exit_group resumed>) = ? [pid 5990] +++ exited with 0 +++ [pid 5989] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 256.986986][ T5990] R13: 00007f2454dab06b R14: bcaefabb4aa2fce3 R15: 0032656c69662f2e [ 256.994948][ T5990] getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./441/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./441/binderfs") = 0 umount2("./441/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./441/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./441/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5991 attached , child_tidptr=0x55557f632690) = 5991 [pid 5991] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5991] chdir("./442") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5991] write(1, "executing program\n", 18executing program ) = 18 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5991] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5992 attached [pid 5992] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5992] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 5991] <... clone3 resumed> => {parent_tid=[5992]}, 88) = 5992 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5992] memfd_create("syzkaller", 0) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5992] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5992] munmap(0x7f244c800000, 138412032) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5992] close(3) = 0 [pid 5992] close(4) = 0 [pid 5992] mkdir("./file2", 0777) = 0 [pid 5992] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5992] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 257.260908][ T5992] loop0: detected capacity change from 0 to 4096 [pid 5992] chdir("./file2") = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] <... futex resumed>) = 0 [pid 5992] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... openat resumed>) = 4 [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... futex resumed>) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 5992] <... openat resumed>) = 5 [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] <... futex resumed>) = 0 [pid 5992] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... write resumed>) = 1036288 [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5991] <... futex resumed>) = 0 [pid 5992] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5991] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... mmap resumed>) = 0x20000000 [pid 5992] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] exit_group(0 [pid 5992] <... futex resumed>) = ? [pid 5991] <... exit_group resumed>) = ? [pid 5992] +++ exited with 0 +++ [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./442", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./442/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./442/binderfs") = 0 umount2("./442/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./442/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./442/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./442/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x55557f632690) = 5993 [pid 5993] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5993] chdir("./443") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5993] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5994 attached => {parent_tid=[5994]}, 88) = 5994 [pid 5994] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] set_robust_list(0x7f2454d0d9a0, 24 [pid 5993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5994] memfd_create("syzkaller", 0) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5994] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5994] munmap(0x7f244c800000, 138412032) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./file2", 0777) = 0 [pid 5994] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5994] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./file2") = 0 [ 257.672561][ T5994] loop0: detected capacity change from 0 to 4096 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5993] <... futex resumed>) = 1 [pid 5994] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... openat resumed>) = 5 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5993] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5994] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] exit_group(0) = ? [pid 5994] <... futex resumed>) = ? [pid 5994] +++ exited with 0 +++ [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./443", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./443/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./443/binderfs") = 0 umount2("./443/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./443/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./443/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x55557f632690) = 5995 [pid 5995] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5995] chdir("./444") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5995] write(1, "executing program\n", 18) = 18 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5995] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5996 attached [pid 5996] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 5995] <... clone3 resumed> => {parent_tid=[5996]}, 88) = 5996 [pid 5996] <... rseq resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] set_robust_list(0x7f2454d0d9a0, 24 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5996] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5996] munmap(0x7f244c800000, 138412032) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] close(4) = 0 [pid 5996] mkdir("./file2", 0777) = 0 [pid 5996] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5996] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./file2") = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 4 [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] <... futex resumed>) = 0 [ 258.095925][ T5996] loop0: detected capacity change from 0 to 4096 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 5 [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... write resumed>) = 1036288 [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... mmap resumed>) = 0x20000000 [pid 5996] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] exit_group(0 [pid 5996] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5995] <... exit_group resumed>) = ? [pid 5996] +++ exited with 0 +++ [pid 5995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./444", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./444/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./444/binderfs") = 0 umount2("./444/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./444/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./444/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 5997 ./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5997] chdir("./445") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5997] write(1, "executing program\n", 18executing program ) = 18 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5997] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 5998 attached [pid 5998] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5997] <... clone3 resumed> => {parent_tid=[5998]}, 88) = 5998 [pid 5998] set_robust_list(0x7f2454d0d9a0, 24 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] <... set_robust_list resumed>) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] memfd_create("syzkaller", 0 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5998] <... memfd_create resumed>) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 5998] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5998] munmap(0x7f244c800000, 138412032) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5998] close(3) = 0 [pid 5998] close(4) = 0 [pid 5998] mkdir("./file2", 0777) = 0 [pid 5998] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5998] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5998] chdir("./file2") = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5997] <... futex resumed>) = 0 [ 258.455339][ T5998] loop0: detected capacity change from 0 to 4096 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... openat resumed>) = 4 [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5997] <... futex resumed>) = 0 [pid 5998] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... openat resumed>) = 5 [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5998] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5998] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] exit_group(0 [pid 5998] <... futex resumed>) = ? [pid 5997] <... exit_group resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./445", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./445/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./445/binderfs") = 0 umount2("./445/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./445/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./445/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached , child_tidptr=0x55557f632690) = 5999 [pid 5999] set_robust_list(0x55557f6326a0, 24) = 0 [pid 5999] chdir("./446") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 executing program [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] write(1, "executing program\n", 18) = 18 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 5999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 5999] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6000 attached => {parent_tid=[6000]}, 88) = 6000 [pid 6000] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6000] set_robust_list(0x7f2454d0d9a0, 24 [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6000] munmap(0x7f244c800000, 138412032) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] close(4) = 0 [pid 6000] mkdir("./file2", 0777) = 0 [pid 6000] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./file2") = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 258.866764][ T6000] loop0: detected capacity change from 0 to 4096 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... openat resumed>) = 4 [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] <... futex resumed>) = 0 [pid 6000] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... openat resumed>) = 5 [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... write resumed>) = 1036288 [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... mmap resumed>) = 0x20000000 [pid 6000] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... futex resumed>) = 0 [pid 5999] exit_group(0 [pid 6000] <... futex resumed>) = ? [pid 5999] <... exit_group resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./446", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./446/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./446/binderfs") = 0 umount2("./446/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./446/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./446/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6001 ./strace-static-x86_64: Process 6001 attached [pid 6001] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6001] chdir("./447") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6001] write(1, "executing program\n", 18executing program ) = 18 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6001] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6002 attached [pid 6002] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6001] <... clone3 resumed> => {parent_tid=[6002]}, 88) = 6002 [pid 6002] set_robust_list(0x7f2454d0d9a0, 24 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], [pid 6002] <... set_robust_list resumed>) = 0 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], [pid 6001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] memfd_create("syzkaller", 0 [pid 6001] <... futex resumed>) = 0 [pid 6002] <... memfd_create resumed>) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6002] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6002] munmap(0x7f244c800000, 138412032) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] close(4) = 0 [pid 6002] mkdir("./file2", 0777) = 0 [pid 6002] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6002] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./file2") = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... openat resumed>) = 4 [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6002] <... futex resumed>) = 1 [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6001] <... futex resumed>) = 0 [pid 6002] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6002] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... openat resumed>) = 5 [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6002] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6001] <... futex resumed>) = 0 [pid 6002] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 259.203322][ T6002] loop0: detected capacity change from 0 to 4096 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... write resumed>) = 1036288 [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [pid 6002] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6001] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... mmap resumed>) = 0x20000000 [pid 6002] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6001] exit_group(0 [pid 6002] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6001] <... exit_group resumed>) = ? [pid 6002] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./447", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./447/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./447/binderfs") = 0 umount2("./447/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./447/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./447/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6003 ./strace-static-x86_64: Process 6003 attached [pid 6003] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6003] chdir("./448") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] write(1, "executing program\n", 18executing program ) = 18 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6003] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6004 attached [pid 6004] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 6003] <... clone3 resumed> => {parent_tid=[6004]}, 88) = 6004 [pid 6004] <... rseq resumed>) = 0 [pid 6004] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6004] memfd_create("syzkaller", 0 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6004] <... memfd_create resumed>) = 3 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6004] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6004] munmap(0x7f244c800000, 138412032) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6004] close(3) = 0 [pid 6004] close(4) = 0 [pid 6004] mkdir("./file2", 0777) = 0 [pid 6004] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6004] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 259.605846][ T6004] loop0: detected capacity change from 0 to 4096 [pid 6004] chdir("./file2") = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... futex resumed>) = 1 [pid 6004] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... openat resumed>) = 5 [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... write resumed>) = 1036288 [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6003] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... mmap resumed>) = 0x20000000 [pid 6004] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6004] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] exit_group(0 [pid 6004] <... futex resumed>) = ? [pid 6003] <... exit_group resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./448", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./448/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./448/binderfs") = 0 umount2("./448/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./448/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./448/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached , child_tidptr=0x55557f632690) = 6005 [pid 6005] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6005] chdir("./449") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6005] write(1, "executing program\n", 18) = 18 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6005] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6005] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6006 attached [pid 6006] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6006] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 6005] <... clone3 resumed> => {parent_tid=[6006]}, 88) = 6006 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6006] munmap(0x7f244c800000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./file2", 0777) = 0 [pid 6006] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./file2") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... openat resumed>) = 4 [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6006] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... openat resumed>) = 5 [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 260.006965][ T6006] loop0: detected capacity change from 0 to 4096 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... write resumed>) = 1036288 [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6005] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... mmap resumed>) = 0x20000000 [pid 6006] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] exit_group(0 [pid 6006] <... futex resumed>) = ? [pid 6005] <... exit_group resumed>) = ? [pid 6006] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./449", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./449/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./449/binderfs") = 0 umount2("./449/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./449/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./449/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6007] chdir("./450" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 6007 [pid 6007] <... chdir resumed>) = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6007] write(1, "executing program\n", 18) = 18 [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6007] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6007] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6007] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6007] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6008 attached [pid 6008] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6008] set_robust_list(0x7f2454d0d9a0, 24 [pid 6007] <... clone3 resumed> => {parent_tid=[6008]}, 88) = 6008 [pid 6008] <... set_robust_list resumed>) = 0 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] memfd_create("syzkaller", 0 [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6008] <... memfd_create resumed>) = 3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6008] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6008] munmap(0x7f244c800000, 138412032) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6008] close(3) = 0 [pid 6008] close(4) = 0 [pid 6008] mkdir("./file2", 0777) = 0 [pid 6008] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6008] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6008] chdir("./file2") = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] <... futex resumed>) = 0 [pid 6008] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 260.441977][ T6008] loop0: detected capacity change from 0 to 4096 [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... openat resumed>) = 4 [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] <... futex resumed>) = 0 [pid 6008] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] <... futex resumed>) = 0 [pid 6008] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... openat resumed>) = 5 [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6007] <... futex resumed>) = 1 [pid 6008] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6007] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... mmap resumed>) = 0x20000000 [pid 6008] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] exit_group(0 [pid 6008] <... futex resumed>) = ? [pid 6007] <... exit_group resumed>) = ? [pid 6008] +++ exited with 0 +++ [pid 6007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./450/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./450/binderfs") = 0 umount2("./450/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./450/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./450/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x55557f6326a0, 24 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 6009 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6009] chdir("./451") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] write(1, "executing program\n", 18executing program ) = 18 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6009] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6009] <... clone3 resumed> => {parent_tid=[6010]}, 88) = 6010 [pid 6010] set_robust_list(0x7f2454d0d9a0, 24 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] <... set_robust_list resumed>) = 0 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] memfd_create("syzkaller", 0) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6010] munmap(0x7f244c800000, 138412032) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6010] close(3) = 0 [pid 6010] close(4) = 0 [pid 6010] mkdir("./file2", 0777) = 0 [pid 6010] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6010] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 260.805353][ T6010] loop0: detected capacity change from 0 to 4096 [pid 6010] chdir("./file2") = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... openat resumed>) = 4 [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6010] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... openat resumed>) = 5 [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... write resumed>) = 1036288 [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6010] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6009] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... mmap resumed>) = 0x20000000 [pid 6010] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6009] exit_group(0 [pid 6010] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6010] +++ exited with 0 +++ [pid 6009] <... exit_group resumed>) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./451/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./451/binderfs") = 0 umount2("./451/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./451/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./451/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached , child_tidptr=0x55557f632690) = 6011 [pid 6011] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6011] chdir("./452") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6011] write(1, "executing program\n", 18) = 18 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6011] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6012 attached [pid 6012] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 6011] <... clone3 resumed> => {parent_tid=[6012]}, 88) = 6012 [pid 6012] <... rseq resumed>) = 0 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6012] set_robust_list(0x7f2454d0d9a0, 24 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], [pid 6011] <... futex resumed>) = 0 [pid 6012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6012] munmap(0x7f244c800000, 138412032) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] close(4) = 0 [pid 6012] mkdir("./file2", 0777) = 0 [pid 6012] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6012] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./file2") = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] <... futex resumed>) = 0 [pid 6012] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 261.216804][ T6012] loop0: detected capacity change from 0 to 4096 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... openat resumed>) = 4 [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] <... futex resumed>) = 0 [pid 6012] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... openat resumed>) = 5 [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6012] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... write resumed>) = 1036288 [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6011] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... mmap resumed>) = 0x20000000 [pid 6012] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6011] exit_group(0 [pid 6012] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... exit_group resumed>) = ? [pid 6012] <... futex resumed>) = ? [pid 6012] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./452", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./452/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./452/binderfs") = 0 umount2("./452/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./452/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./452/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6013 ./strace-static-x86_64: Process 6013 attached [pid 6013] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6013] chdir("./453") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] write(1, "executing program\n", 18executing program ) = 18 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6013] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6013] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6013] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6014 attached => {parent_tid=[6014]}, 88) = 6014 [pid 6014] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6014] set_robust_list(0x7f2454d0d9a0, 24 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], [pid 6014] <... set_robust_list resumed>) = 0 [pid 6013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] <... futex resumed>) = 0 [pid 6014] memfd_create("syzkaller", 0 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6014] <... memfd_create resumed>) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6014] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6014] munmap(0x7f244c800000, 138412032) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6014] close(3) = 0 [pid 6014] close(4) = 0 [pid 6014] mkdir("./file2", 0777) = 0 [pid 6014] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6014] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6014] chdir("./file2") = 0 [ 261.634440][ T6014] loop0: detected capacity change from 0 to 4096 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... openat resumed>) = 4 [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6013] <... futex resumed>) = 1 [pid 6014] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6013] <... futex resumed>) = 0 [pid 6014] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... openat resumed>) = 5 [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6013] <... futex resumed>) = 0 [pid 6014] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... write resumed>) = 1036288 [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6013] <... futex resumed>) = 0 [pid 6014] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6013] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... mmap resumed>) = 0x20000000 [pid 6014] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] exit_group(0 [pid 6014] <... futex resumed>) = ? [pid 6014] +++ exited with 0 +++ [pid 6013] <... exit_group resumed>) = ? [pid 6013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./453/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./453/binderfs") = 0 umount2("./453/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./453/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./453/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6015 ./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6015] chdir("./454") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6015] write(1, "executing program\n", 18) = 18 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6015] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6016 attached [pid 6016] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 6015] <... clone3 resumed> => {parent_tid=[6016]}, 88) = 6016 [pid 6016] <... rseq resumed>) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6016] set_robust_list(0x7f2454d0d9a0, 24 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6016] <... set_robust_list resumed>) = 0 [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... futex resumed>) = 0 [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6016] memfd_create("syzkaller", 0) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6016] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6016] munmap(0x7f244c800000, 138412032) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 6016] mkdir("./file2", 0777) = 0 [pid 6016] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6016] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6016] chdir("./file2") = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6016] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 262.061931][ T6016] loop0: detected capacity change from 0 to 4096 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... openat resumed>) = 4 [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6016] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [pid 6016] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... openat resumed>) = 5 [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6016] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... write resumed>) = 1036288 [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6015] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... mmap resumed>) = 0x20000000 [pid 6016] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6016] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] exit_group(0 [pid 6016] <... futex resumed>) = ? [pid 6015] <... exit_group resumed>) = ? [pid 6016] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./454", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./454/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./454/binderfs") = 0 umount2("./454/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./454/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./454/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6017] chdir("./455") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 6017 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] write(1, "executing program\n", 18executing program ) = 18 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6017] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6018 attached => {parent_tid=[6018]}, 88) = 6018 [pid 6018] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] set_robust_list(0x7f2454d0d9a0, 24 [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6018] memfd_create("syzkaller", 0) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6018] munmap(0x7f244c800000, 138412032) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] close(4) = 0 [pid 6018] mkdir("./file2", 0777) = 0 [pid 6018] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6018] chdir("./file2") = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 262.407656][ T6018] loop0: detected capacity change from 0 to 4096 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... openat resumed>) = 4 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6018] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6018] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6017] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... mmap resumed>) = 0x20000000 [pid 6018] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] exit_group(0 [pid 6018] <... futex resumed>) = ? [pid 6017] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./455", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./455/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./455/binderfs") = 0 umount2("./455/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./455/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./455/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached , child_tidptr=0x55557f632690) = 6019 [pid 6019] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6019] chdir("./456") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6019] write(1, "executing program\n", 18) = 18 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6019] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6020 attached [pid 6020] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6019] <... clone3 resumed> => {parent_tid=[6020]}, 88) = 6020 [pid 6020] set_robust_list(0x7f2454d0d9a0, 24 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] <... set_robust_list resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] memfd_create("syzkaller", 0 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6020] <... memfd_create resumed>) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6020] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6020] munmap(0x7f244c800000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./file2", 0777) = 0 [pid 6020] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6020] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 262.802169][ T6020] loop0: detected capacity change from 0 to 4096 [pid 6020] chdir("./file2") = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... openat resumed>) = 4 [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... futex resumed>) = 1 [pid 6020] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... openat resumed>) = 5 [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... write resumed>) = 1036288 [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6020] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6019] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... mmap resumed>) = 0x20000000 [pid 6020] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] exit_group(0) = ? [pid 6020] <... futex resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./456", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./456/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./456/binderfs") = 0 umount2("./456/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./456/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./456/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x55557f632690) = 6021 [pid 6021] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6021] chdir("./457") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6021] write(1, "executing program\n", 18executing program ) = 18 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6021] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6022 attached [pid 6022] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6022] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 6021] <... clone3 resumed> => {parent_tid=[6022]}, 88) = 6022 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], [pid 6021] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6022] memfd_create("syzkaller", 0) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6022] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6022] munmap(0x7f244c800000, 138412032) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6022] close(3) = 0 [pid 6022] close(4) = 0 [pid 6022] mkdir("./file2", 0777) = 0 [pid 6022] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6022] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6022] chdir("./file2") = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... openat resumed>) = 4 [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = 1 [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6021] <... futex resumed>) = 0 [pid 6022] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6022] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... openat resumed>) = 5 [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 263.233063][ T6022] loop0: detected capacity change from 0 to 4096 [pid 6022] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1036288 [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6022] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6021] <... futex resumed>) = 1 [pid 6022] <... mmap resumed>) = 0x20000000 [pid 6021] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] <... futex resumed>) = 0 [pid 6021] exit_group(0 [pid 6022] <... futex resumed>) = ? [pid 6022] +++ exited with 0 +++ [pid 6021] <... exit_group resumed>) = ? [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./457/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./457/binderfs") = 0 umount2("./457/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./457/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./457/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6023 ./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6023] chdir("./458") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6023] write(1, "executing program\n", 18) = 18 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6023] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6024 attached [pid 6024] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6024] set_robust_list(0x7f2454d0d9a0, 24 [pid 6023] <... clone3 resumed> => {parent_tid=[6024]}, 88) = 6024 [pid 6024] <... set_robust_list resumed>) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6023] <... futex resumed>) = 1 [pid 6024] memfd_create("syzkaller", 0 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6024] <... memfd_create resumed>) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6024] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6024] munmap(0x7f244c800000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./file2", 0777) = 0 [pid 6024] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6024] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./file2") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... futex resumed>) = 0 [pid 6024] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 263.550754][ T6024] loop0: detected capacity change from 0 to 4096 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... openat resumed>) = 4 [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6023] <... futex resumed>) = 0 [pid 6024] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... openat resumed>) = 5 [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6023] <... futex resumed>) = 1 [pid 6024] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... write resumed>) = 1036288 [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... mmap resumed>) = 0x20000000 [pid 6024] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] exit_group(0 [pid 6024] <... futex resumed>) = ? [pid 6023] <... exit_group resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./458/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./458/binderfs") = 0 umount2("./458/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./458/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./458/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached , child_tidptr=0x55557f632690) = 6025 [pid 6025] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6025] chdir("./459") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6025] write(1, "executing program\n", 18) = 18 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6025] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6026 attached [pid 6026] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6025] <... clone3 resumed> => {parent_tid=[6026]}, 88) = 6026 [pid 6026] set_robust_list(0x7f2454d0d9a0, 24 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] <... set_robust_list resumed>) = 0 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6026] memfd_create("syzkaller", 0) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6026] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6026] munmap(0x7f244c800000, 138412032) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6026] close(3) = 0 [pid 6026] close(4) = 0 [pid 6026] mkdir("./file2", 0777) = 0 [pid 6026] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6026] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./file2") = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... openat resumed>) = 4 [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6026] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [ 263.991557][ T6026] loop0: detected capacity change from 0 to 4096 [pid 6026] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... openat resumed>) = 5 [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6025] <... futex resumed>) = 1 [pid 6026] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... write resumed>) = 1036288 [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6026] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6025] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... mmap resumed>) = 0x20000000 [pid 6026] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] exit_group(0) = ? [pid 6026] <... futex resumed>) = ? [pid 6026] +++ exited with 0 +++ [pid 6025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./459", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./459/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./459/binderfs") = 0 umount2("./459/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./459/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./459/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached , child_tidptr=0x55557f632690) = 6027 [pid 6027] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6027] chdir("./460") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6027] write(1, "executing program\n", 18executing program ) = 18 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6027] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6028 attached [pid 6028] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 6027] <... clone3 resumed> => {parent_tid=[6028]}, 88) = 6028 [pid 6028] <... rseq resumed>) = 0 [pid 6028] set_robust_list(0x7f2454d0d9a0, 24) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6028] memfd_create("syzkaller", 0) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6028] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6028] munmap(0x7f244c800000, 138412032) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6028] close(3) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./file2", 0777) = 0 [pid 6028] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6028] chdir("./file2") = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... futex resumed>) = 0 [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 264.401229][ T6028] loop0: detected capacity change from 0 to 4096 [pid 6028] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... futex resumed>) = 0 [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6028] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6028] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... openat resumed>) = 5 [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6028] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] <... futex resumed>) = 0 [pid 6028] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... write resumed>) = 1036288 [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6027] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6028] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6027] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... mmap resumed>) = 0x20000000 [pid 6028] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6028] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] exit_group(0 [pid 6028] <... futex resumed>) = ? [pid 6027] <... exit_group resumed>) = ? [pid 6028] +++ exited with 0 +++ [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./460", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./460/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./460/binderfs") = 0 umount2("./460/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./460/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./460/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6029] chdir("./461") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 6029 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6029] write(1, "executing program\n", 18) = 18 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6029] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6030 attached [pid 6030] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053 [pid 6029] <... clone3 resumed> => {parent_tid=[6030]}, 88) = 6030 [pid 6030] <... rseq resumed>) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] set_robust_list(0x7f2454d0d9a0, 24 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] <... set_robust_list resumed>) = 0 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... futex resumed>) = 0 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6030] munmap(0x7f244c800000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./file2", 0777) = 0 [pid 6030] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6030] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./file2") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6029] <... futex resumed>) = 0 [pid 6030] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [ 264.804429][ T6030] loop0: detected capacity change from 0 to 4096 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6030] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... openat resumed>) = 5 [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... write resumed>) = 1036288 [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6029] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... mmap resumed>) = 0x20000000 [pid 6030] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... futex resumed>) = 0 [pid 6029] exit_group(0 [pid 6030] <... futex resumed>) = ? [pid 6029] <... exit_group resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./461", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./461/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./461/binderfs") = 0 umount2("./461/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./461/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./461/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f632690) = 6031 ./strace-static-x86_64: Process 6031 attached [pid 6031] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6031] chdir("./462") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6031] write(1, "executing program\n", 18) = 18 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6031] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6032 attached [pid 6032] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6031] <... clone3 resumed> => {parent_tid=[6032]}, 88) = 6032 [pid 6032] set_robust_list(0x7f2454d0d9a0, 24 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6032] <... set_robust_list resumed>) = 0 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] memfd_create("syzkaller", 0 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6032] <... memfd_create resumed>) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6032] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6032] munmap(0x7f244c800000, 138412032) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6032] close(3) = 0 [pid 6032] close(4) = 0 [pid 6032] mkdir("./file2", 0777) = 0 [pid 6032] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6032] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6032] chdir("./file2") = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6031] <... futex resumed>) = 0 [ 265.234491][ T6032] loop0: detected capacity change from 0 to 4096 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... openat resumed>) = 4 [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6032] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6032] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... openat resumed>) = 5 [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6032] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... write resumed>) = 1036288 [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6032] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6031] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... mmap resumed>) = 0x20000000 [pid 6032] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... futex resumed>) = 0 [pid 6031] exit_group(0) = ? [pid 6032] <... futex resumed>) = ? [pid 6032] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./462/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./462/binderfs") = 0 umount2("./462/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./462/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./462/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached [pid 6033] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6033] chdir("./463" [pid 5089] <... clone resumed>, child_tidptr=0x55557f632690) = 6033 [pid 6033] <... chdir resumed>) = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6033] write(1, "executing program\n", 18executing program ) = 18 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6033] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6034 attached [pid 6034] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6034] set_robust_list(0x7f2454d0d9a0, 24 [pid 6033] <... clone3 resumed> => {parent_tid=[6034]}, 88) = 6034 [pid 6034] <... set_robust_list resumed>) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] memfd_create("syzkaller", 0 [pid 6033] <... futex resumed>) = 0 [pid 6034] <... memfd_create resumed>) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6034] munmap(0x7f244c800000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6034] close(3) = 0 [pid 6034] close(4) = 0 [pid 6034] mkdir("./file2", 0777) = 0 [pid 6034] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6034] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6034] chdir("./file2") = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 265.571424][ T6034] loop0: detected capacity change from 0 to 4096 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... openat resumed>) = 4 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6034] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] <... futex resumed>) = 0 [pid 6034] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6034] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] <... futex resumed>) = 0 [pid 6034] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... openat resumed>) = 5 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6034] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... write resumed>) = 1036288 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... futex resumed>) = 1 [pid 6034] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 6034] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6033] exit_group(0 [pid 6034] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6033] <... exit_group resumed>) = ? [pid 6034] +++ exited with 0 +++ [pid 6033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./463", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./463/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./463/binderfs") = 0 umount2("./463/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./463/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./463/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached , child_tidptr=0x55557f632690) = 6035 [pid 6035] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6035] chdir("./464") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6035] write(1, "executing program\n", 18) = 18 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6035] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6036 attached => {parent_tid=[6036]}, 88) = 6036 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6036] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] set_robust_list(0x7f2454d0d9a0, 24 [pid 6035] <... futex resumed>) = 0 [pid 6036] <... set_robust_list resumed>) = 0 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6036] memfd_create("syzkaller", 0) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6036] munmap(0x7f244c800000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [pid 6036] mkdir("./file2", 0777) = 0 [pid 6036] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6036] chdir("./file2") = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... openat resumed>) = 4 [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 1 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 265.918078][ T6036] loop0: detected capacity change from 0 to 4096 [pid 6036] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6035] <... futex resumed>) = 0 [pid 6036] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 1 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... openat resumed>) = 5 [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6036] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... write resumed>) = 1036288 [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6036] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6035] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... mmap resumed>) = 0x20000000 [pid 6036] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6035] exit_group(0 [pid 6036] <... futex resumed>) = ? [pid 6035] <... exit_group resumed>) = ? [pid 6036] +++ exited with 0 +++ [pid 6035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./464", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./464/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./464/binderfs") = 0 umount2("./464/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./464/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./464/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached , child_tidptr=0x55557f632690) = 6037 [pid 6037] set_robust_list(0x55557f6326a0, 24) = 0 [pid 6037] chdir("./465") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6037] write(1, "executing program\n", 18executing program ) = 18 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] rt_sigaction(SIGRT_1, {sa_handler=0x7f2454d7d0b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2454d6e260}, NULL, 8) = 0 [pid 6037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2454ced000 [pid 6037] mprotect(0x7f2454cee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2454d0d990, parent_tid=0x7f2454d0d990, exit_signal=0, stack=0x7f2454ced000, stack_size=0x20300, tls=0x7f2454d0d6c0}./strace-static-x86_64: Process 6038 attached => {parent_tid=[6038]}, 88) = 6038 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] rseq(0x7f2454d0dfe0, 0x20, 0, 0x53053053) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6038] set_robust_list(0x7f2454d0d9a0, 24 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6038] <... set_robust_list resumed>) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6038] memfd_create("syzkaller", 0) = 3 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f244c800000 [pid 6038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6038] munmap(0x7f244c800000, 138412032) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] close(4) = 0 [pid 6038] mkdir("./file2", 0777) = 0 [pid 6038] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 6038] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./file2") = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 1 [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... openat resumed>) = 5 [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 266.267285][ T6038] loop0: detected capacity change from 0 to 4096 [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = 1 [pid 6038] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... write resumed>) = 1036288 [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f2454dfe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 6037] futex(0x7f2454dfe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... mmap resumed>) = 0x20000000 [pid 6038] futex(0x7f2454dfe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] futex(0x7f2454dfe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] exit_group(0 [pid 6038] <... futex resumed>) = ? [pid 6037] <... exit_group resumed>) = ? [pid 6038] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./465", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557f633730 /* 4 entries */, 32768) = 112 umount2("./465/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./465/binderfs") = 0 umount2("./465/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./465/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./465/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557f63b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557f63b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/file2") = 0 getdents64(3, 0x55557f633730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3