./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor196629161 <...> Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. execve("./syz-executor196629161", ["./syz-executor196629161"], 0x7fff30a9d880 /* 10 vars */) = 0 brk(NULL) = 0x55555736f000 brk(0x55555736fc40) = 0x55555736fc40 arch_prctl(ARCH_SET_FS, 0x55555736f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555736f5d0) = 3636 set_robust_list(0x55555736f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f687c5f24e0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f687c5f2bb0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f687c5f2580, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f687c5f2bb0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor196629161", 4096) = 27 brk(0x555557390c40) = 0x555557390c40 brk(0x555557391000) = 0x555557391000 mprotect(0x7f687c6d3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3636 mkdir("./syzkaller.rHzsK9", 0700) = 0 chmod("./syzkaller.rHzsK9", 0777) = 0 chdir("./syzkaller.rHzsK9") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3637] chdir("./0") = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3637] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3637] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3639], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3639 [pid 3637] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3639] memfd_create("syzkaller", 0) = 3 [pid 3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3639] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3639] munmap(0x7f68741c1000, 2097152) = 0 [pid 3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] close(3) = 0 [pid 3639] mkdir("./file2", 0777) = 0 [pid 3639] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3639] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3639] chdir("./file2") = 0 [pid 3639] ioctl(4, LOOP_CLR_FD) = 0 [pid 3639] close(4) = 0 [pid 3639] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3639] <... futex resumed>) = 1 [pid 3639] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3639] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3637] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3640], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3640 [pid 3637] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3639] <... futex resumed>) = 1 [pid 3639] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3640] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3640] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3640] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.826758][ T3639] loop0: detected capacity change from 0 to 4096 [ 54.837617][ T3639] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3637] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3640] mkdirat(-1, NULL, 000./strace-static-x86_64: Process 3641 attached [pid 3637] <... clone resumed>, parent_tid=[3641], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3641 [pid 3637] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] set_robust_list(0x7f687439f9e0, 24 [pid 3640] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3641] <... set_robust_list resumed>) = 0 [pid 3640] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3641] mkdirat(-1, NULL, 000 [pid 3640] <... futex resumed>) = 0 [pid 3640] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3641] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 0 [pid 3640] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3639] <... mkdirat resumed>) = 0 [pid 3640] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3639] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3637] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] <... futex resumed>) = 0 [pid 3639] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3639] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3639] <... futex resumed>) = 1 [pid 3639] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3639] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] exit_group(0 [pid 3640] <... futex resumed>) = ? [pid 3637] <... exit_group resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3639] <... futex resumed>) = ? [pid 3639] +++ exited with 0 +++ [pid 3641] <... futex resumed>) = ? [pid 3641] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3642] chdir("./1") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3642] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3643], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3643 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3643] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3643] munmap(0x7f68741c1000, 2097152) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] close(3) = 0 [pid 3643] mkdir("./file2", 0777) = 0 [pid 3643] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3643] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3643] chdir("./file2") = 0 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3642] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3643] mkdirat(4, "./bus", 000 [pid 3642] <... clone resumed>, parent_tid=[3644], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3644 [pid 3642] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3644 attached [pid 3644] set_robust_list(0x7f68743c09e0, 24 [pid 3643] <... mkdirat resumed>) = 0 [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.001448][ T3643] loop0: detected capacity change from 0 to 4096 [ 55.012727][ T3643] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3643] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3644] <... set_robust_list resumed>) = 0 [pid 3644] mkdirat(4, "./bus/file0", 000) = 0 [pid 3644] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... futex resumed>) = 1 [pid 3644] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] <... futex resumed>) = 0 [pid 3643] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3643] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] mkdirat(-1, NULL, 000 [pid 3642] <... futex resumed>) = 1 [pid 3643] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3642] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] <... futex resumed>) = 0 [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3644] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3644] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3643] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3644] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] <... futex resumed>) = 0 [pid 3643] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3643] <... futex resumed>) = 1 [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] mkdirat(-1, NULL, 000 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3643] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3643] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3643] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3643] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3642] exit_group(0 [pid 3644] <... futex resumed>) = ? [pid 3643] <... futex resumed>) = ? [pid 3642] <... exit_group resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3643] +++ exited with 0 +++ [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3645] chdir("./2") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3645] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] <... clone resumed>, parent_tid=[3646], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3646 [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3646] memfd_create("syzkaller", 0) = 3 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3646] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3646] munmap(0x7f68741c1000, 2097152) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3646] close(3) = 0 [pid 3646] mkdir("./file2", 0777) = 0 [pid 3646] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3646] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3646] chdir("./file2") = 0 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3646] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] <... futex resumed>) = 1 [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3646] <... futex resumed>) = 0 [pid 3646] mkdirat(4, "./bus", 000 [pid 3645] <... mmap resumed>) = 0x7f68743a0000 [pid 3645] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3647 attached , parent_tid=[3647], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3647 [pid 3645] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mkdirat resumed>) = 0 [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] set_robust_list(0x7f68743c09e0, 24) = 0 [ 55.169787][ T3646] loop0: detected capacity change from 0 to 4096 [ 55.178785][ T3646] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3647] mkdirat(4, "./bus/file0", 000) = 0 [pid 3647] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3647] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = 0 [pid 3645] <... futex resumed>) = 1 [pid 3646] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] mkdirat(-1, NULL, 000 [pid 3645] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3645] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] <... futex resumed>) = 0 [pid 3647] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3647] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 0 [pid 3646] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] mkdirat(-1, NULL, 000 [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3645] <... futex resumed>) = 0 [pid 3647] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = 0 [pid 3645] <... futex resumed>) = 1 [pid 3646] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3645] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3646] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] exit_group(0 [pid 3647] <... futex resumed>) = ? [pid 3646] <... futex resumed>) = ? [pid 3645] <... exit_group resumed>) = ? [pid 3647] +++ exited with 0 +++ [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3648] chdir("./3") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3648] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3649] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... clone resumed>, parent_tid=[3649], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3649 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3649] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] memfd_create("syzkaller", 0) = 3 [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3649] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3649] munmap(0x7f68741c1000, 2097152) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] close(3) = 0 [pid 3649] mkdir("./file2", 0777) = 0 [pid 3649] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3649] chdir("./file2") = 0 [pid 3649] ioctl(4, LOOP_CLR_FD) = 0 [pid 3649] close(4) = 0 [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3648] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3650], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3650 [pid 3648] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] mkdirat(4, "./bus", 000) = 0 [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3650] mkdirat(4, "./bus/file0", 000) = 0 [pid 3650] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 0 [pid 3649] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.329306][ T3649] loop0: detected capacity change from 0 to 4096 [ 55.339419][ T3649] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3649] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3650] <... futex resumed>) = 1 [pid 3650] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3650] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 0 [pid 3649] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3650] <... futex resumed>) = 1 [pid 3649] mkdirat(-1, NULL, 000 [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3648] <... futex resumed>) = 0 [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 0 [pid 3648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3649] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3648] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3648] <... futex resumed>) = 0 [pid 3649] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 0 [pid 3648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3649] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] exit_group(0 [pid 3650] <... futex resumed>) = ? [pid 3649] <... futex resumed>) = ? [pid 3648] <... exit_group resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3649] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3651] chdir("./4") = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3651] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3652], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3652 [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3652] memfd_create("syzkaller", 0) = 3 [pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3652] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3652] munmap(0x7f68741c1000, 2097152) = 0 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] close(3) = 0 [pid 3652] mkdir("./file2", 0777) = 0 [pid 3652] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3652] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3652] chdir("./file2") = 0 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3652] openat(AT_FDCWD, ".", O_RDONLY [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] <... openat resumed>) = 4 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] mkdirat(4, "./bus", 000 [pid 3651] <... futex resumed>) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3651] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3653 attached , parent_tid=[3653], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3653 [pid 3651] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] set_robust_list(0x7f68743c09e0, 24 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... set_robust_list resumed>) = 0 [pid 3653] mkdirat(4, "./bus/file0", 000 [pid 3652] <... mkdirat resumed>) = 0 [pid 3653] <... mkdirat resumed>) = 0 [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3653] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3653] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 3652] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3652] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] mkdirat(-1, NULL, 000 [pid 3651] <... futex resumed>) = 1 [pid 3652] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3651] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 0 [ 55.471701][ T3652] loop0: detected capacity change from 0 to 4096 [ 55.481261][ T3652] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3653] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3653] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3652] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3652] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3653] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3652] <... futex resumed>) = 1 [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] mkdirat(-1, NULL, 000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3651] <... futex resumed>) = 0 [pid 3652] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3651] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3652] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] exit_group(0) = ? [pid 3653] <... futex resumed>) = ? [pid 3652] <... futex resumed>) = ? [pid 3652] +++ exited with 0 +++ [pid 3653] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3654] chdir("./5") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3654] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3655 attached [pid 3655] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] <... clone resumed>, parent_tid=[3655], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3655 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3655] <... futex resumed>) = 0 [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3655] memfd_create("syzkaller", 0) = 3 [pid 3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3655] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3655] munmap(0x7f68741c1000, 2097152) = 0 [pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3655] close(3) = 0 [pid 3655] mkdir("./file2", 0777) = 0 [pid 3655] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3655] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3655] chdir("./file2") = 0 [pid 3655] ioctl(4, LOOP_CLR_FD) = 0 [pid 3655] close(4) = 0 [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 1 [pid 3655] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3654] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3656], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3656 [pid 3654] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 1 [pid 3655] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3656 attached [pid 3656] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3656] mkdirat(4, "./bus/file0", 000 [pid 3655] <... mkdirat resumed>) = 0 [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3656] <... mkdirat resumed>) = 0 [pid 3656] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3654] <... futex resumed>) = 1 [pid 3655] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] mkdirat(-1, NULL, 000 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] <... futex resumed>) = 1 [pid 3656] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3656] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3654] <... futex resumed>) = 1 [pid 3655] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3656] <... futex resumed>) = 1 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3656] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] <... futex resumed>) = 0 [pid 3655] mkdirat(-1, NULL, 000 [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] <... futex resumed>) = 0 [pid 3655] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3654] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3655] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] exit_group(0 [pid 3656] <... futex resumed>) = ? [pid 3655] <... futex resumed>) = ? [pid 3654] <... exit_group resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 55.633188][ T3655] loop0: detected capacity change from 0 to 4096 [ 55.654042][ T3655] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3657] chdir("./6") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3657] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3658], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3658 [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3658] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3658] munmap(0x7f68741c1000, 2097152) = 0 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] close(3) = 0 [pid 3658] mkdir("./file2", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3658] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3658] chdir("./file2") = 0 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3657] <... futex resumed>) = 0 [pid 3658] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] mkdirat(4, "./bus", 000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3657] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3658] <... mkdirat resumed>) = 0 [pid 3657] <... mprotect resumed>) = 0 [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x7f68743c09e0, 24 [pid 3657] <... clone resumed>, parent_tid=[3659], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3659 [pid 3659] <... set_robust_list resumed>) = 0 [pid 3657] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] mkdirat(4, "./bus/file0", 000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] <... mkdirat resumed>) = 0 [pid 3659] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3659] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3657] <... futex resumed>) = 1 [pid 3658] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3657] <... futex resumed>) = 0 [pid 3658] mkdirat(-1, NULL, 000 [pid 3657] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3657] <... futex resumed>) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] mkdirat(-1, NULL, 000 [pid 3658] <... futex resumed>) = 0 [pid 3659] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3659] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3657] <... futex resumed>) = 1 [pid 3658] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.798293][ T3658] loop0: detected capacity change from 0 to 4096 [ 55.807993][ T3658] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3658] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] exit_group(0 [pid 3659] <... futex resumed>) = ? [pid 3658] <... futex resumed>) = ? [pid 3657] <... exit_group resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3658] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3660 attached , child_tidptr=0x55555736f5d0) = 3660 [pid 3660] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3660] chdir("./7") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3660] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7f687c5e19e0, 24 [pid 3660] <... clone resumed>, parent_tid=[3661], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3661 [pid 3661] <... set_robust_list resumed>) = 0 [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3661] memfd_create("syzkaller", 0) = 3 [pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3661] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3661] munmap(0x7f68741c1000, 2097152) = 0 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3661] close(3) = 0 [pid 3661] mkdir("./file2", 0777) = 0 [pid 3661] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3661] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3661] chdir("./file2") = 0 [pid 3661] ioctl(4, LOOP_CLR_FD) = 0 [pid 3661] close(4) = 0 [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 1 [pid 3661] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 0 [pid 3661] mkdirat(4, "./bus", 000 [pid 3660] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... mkdirat resumed>) = 0 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... mmap resumed>) = 0x7f68743a0000 [pid 3660] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... mprotect resumed>) = 0 [pid 3660] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3662], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3662 [pid 3660] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3662 attached ) = 0 [pid 3660] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3662] mkdirat(4, "./bus/file0", 000) = 0 [pid 3662] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3662] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 1 [pid 3661] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 55.952733][ T3661] loop0: detected capacity change from 0 to 4096 [ 55.963073][ T3661] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] mkdirat(-1, NULL, 000 [pid 3660] <... futex resumed>) = 0 [pid 3661] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 1 [pid 3662] <... futex resumed>) = 0 [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3662] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3662] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = 0 [pid 3660] <... futex resumed>) = 1 [pid 3661] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] <... futex resumed>) = 0 [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] mkdirat(-1, NULL, 000 [pid 3660] <... futex resumed>) = 0 [pid 3661] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3660] <... futex resumed>) = 0 [pid 3661] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3660] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3661] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3661] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] exit_group(0 [pid 3662] <... futex resumed>) = ? [pid 3661] <... futex resumed>) = ? [pid 3660] <... exit_group resumed>) = ? [pid 3662] +++ exited with 0 +++ [pid 3661] +++ exited with 0 +++ [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3663 ./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3663] chdir("./8") = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3663] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3664 attached , parent_tid=[3664], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3664 [pid 3664] set_robust_list(0x7f687c5e19e0, 24 [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... set_robust_list resumed>) = 0 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3664] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3664] munmap(0x7f68741c1000, 2097152) = 0 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] close(3) = 0 [pid 3664] mkdir("./file2", 0777) = 0 [pid 3664] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3664] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3664] chdir("./file2") = 0 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3663] <... futex resumed>) = 0 [pid 3664] openat(AT_FDCWD, ".", O_RDONLY [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... openat resumed>) = 4 [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] mkdirat(4, "./bus", 000 [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... mkdirat resumed>) = 0 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3664] <... futex resumed>) = 0 [pid 3663] <... mmap resumed>) = 0x7f68743a0000 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3665], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3665 [pid 3663] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3665] mkdirat(4, "./bus/file0", 000) = 0 [pid 3665] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3663] <... futex resumed>) = 1 [pid 3664] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3665] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3663] <... futex resumed>) = 0 [pid 3664] mkdirat(-1, NULL, 000 [pid 3663] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3663] <... futex resumed>) = 0 [ 56.095657][ T3664] loop0: detected capacity change from 0 to 4096 [ 56.106079][ T3664] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3665] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3665] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3663] <... futex resumed>) = 1 [pid 3664] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3665] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3663] <... futex resumed>) = 0 [pid 3664] mkdirat(-1, NULL, 000 [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3663] <... futex resumed>) = 0 [pid 3664] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3663] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3664] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3664] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] exit_group(0 [pid 3665] <... futex resumed>) = ? [pid 3664] <... futex resumed>) = ? [pid 3663] <... exit_group resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3666 ./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3666] chdir("./9") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3666] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3667 attached , parent_tid=[3667], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3667 [pid 3667] set_robust_list(0x7f687c5e19e0, 24 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... set_robust_list resumed>) = 0 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3667] memfd_create("syzkaller", 0) = 3 [pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3667] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3667] munmap(0x7f68741c1000, 2097152) = 0 [pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3667] close(3) = 0 [pid 3667] mkdir("./file2", 0777) = 0 [pid 3667] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3667] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3667] chdir("./file2") = 0 [pid 3667] ioctl(4, LOOP_CLR_FD) = 0 [pid 3667] close(4) = 0 [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 1 [pid 3667] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] mkdirat(4, "./bus", 000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3666] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3667] <... mkdirat resumed>) = 0 [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3668] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] <... clone resumed>, parent_tid=[3668], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3668 [pid 3666] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... futex resumed>) = 0 [ 56.240742][ T3667] loop0: detected capacity change from 0 to 4096 [ 56.249649][ T3667] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3668] mkdirat(4, "./bus/file0", 000) = 0 [pid 3668] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 0 [pid 3667] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3668] <... futex resumed>) = 1 [pid 3668] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3668] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = 1 [pid 3667] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] mkdirat(-1, NULL, 000 [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3667] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3666] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3666] <... futex resumed>) = 0 [pid 3667] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 0 [pid 3666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3667] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] exit_group(0 [pid 3667] <... futex resumed>) = ? [pid 3666] <... exit_group resumed>) = ? [pid 3667] +++ exited with 0 +++ [pid 3668] <... futex resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3669] chdir("./10") = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3669] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3670 attached , parent_tid=[3670], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3670 [pid 3670] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] <... futex resumed>) = 0 [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3670] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3670] munmap(0x7f68741c1000, 2097152) = 0 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] close(3) = 0 [pid 3670] mkdir("./file2", 0777) = 0 [pid 3670] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3670] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3670] chdir("./file2") = 0 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3669] <... futex resumed>) = 0 [pid 3670] openat(AT_FDCWD, ".", O_RDONLY [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... openat resumed>) = 4 [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3669] <... futex resumed>) = 0 [pid 3670] mkdirat(4, "./bus", 000 [pid 3669] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... mkdirat resumed>) = 0 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3670] <... futex resumed>) = 0 [pid 3669] <... mmap resumed>) = 0x7f68743a0000 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [ 56.403595][ T3670] loop0: detected capacity change from 0 to 4096 [ 56.414330][ T3670] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3669] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7f68743c09e0, 24 [pid 3669] <... clone resumed>, parent_tid=[3671], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3671 [pid 3669] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] <... set_robust_list resumed>) = 0 [pid 3671] mkdirat(4, "./bus/file0", 000) = 0 [pid 3671] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3671] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = 0 [pid 3669] <... futex resumed>) = 1 [pid 3670] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] mkdirat(-1, NULL, 000 [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] <... futex resumed>) = 0 [pid 3670] <... futex resumed>) = 0 [pid 3669] <... futex resumed>) = 1 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3671] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3671] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = 0 [pid 3669] <... futex resumed>) = 1 [pid 3670] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] mkdirat(-1, NULL, 000 [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 0 [pid 3669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3669] <... futex resumed>) = 0 [pid 3670] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3669] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3670] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] exit_group(0 [pid 3670] <... futex resumed>) = ? [pid 3669] <... exit_group resumed>) = ? [pid 3671] <... futex resumed>) = ? [pid 3670] +++ exited with 0 +++ [pid 3671] +++ exited with 0 +++ [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3672] chdir("./11") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3672] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3673], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3673 ./strace-static-x86_64: Process 3673 attached [pid 3673] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] <... futex resumed>) = 0 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3673] memfd_create("syzkaller", 0) = 3 [pid 3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3673] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3673] munmap(0x7f68741c1000, 2097152) = 0 [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] close(3) = 0 [pid 3673] mkdir("./file2", 0777) = 0 [pid 3673] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3673] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3673] chdir("./file2") = 0 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] openat(AT_FDCWD, ".", O_RDONLY [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... openat resumed>) = 4 [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] mkdirat(4, "./bus", 000 [pid 3672] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3672] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3674 attached , parent_tid=[3674], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3674 [pid 3672] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3674] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [ 56.573275][ T3673] loop0: detected capacity change from 0 to 4096 [ 56.584143][ T3673] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3674] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... mkdirat resumed>) = 0 [pid 3674] <... futex resumed>) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3674] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3673] <... futex resumed>) = 0 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] <... futex resumed>) = 0 [pid 3673] mkdirat(-1, NULL, 000 [pid 3672] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3674] <... futex resumed>) = 0 [pid 3674] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3674] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3674] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... futex resumed>) = 0 [pid 3673] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] <... futex resumed>) = 0 [pid 3673] mkdirat(-1, NULL, 000 [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] <... futex resumed>) = 0 [pid 3673] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3672] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3673] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] exit_group(0 [pid 3674] <... futex resumed>) = ? [pid 3673] <... futex resumed>) = ? [pid 3672] <... exit_group resumed>) = ? [pid 3674] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3675 attached , child_tidptr=0x55555736f5d0) = 3675 [pid 3675] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3675] chdir("./12") = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3675] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3676 attached [pid 3676] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3676] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] <... clone resumed>, parent_tid=[3676], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3676 [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3676] <... futex resumed>) = 0 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3676] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3676] munmap(0x7f68741c1000, 2097152) = 0 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] close(3) = 0 [pid 3676] mkdir("./file2", 0777) = 0 [pid 3676] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3676] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3676] chdir("./file2") = 0 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3675] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3677], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3677 [pid 3675] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] mkdirat(4, "./bus", 000) = 0 [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3677 attached [pid 3677] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3677] mkdirat(4, "./bus/file0", 000) = 0 [pid 3677] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3677] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 0 [pid 3676] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3676] <... futex resumed>) = 1 [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] mkdirat(-1, NULL, 000 [pid 3675] <... futex resumed>) = 0 [pid 3676] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3675] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 1 [pid 3676] <... futex resumed>) = 0 [pid 3675] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3677] <... futex resumed>) = 0 [pid 3677] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3677] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 0 [pid 3677] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3676] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3676] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3675] <... futex resumed>) = 0 [pid 3676] mkdirat(-1, NULL, 000 [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3676] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3675] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3675] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3676] <... futex resumed>) = 0 [pid 3676] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] exit_group(0 [pid 3677] <... futex resumed>) = ? [pid 3676] <... futex resumed>) = ? [pid 3675] <... exit_group resumed>) = ? [pid 3677] +++ exited with 0 +++ [pid 3676] +++ exited with 0 +++ [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 56.745072][ T3676] loop0: detected capacity change from 0 to 4096 [ 56.764425][ T3676] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3678 ./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3678] chdir("./13") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3678] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3679 attached , parent_tid=[3679], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3679 [pid 3679] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3679] memfd_create("syzkaller", 0) = 3 [pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3679] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3679] munmap(0x7f68741c1000, 2097152) = 0 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] close(3) = 0 [pid 3679] mkdir("./file2", 0777) = 0 [pid 3679] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3679] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3679] chdir("./file2") = 0 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3678] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3680], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3680 [pid 3678] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] <... futex resumed>) = 1 [pid 3678] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] mkdirat(4, "./bus", 000) = 0 [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.905790][ T3679] loop0: detected capacity change from 0 to 4096 [ 56.915182][ T3679] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3680 attached [pid 3680] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3680] mkdirat(4, "./bus/file0", 000) = 0 [pid 3680] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3680] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3678] <... futex resumed>) = 1 [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3679] mkdirat(-1, NULL, 000 [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3678] <... futex resumed>) = 0 [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... futex resumed>) = 0 [pid 3679] <... futex resumed>) = 0 [pid 3678] <... futex resumed>) = 1 [pid 3680] mkdirat(-1, NULL, 000 [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3680] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3680] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3680] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = 0 [pid 3678] <... futex resumed>) = 1 [pid 3679] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3678] <... futex resumed>) = 0 [pid 3679] mkdirat(-1, NULL, 000 [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3678] <... futex resumed>) = 0 [pid 3679] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3678] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3679] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3679] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] exit_group(0 [pid 3680] <... futex resumed>) = ? [pid 3679] <... futex resumed>) = ? [pid 3678] <... exit_group resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3681 ./strace-static-x86_64: Process 3681 attached [pid 3681] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3681] chdir("./14") = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3681] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x7f687c5e19e0, 24 [pid 3681] <... clone resumed>, parent_tid=[3682], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3682 [pid 3682] <... set_robust_list resumed>) = 0 [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3682] memfd_create("syzkaller", 0) = 3 [pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3682] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3682] munmap(0x7f68741c1000, 2097152) = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3682] close(3) = 0 [pid 3682] mkdir("./file2", 0777) = 0 [pid 3682] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3682] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3682] chdir("./file2") = 0 [pid 3682] ioctl(4, LOOP_CLR_FD) = 0 [pid 3682] close(4) = 0 [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] openat(AT_FDCWD, ".", O_RDONLY [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... openat resumed>) = 4 [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] mkdirat(4, "./bus", 000 [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3681] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3683 attached , parent_tid=[3683], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3683 [pid 3681] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3683] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3683] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 57.065353][ T3682] loop0: detected capacity change from 0 to 4096 [ 57.075517][ T3682] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3683] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3683] mkdirat(-1, NULL, 000 [pid 3681] <... mmap resumed>) = 0x7f687437f000 [pid 3681] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3683] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3681] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3683] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3683] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] <... clone resumed>, parent_tid=[3684], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3684 [pid 3681] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... mkdirat resumed>) = 0 [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3684] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3684] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3682] <... futex resumed>) = 0 [pid 3681] <... futex resumed>) = 1 [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3682] <... futex resumed>) = 1 [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] mkdirat(-1, NULL, 000 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3681] <... futex resumed>) = 0 [pid 3682] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3681] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3682] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] exit_group(0 [pid 3683] <... futex resumed>) = ? [pid 3682] <... futex resumed>) = ? [pid 3681] <... exit_group resumed>) = ? [pid 3684] <... futex resumed>) = ? [pid 3683] +++ exited with 0 +++ [pid 3682] +++ exited with 0 +++ [pid 3684] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3685] chdir("./15") = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3685] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3686 attached , parent_tid=[3686], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3686 [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3686] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3686] memfd_create("syzkaller", 0) = 3 [pid 3686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3686] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3686] munmap(0x7f68741c1000, 2097152) = 0 [pid 3686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3686] close(3) = 0 [pid 3686] mkdir("./file2", 0777) = 0 [pid 3686] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3686] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3686] chdir("./file2") = 0 [pid 3686] ioctl(4, LOOP_CLR_FD) = 0 [pid 3686] close(4) = 0 [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3686] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 0 [pid 3685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] mkdirat(4, "./bus", 000 [pid 3685] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3685] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3686] <... mkdirat resumed>) = 0 [pid 3685] <... clone resumed>, parent_tid=[3687], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3687 [pid 3685] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3686] <... futex resumed>) = 0 [pid 3685] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x7f68743c09e0, 24) = 0 [ 57.242465][ T3686] loop0: detected capacity change from 0 to 4096 [ 57.253245][ T3686] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3687] mkdirat(4, "./bus/file0", 000) = 0 [pid 3687] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3685] <... futex resumed>) = 1 [pid 3686] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3686] mkdirat(-1, NULL, 000 [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3685] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3687] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3687] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3685] <... futex resumed>) = 1 [pid 3686] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] <... futex resumed>) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] <... futex resumed>) = 0 [pid 3686] mkdirat(-1, NULL, 000 [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] <... futex resumed>) = 0 [pid 3686] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3685] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3686] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3686] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3686] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] exit_group(0 [pid 3687] <... futex resumed>) = ? [pid 3686] <... futex resumed>) = ? [pid 3685] <... exit_group resumed>) = ? [pid 3687] +++ exited with 0 +++ [pid 3686] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3688 attached , child_tidptr=0x55555736f5d0) = 3688 [pid 3688] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3688] chdir("./16") = 0 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3688] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3688] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3689 attached [pid 3689] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3689] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] <... clone resumed>, parent_tid=[3689], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3689 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3689] memfd_create("syzkaller", 0) = 3 [pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3689] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3689] munmap(0x7f68741c1000, 2097152) = 0 [pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3689] close(3) = 0 [pid 3689] mkdir("./file2", 0777) = 0 [pid 3689] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3689] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3689] chdir("./file2") = 0 [pid 3689] ioctl(4, LOOP_CLR_FD) = 0 [pid 3689] close(4) = 0 [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 1 [pid 3689] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3688] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3688] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3690], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3690 [pid 3688] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3690 attached [pid 3688] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 1 [pid 3689] mkdirat(4, "./bus", 000 [pid 3690] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3690] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3690] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] <... mkdirat resumed>) = 0 [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3689] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] <... futex resumed>) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 0 [pid 3689] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3690] mkdirat(-1, NULL, 000 [pid 3689] <... futex resumed>) = 1 [pid 3690] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3689] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [ 57.410490][ T3689] loop0: detected capacity change from 0 to 4096 [ 57.420550][ T3689] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3690] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3690] <... futex resumed>) = 1 [pid 3688] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3689] <... futex resumed>) = 0 [pid 3690] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3690] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] <... futex resumed>) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3690] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 0 [pid 3689] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... futex resumed>) = 1 [pid 3689] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3689] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... futex resumed>) = 0 [pid 3688] exit_group(0) = ? [pid 3690] <... futex resumed>) = ? [pid 3689] <... futex resumed>) = ? [pid 3689] +++ exited with 0 +++ [pid 3690] +++ exited with 0 +++ [pid 3688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3691 ./strace-static-x86_64: Process 3691 attached [pid 3691] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3691] chdir("./17") = 0 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3691] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3691] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3692], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3692 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3692] memfd_create("syzkaller", 0) = 3 [pid 3692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3692] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3692] munmap(0x7f68741c1000, 2097152) = 0 [pid 3692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3692] close(3) = 0 [pid 3692] mkdir("./file2", 0777) = 0 [pid 3692] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3692] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3692] chdir("./file2") = 0 [pid 3692] ioctl(4, LOOP_CLR_FD) = 0 [pid 3692] close(4) = 0 [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] mkdirat(4, "./bus", 000 [pid 3691] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3691] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3691] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3693], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3693] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... mkdirat resumed>) = 0 [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] mkdirat(4, "./bus/file0", 000) = 0 [ 57.565720][ T3692] loop0: detected capacity change from 0 to 4096 [ 57.574906][ T3692] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3693] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 0 [pid 3692] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3692] mkdirat(-1, NULL, 000 [pid 3691] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3691] <... futex resumed>) = 1 [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 0 [pid 3692] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3693] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3693] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = 0 [pid 3691] <... futex resumed>) = 1 [pid 3692] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3692] mkdirat(-1, NULL, 000 [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3691] <... futex resumed>) = 0 [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... futex resumed>) = 0 [pid 3691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3692] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3691] <... futex resumed>) = 0 [pid 3692] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3691] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3692] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3692] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3691] <... futex resumed>) = 0 [pid 3692] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3691] exit_group(0 [pid 3693] <... futex resumed>) = ? [pid 3692] <... futex resumed>) = ? [pid 3691] <... exit_group resumed>) = ? [pid 3693] +++ exited with 0 +++ [pid 3692] +++ exited with 0 +++ [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3694 ./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3694] chdir("./18") = 0 [pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3694] setpgid(0, 0) = 0 [pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3694] write(3, "1000", 4) = 4 [pid 3694] close(3) = 0 [pid 3694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3694] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3694] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3695], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3695 ./strace-static-x86_64: Process 3695 attached [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3695] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3695] memfd_create("syzkaller", 0) = 3 [pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3695] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3695] munmap(0x7f68741c1000, 2097152) = 0 [pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3695] close(3) = 0 [pid 3695] mkdir("./file2", 0777) = 0 [pid 3695] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3695] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3695] chdir("./file2") = 0 [pid 3695] ioctl(4, LOOP_CLR_FD) = 0 [pid 3695] close(4) = 0 [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... futex resumed>) = 1 [pid 3695] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3694] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3694] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x7f68743c09e0, 24 [pid 3694] <... clone resumed>, parent_tid=[3696], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3696 [pid 3694] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] <... futex resumed>) = 1 [pid 3694] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] mkdirat(4, "./bus", 000 [pid 3696] <... set_robust_list resumed>) = 0 [pid 3696] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3695] <... mkdirat resumed>) = 0 [pid 3696] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3696] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3694] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3694] <... futex resumed>) = 0 [pid 3696] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3696] mkdirat(-1, NULL, 000 [pid 3694] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3694] <... futex resumed>) = 0 [pid 3696] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = 0 [pid 3696] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [ 57.726783][ T3695] loop0: detected capacity change from 0 to 4096 [ 57.735960][ T3695] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3694] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3694] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3697], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3697 [pid 3694] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3695] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3697] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3697] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = 0 [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = 1 [pid 3695] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 1 [pid 3695] <... futex resumed>) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3697] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] mkdirat(-1, NULL, 000 [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3694] <... futex resumed>) = 0 [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... futex resumed>) = 0 [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3695] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3694] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3694] <... futex resumed>) = 0 [pid 3695] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3694] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3695] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3695] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3694] exit_group(0 [pid 3697] <... futex resumed>) = ? [pid 3696] <... futex resumed>) = ? [pid 3695] <... futex resumed>) = ? [pid 3694] <... exit_group resumed>) = ? [pid 3697] +++ exited with 0 +++ [pid 3696] +++ exited with 0 +++ [pid 3695] +++ exited with 0 +++ [pid 3694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3698 ./strace-static-x86_64: Process 3698 attached [pid 3698] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3698] chdir("./19") = 0 [pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3698] setpgid(0, 0) = 0 [pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3698] write(3, "1000", 4) = 4 [pid 3698] close(3) = 0 [pid 3698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3698] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3698] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3699], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3699 [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3699] memfd_create("syzkaller", 0) = 3 [pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3699] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3699] munmap(0x7f68741c1000, 2097152) = 0 [pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3699] close(3) = 0 [pid 3699] mkdir("./file2", 0777) = 0 [pid 3699] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3699] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3699] chdir("./file2") = 0 [pid 3699] ioctl(4, LOOP_CLR_FD) = 0 [pid 3699] close(4) = 0 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] <... futex resumed>) = 0 [pid 3699] openat(AT_FDCWD, ".", O_RDONLY [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... openat resumed>) = 4 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] <... futex resumed>) = 0 [pid 3699] mkdirat(4, "./bus", 000 [pid 3698] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3699] <... mkdirat resumed>) = 0 [pid 3698] <... mmap resumed>) = 0x7f68743a0000 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3698] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3699] <... futex resumed>) = 0 [pid 3698] <... mprotect resumed>) = 0 [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 57.873212][ T3699] loop0: detected capacity change from 0 to 4096 [ 57.883469][ T3699] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3698] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3700], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3700 [pid 3698] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3700] mkdirat(4, "./bus/file0", 000) = 0 [pid 3700] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] <... futex resumed>) = 0 [pid 3700] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3698] <... futex resumed>) = 1 [pid 3699] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3698] <... futex resumed>) = 1 [pid 3699] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3698] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3698] <... futex resumed>) = 1 [pid 3699] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3698] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3699] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3699] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3698] <... futex resumed>) = 0 [pid 3699] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] exit_group(0 [pid 3700] <... futex resumed>) = ? [pid 3699] <... futex resumed>) = ? [pid 3698] <... exit_group resumed>) = ? [pid 3699] +++ exited with 0 +++ [pid 3700] +++ exited with 0 +++ [pid 3698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3701 ./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3701] chdir("./20") = 0 [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3701] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3701] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3702 attached , parent_tid=[3702], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3702 [pid 3702] set_robust_list(0x7f687c5e19e0, 24 [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3702] <... set_robust_list resumed>) = 0 [pid 3702] memfd_create("syzkaller", 0) = 3 [pid 3702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3702] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3702] munmap(0x7f68741c1000, 2097152) = 0 [pid 3702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3702] close(3) = 0 [pid 3702] mkdir("./file2", 0777) = 0 [pid 3702] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3702] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3702] chdir("./file2") = 0 [pid 3702] ioctl(4, LOOP_CLR_FD) = 0 [pid 3702] close(4) = 0 [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... futex resumed>) = 1 [pid 3702] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3702] mkdirat(4, "./bus", 000 [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3702] <... mkdirat resumed>) = 0 [pid 3701] <... mmap resumed>) = 0x7f68743a0000 [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3702] <... futex resumed>) = 0 [pid 3701] <... mprotect resumed>) = 0 [pid 3702] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3703], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3703 [pid 3701] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3701] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3703] mkdirat(4, "./bus/file0", 000) = 0 [pid 3703] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3703] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3701] <... futex resumed>) = 1 [pid 3702] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3702] mkdirat(-1, NULL, 000 [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3701] <... futex resumed>) = 0 [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3701] <... futex resumed>) = 1 [pid 3702] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 0 [pid 3703] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3703] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... futex resumed>) = 0 [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3701] <... futex resumed>) = 1 [pid 3702] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3702] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3701] <... futex resumed>) = 0 [pid 3702] mkdirat(-1, NULL, 000 [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3702] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3701] <... futex resumed>) = 0 [ 58.052693][ T3702] loop0: detected capacity change from 0 to 4096 [ 58.062108][ T3702] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3702] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3701] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3702] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3702] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3701] <... futex resumed>) = 0 [pid 3702] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] exit_group(0 [pid 3702] <... futex resumed>) = ? [pid 3701] <... exit_group resumed>) = ? [pid 3702] +++ exited with 0 +++ [pid 3703] <... futex resumed>) = ? [pid 3703] +++ exited with 0 +++ [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3704 attached , child_tidptr=0x55555736f5d0) = 3704 [pid 3704] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3704] chdir("./21") = 0 [pid 3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3704] setpgid(0, 0) = 0 [pid 3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3704] write(3, "1000", 4) = 4 [pid 3704] close(3) = 0 [pid 3704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3704] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3704] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3705], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3705 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3705] memfd_create("syzkaller", 0) = 3 [pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3705] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3705] munmap(0x7f68741c1000, 2097152) = 0 [pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3705] close(3) = 0 [pid 3705] mkdir("./file2", 0777) = 0 [pid 3705] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3705] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3705] chdir("./file2") = 0 [pid 3705] ioctl(4, LOOP_CLR_FD) = 0 [pid 3705] close(4) = 0 [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3705] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3704] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3704] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3706], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3706 [pid 3704] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3706 attached [pid 3705] mkdirat(4, "./bus", 000 [pid 3706] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3706] mkdirat(4, "./bus/file0", 000 [pid 3705] <... mkdirat resumed>) = 0 [ 58.202029][ T3705] loop0: detected capacity change from 0 to 4096 [ 58.210950][ T3705] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3706] <... mkdirat resumed>) = 0 [pid 3706] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] <... futex resumed>) = 0 [pid 3705] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3704] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... futex resumed>) = 0 [pid 3705] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3706] mkdirat(-1, NULL, 000 [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3705] <... futex resumed>) = 0 [pid 3706] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3706] <... futex resumed>) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3705] <... futex resumed>) = 0 [pid 3705] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] <... futex resumed>) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3705] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3704] <... futex resumed>) = 0 [pid 3705] mkdirat(-1, NULL, 000 [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3705] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3705] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3704] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3704] <... futex resumed>) = 0 [pid 3705] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3704] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3705] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3705] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3704] <... futex resumed>) = 0 [pid 3705] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3704] exit_group(0 [pid 3706] <... futex resumed>) = ? [pid 3705] <... futex resumed>) = ? [pid 3704] <... exit_group resumed>) = ? [pid 3706] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ [pid 3704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3707 ./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3707] chdir("./22") = 0 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3707] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3707] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3707] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3708], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3708 ./strace-static-x86_64: Process 3708 attached [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3708] memfd_create("syzkaller", 0) = 3 [pid 3708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3708] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3708] munmap(0x7f68741c1000, 2097152) = 0 [pid 3708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3708] close(3) = 0 [pid 3708] mkdir("./file2", 0777) = 0 [pid 3708] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3708] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3708] chdir("./file2") = 0 [pid 3708] ioctl(4, LOOP_CLR_FD) = 0 [pid 3708] close(4) = 0 [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3708] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = 1 [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3708] mkdirat(4, "./bus", 000 [pid 3707] <... mmap resumed>) = 0x7f68743a0000 [pid 3707] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3707] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3709 attached [pid 3709] set_robust_list(0x7f68743c09e0, 24 [pid 3707] <... clone resumed>, parent_tid=[3709], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3709 [pid 3709] <... set_robust_list resumed>) = 0 [pid 3707] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] mkdirat(4, "./bus/file0", 000 [pid 3707] <... futex resumed>) = 0 [ 58.372873][ T3708] loop0: detected capacity change from 0 to 4096 [ 58.382983][ T3708] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3707] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... mkdirat resumed>) = 0 [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... mkdirat resumed>) = 0 [pid 3709] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = 0 [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... futex resumed>) = 0 [pid 3708] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3707] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 0 [pid 3709] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3709] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] mkdirat(-1, NULL, 000 [pid 3707] <... futex resumed>) = 0 [pid 3708] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3707] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 1 [pid 3709] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3709] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] <... futex resumed>) = 1 [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] mkdirat(-1, NULL, 000 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3709] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3709] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3709] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = 0 [pid 3707] <... futex resumed>) = 1 [pid 3708] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3707] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3708] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3708] <... futex resumed>) = 1 [pid 3707] exit_group(0 [pid 3708] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 3707] <... exit_group resumed>) = ? [pid 3709] <... futex resumed>) = ? [pid 3709] +++ exited with 0 +++ [pid 3708] +++ exited with 0 +++ [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3710 ./strace-static-x86_64: Process 3710 attached [pid 3710] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3710] chdir("./23") = 0 [pid 3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3710] setpgid(0, 0) = 0 [pid 3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3710] write(3, "1000", 4) = 4 [pid 3710] close(3) = 0 [pid 3710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3710] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3710] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3711 attached , parent_tid=[3711], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3711 [pid 3711] set_robust_list(0x7f687c5e19e0, 24 [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... set_robust_list resumed>) = 0 [pid 3710] <... futex resumed>) = 0 [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3711] memfd_create("syzkaller", 0) = 3 [pid 3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3711] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3711] munmap(0x7f68741c1000, 2097152) = 0 [pid 3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3711] close(3) = 0 [pid 3711] mkdir("./file2", 0777) = 0 [pid 3711] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3711] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3711] chdir("./file2") = 0 [pid 3711] ioctl(4, LOOP_CLR_FD) = 0 [pid 3711] close(4) = 0 [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3710] <... futex resumed>) = 0 [pid 3711] openat(AT_FDCWD, ".", O_RDONLY [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... openat resumed>) = 4 [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3710] <... futex resumed>) = 0 [pid 3711] mkdirat(4, "./bus", 000 [pid 3710] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3711] <... mkdirat resumed>) = 0 [pid 3710] <... mmap resumed>) = 0x7f68743a0000 [ 58.528152][ T3711] loop0: detected capacity change from 0 to 4096 [ 58.538561][ T3711] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3711] <... futex resumed>) = 0 [pid 3710] <... mprotect resumed>) = 0 [pid 3710] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3712], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3712 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3712 attached ) = 0 [pid 3712] set_robust_list(0x7f68743c09e0, 24 [pid 3710] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... set_robust_list resumed>) = 0 [pid 3712] mkdirat(4, "./bus/file0", 000) = 0 [pid 3712] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3712] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 1 [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] mkdirat(-1, NULL, 000 [pid 3710] <... futex resumed>) = 0 [pid 3711] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3710] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 0 [pid 3710] <... futex resumed>) = 1 [pid 3712] mkdirat(-1, NULL, 000 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3712] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3710] <... futex resumed>) = 1 [pid 3711] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3710] <... futex resumed>) = 0 [pid 3711] mkdirat(-1, NULL, 000 [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 1 [pid 3710] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3710] <... futex resumed>) = 0 [pid 3710] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3711] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3710] <... futex resumed>) = 0 [pid 3711] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3710] exit_group(0) = ? [pid 3712] <... futex resumed>) = ? [pid 3711] <... futex resumed>) = ? [pid 3711] +++ exited with 0 +++ [pid 3712] +++ exited with 0 +++ [pid 3710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3713 ./strace-static-x86_64: Process 3713 attached [pid 3713] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3713] chdir("./24") = 0 [pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3713] setpgid(0, 0) = 0 [pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3713] write(3, "1000", 4) = 4 [pid 3713] close(3) = 0 [pid 3713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3713] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3713] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3714 attached [pid 3714] set_robust_list(0x7f687c5e19e0, 24 [pid 3713] <... clone resumed>, parent_tid=[3714], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3714 [pid 3714] <... set_robust_list resumed>) = 0 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3714] memfd_create("syzkaller", 0) = 3 [pid 3714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3714] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3714] munmap(0x7f68741c1000, 2097152) = 0 [pid 3714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3714] close(3) = 0 [pid 3714] mkdir("./file2", 0777) = 0 [pid 3714] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3714] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3714] chdir("./file2") = 0 [pid 3714] ioctl(4, LOOP_CLR_FD) = 0 [pid 3714] close(4) = 0 [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3714] <... futex resumed>) = 1 [pid 3714] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3713] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3713] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3715 attached [pid 3714] <... futex resumed>) = 1 [pid 3715] set_robust_list(0x7f68743c09e0, 24 [pid 3714] mkdirat(4, "./bus", 000 [pid 3713] <... clone resumed>, parent_tid=[3715], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3715 [pid 3715] <... set_robust_list resumed>) = 0 [pid 3713] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] mkdirat(4, "./bus/file0", 000 [pid 3713] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 3715] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] <... futex resumed>) = 0 [pid 3715] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3714] <... mkdirat resumed>) = 0 [pid 3713] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.711743][ T3714] loop0: detected capacity change from 0 to 4096 [ 58.721404][ T3714] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3714] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3715] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3715] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3715] <... futex resumed>) = 1 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3713] <... futex resumed>) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3713] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = 0 [pid 3714] mkdirat(-1, NULL, 000 [pid 3713] <... futex resumed>) = 1 [pid 3715] mkdirat(-1, NULL, 000 [pid 3713] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3715] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3715] <... futex resumed>) = 1 [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3713] <... futex resumed>) = 0 [pid 3715] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] <... futex resumed>) = 0 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3713] <... futex resumed>) = 0 [pid 3714] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] <... futex resumed>) = 0 [pid 3714] mkdirat(-1, NULL, 000 [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3714] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] <... futex resumed>) = 0 [pid 3714] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3713] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3713] <... futex resumed>) = 0 [pid 3714] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3713] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3714] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3714] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] <... futex resumed>) = 0 [pid 3714] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3713] exit_group(0 [pid 3715] <... futex resumed>) = ? [pid 3714] <... futex resumed>) = ? [pid 3713] <... exit_group resumed>) = ? [pid 3714] +++ exited with 0 +++ [pid 3715] +++ exited with 0 +++ [pid 3713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3716 attached , child_tidptr=0x55555736f5d0) = 3716 [pid 3716] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3716] chdir("./25") = 0 [pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3716] setpgid(0, 0) = 0 [pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3716] write(3, "1000", 4) = 4 [pid 3716] close(3) = 0 [pid 3716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3716] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3716] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3717 attached , parent_tid=[3717], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3717 [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3717] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3717] memfd_create("syzkaller", 0) = 3 [pid 3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3717] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3717] munmap(0x7f68741c1000, 2097152) = 0 [pid 3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3717] close(3) = 0 [pid 3717] mkdir("./file2", 0777) = 0 [pid 3717] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3717] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3717] chdir("./file2") = 0 [pid 3717] ioctl(4, LOOP_CLR_FD) = 0 [pid 3717] close(4) = 0 [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] <... futex resumed>) = 0 [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3716] <... futex resumed>) = 1 [pid 3717] openat(AT_FDCWD, ".", O_RDONLY [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... openat resumed>) = 4 [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] mkdirat(4, "./bus", 000 [pid 3716] <... futex resumed>) = 0 [pid 3717] <... mkdirat resumed>) = 0 [pid 3716] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... futex resumed>) = 0 [pid 3716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] <... mmap resumed>) = 0x7f68743a0000 [pid 3716] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3716] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3718 attached , parent_tid=[3718], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3718 [pid 3716] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3716] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3718] mkdirat(4, "./bus/file0", 000) = 0 [pid 3718] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3718] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3716] <... futex resumed>) = 1 [pid 3717] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] <... futex resumed>) = 0 [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3716] <... futex resumed>) = 1 [pid 3717] mkdirat(-1, NULL, 000 [pid 3716] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3716] <... futex resumed>) = 1 [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... futex resumed>) = 0 [pid 3718] <... futex resumed>) = 0 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3718] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3718] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3716] <... futex resumed>) = 1 [pid 3717] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3716] <... futex resumed>) = 0 [pid 3717] mkdirat(-1, NULL, 000 [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3716] <... futex resumed>) = 0 [pid 3717] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3716] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3717] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3717] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3717] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] exit_group(0 [pid 3718] <... futex resumed>) = ? [pid 3717] <... futex resumed>) = ? [pid 3716] <... exit_group resumed>) = ? [ 58.869636][ T3717] loop0: detected capacity change from 0 to 4096 [ 58.880422][ T3717] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3718] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ [pid 3716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3719 ./strace-static-x86_64: Process 3719 attached [pid 3719] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3719] chdir("./26") = 0 [pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3719] setpgid(0, 0) = 0 [pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3719] write(3, "1000", 4) = 4 [pid 3719] close(3) = 0 [pid 3719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3719] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3719] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3720], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3720 [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3720 attached [pid 3720] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3720] memfd_create("syzkaller", 0) = 3 [pid 3720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3720] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3720] munmap(0x7f68741c1000, 2097152) = 0 [pid 3720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3720] close(3) = 0 [pid 3720] mkdir("./file2", 0777) = 0 [pid 3720] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3720] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3720] chdir("./file2") = 0 [pid 3720] ioctl(4, LOOP_CLR_FD) = 0 [pid 3720] close(4) = 0 [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] <... futex resumed>) = 0 [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3719] <... futex resumed>) = 1 [pid 3720] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3719] <... futex resumed>) = 1 [pid 3720] mkdirat(4, "./bus", 000 [pid 3719] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3719] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3719] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3721], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3721 [pid 3719] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] <... mkdirat resumed>) = 0 ./strace-static-x86_64: Process 3721 attached [pid 3721] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3721] mkdirat(4, "./bus/file0", 000 [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.016607][ T3720] loop0: detected capacity change from 0 to 4096 [ 59.026226][ T3720] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3721] <... mkdirat resumed>) = 0 [pid 3721] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 0 [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] <... futex resumed>) = 0 [pid 3721] <... futex resumed>) = 1 [pid 3721] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 0 [pid 3720] <... futex resumed>) = 1 [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] mkdirat(-1, NULL, 000 [pid 3719] <... futex resumed>) = 0 [pid 3720] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3719] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 1 [pid 3720] <... futex resumed>) = 0 [pid 3721] <... futex resumed>) = 0 [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3721] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3719] <... futex resumed>) = 0 [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3720] <... futex resumed>) = 0 [pid 3720] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3721] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3719] <... futex resumed>) = 0 [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3719] <... futex resumed>) = 0 [pid 3720] mkdirat(-1, NULL, 000 [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3719] <... futex resumed>) = 0 [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3720] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3719] <... futex resumed>) = 0 [pid 3720] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3719] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3720] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] exit_group(0 [pid 3721] <... futex resumed>) = ? [pid 3720] <... futex resumed>) = ? [pid 3719] <... exit_group resumed>) = ? [pid 3721] +++ exited with 0 +++ [pid 3720] +++ exited with 0 +++ [pid 3719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3722] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3722] chdir("./27") = 0 [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3722] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3722] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3723], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3723 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3723] memfd_create("syzkaller", 0) = 3 [pid 3723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3723] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3723] munmap(0x7f68741c1000, 2097152) = 0 [pid 3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3723] close(3) = 0 [pid 3723] mkdir("./file2", 0777) = 0 [pid 3723] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3723] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3723] chdir("./file2") = 0 [pid 3723] ioctl(4, LOOP_CLR_FD) = 0 [pid 3723] close(4) = 0 [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] mkdirat(4, "./bus", 000 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3723] <... mkdirat resumed>) = 0 [pid 3722] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] <... mprotect resumed>) = 0 [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3724 attached , parent_tid=[3724], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3724 [pid 3722] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3724] mkdirat(4, "./bus/file0", 000) = 0 [pid 3724] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3724] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3722] <... futex resumed>) = 1 [pid 3723] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3723] mkdirat(-1, NULL, 000 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3722] <... futex resumed>) = 0 [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3724] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3724] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3722] <... futex resumed>) = 1 [pid 3723] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 59.165549][ T3723] loop0: detected capacity change from 0 to 4096 [ 59.175914][ T3723] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3722] <... futex resumed>) = 0 [pid 3724] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] mkdirat(-1, NULL, 000 [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3722] <... futex resumed>) = 0 [pid 3723] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3722] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3723] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3722] <... futex resumed>) = 0 [pid 3723] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] exit_group(0 [pid 3724] <... futex resumed>) = ? [pid 3723] <... futex resumed>) = ? [pid 3722] <... exit_group resumed>) = ? [pid 3724] +++ exited with 0 +++ [pid 3723] +++ exited with 0 +++ [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3725 ./strace-static-x86_64: Process 3725 attached [pid 3725] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3725] chdir("./28") = 0 [pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3725] setpgid(0, 0) = 0 [pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3725] write(3, "1000", 4) = 4 [pid 3725] close(3) = 0 [pid 3725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3725] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3725] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3726 attached , parent_tid=[3726], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3726 [pid 3726] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3726] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3726] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3726] memfd_create("syzkaller", 0) = 3 [pid 3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3726] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3726] munmap(0x7f68741c1000, 2097152) = 0 [pid 3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3726] close(3) = 0 [pid 3726] mkdir("./file2", 0777) = 0 [pid 3726] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3726] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3726] chdir("./file2") = 0 [pid 3726] ioctl(4, LOOP_CLR_FD) = 0 [pid 3726] close(4) = 0 [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 1 [pid 3726] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3725] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3725] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3727], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3727 [pid 3725] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 1 [pid 3726] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3727 attached [pid 3727] set_robust_list(0x7f68743c09e0, 24) = 0 [ 59.313505][ T3726] loop0: detected capacity change from 0 to 4096 [ 59.322802][ T3726] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3727] mkdirat(4, "./bus/file0", 000 [pid 3726] <... mkdirat resumed>) = 0 [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] <... mkdirat resumed>) = 0 [pid 3727] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3725] <... futex resumed>) = 0 [pid 3727] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 0 [pid 3726] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3725] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 1 [pid 3726] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] <... futex resumed>) = 0 [pid 3727] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3727] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 0 [pid 3726] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] <... futex resumed>) = 1 [pid 3725] <... futex resumed>) = 0 [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] <... futex resumed>) = 1 [pid 3727] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3725] <... futex resumed>) = 0 [pid 3726] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3725] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3725] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3726] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3726] <... futex resumed>) = 0 [pid 3725] exit_group(0 [pid 3726] ????( [pid 3725] <... exit_group resumed>) = ? [pid 3726] <... ???? resumed>) = ? [pid 3727] <... futex resumed>) = ? [pid 3726] +++ exited with 0 +++ [pid 3727] +++ exited with 0 +++ [pid 3725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3728 attached , child_tidptr=0x55555736f5d0) = 3728 [pid 3728] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3728] chdir("./29") = 0 [pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3728] setpgid(0, 0) = 0 [pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3728] write(3, "1000", 4) = 4 [pid 3728] close(3) = 0 [pid 3728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3728] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3728] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3729], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3729 ./strace-static-x86_64: Process 3729 attached [pid 3729] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3729] memfd_create("syzkaller", 0) = 3 [pid 3729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3729] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3729] munmap(0x7f68741c1000, 2097152) = 0 [pid 3729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3729] close(3) = 0 [pid 3729] mkdir("./file2", 0777) = 0 [pid 3729] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3729] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3729] chdir("./file2") = 0 [pid 3729] ioctl(4, LOOP_CLR_FD) = 0 [pid 3729] close(4) = 0 [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3728] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3728] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3728] <... futex resumed>) = 0 [pid 3729] mkdirat(4, "./bus", 000 [pid 3728] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3728] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3729] <... mkdirat resumed>) = 0 [pid 3728] <... mprotect resumed>) = 0 [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3730 attached [pid 3729] <... futex resumed>) = 0 [pid 3730] set_robust_list(0x7f68743c09e0, 24 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] <... clone resumed>, parent_tid=[3730], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3730 [pid 3730] <... set_robust_list resumed>) = 0 [pid 3728] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] mkdirat(4, "./bus/file0", 000 [pid 3728] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... mkdirat resumed>) = 0 [pid 3730] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] <... futex resumed>) = 0 [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3728] <... futex resumed>) = 1 [pid 3729] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3728] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] mkdirat(-1, NULL, 000 [pid 3728] <... futex resumed>) = 0 [pid 3729] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] <... futex resumed>) = 1 [pid 3730] <... futex resumed>) = 0 [pid 3728] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3730] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] <... futex resumed>) = 0 [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3728] <... futex resumed>) = 1 [pid 3729] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3728] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3728] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3728] <... futex resumed>) = 1 [pid 3729] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3728] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3729] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3728] exit_group(0 [pid 3730] <... futex resumed>) = ? [pid 3729] <... futex resumed>) = ? [pid 3728] <... exit_group resumed>) = ? [pid 3730] +++ exited with 0 +++ [pid 3729] +++ exited with 0 +++ [pid 3728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 59.479745][ T3729] loop0: detected capacity change from 0 to 4096 [ 59.488809][ T3729] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3731 ./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3731] chdir("./30") = 0 [pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3731] setpgid(0, 0) = 0 [pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3731] write(3, "1000", 4) = 4 [pid 3731] close(3) = 0 [pid 3731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3731] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3731] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3732 attached , parent_tid=[3732], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3732 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3732] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3732] memfd_create("syzkaller", 0) = 3 [pid 3732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3732] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3732] munmap(0x7f68741c1000, 2097152) = 0 [pid 3732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3732] close(3) = 0 [pid 3732] mkdir("./file2", 0777) = 0 [pid 3732] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3732] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3732] chdir("./file2") = 0 [pid 3732] ioctl(4, LOOP_CLR_FD) = 0 [pid 3732] close(4) = 0 [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3732] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3732] mkdirat(4, "./bus", 000 [pid 3731] <... mmap resumed>) = 0x7f68743a0000 [pid 3731] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [ 59.610996][ T3732] loop0: detected capacity change from 0 to 4096 [ 59.621116][ T3732] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3731] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3733], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3733 [pid 3731] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3733] mkdirat(4, "./bus/file0", 000 [pid 3732] <... mkdirat resumed>) = 0 [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] <... mkdirat resumed>) = 0 [pid 3733] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3731] <... futex resumed>) = 0 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3731] <... futex resumed>) = 1 [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3732] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 1 [pid 3733] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] <... futex resumed>) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3731] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 0 [pid 3732] mkdirat(-1, NULL, 000 [pid 3733] mkdirat(-1, NULL, 000 [pid 3732] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3733] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3733] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3731] <... futex resumed>) = 0 [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3731] <... futex resumed>) = 0 [pid 3733] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3732] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3732] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3731] <... futex resumed>) = 0 [pid 3732] mkdirat(-1, NULL, 000 [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3732] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3732] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3731] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3731] <... futex resumed>) = 0 [pid 3732] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3731] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3732] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3732] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] <... futex resumed>) = 0 [pid 3732] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3731] exit_group(0 [pid 3733] <... futex resumed>) = ? [pid 3732] <... futex resumed>) = ? [pid 3731] <... exit_group resumed>) = ? [pid 3733] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ [pid 3731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3734 ./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3734] chdir("./31") = 0 [pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3734] setpgid(0, 0) = 0 [pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3734] write(3, "1000", 4) = 4 [pid 3734] close(3) = 0 [pid 3734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3734] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3734] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3735 attached , parent_tid=[3735], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3735 [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] set_robust_list(0x7f687c5e19e0, 24 [pid 3734] <... futex resumed>) = 0 [pid 3735] <... set_robust_list resumed>) = 0 [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3735] memfd_create("syzkaller", 0) = 3 [pid 3735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3735] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3735] munmap(0x7f68741c1000, 2097152) = 0 [pid 3735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3735] close(3) = 0 [pid 3735] mkdir("./file2", 0777) = 0 [pid 3735] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3735] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3735] chdir("./file2") = 0 [pid 3735] ioctl(4, LOOP_CLR_FD) = 0 [pid 3735] close(4) = 0 [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3734] <... futex resumed>) = 1 [pid 3735] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] mkdirat(4, "./bus", 000 [pid 3734] <... futex resumed>) = 0 [pid 3734] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3735] <... mkdirat resumed>) = 0 [pid 3734] <... mmap resumed>) = 0x7f68743a0000 [pid 3734] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] <... mprotect resumed>) = 0 [pid 3735] <... futex resumed>) = 0 [pid 3734] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] <... clone resumed>, parent_tid=[3736], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3736 [pid 3734] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3736 attached [pid 3736] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3736] mkdirat(4, "./bus/file0", 000) = 0 [pid 3736] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3734] <... futex resumed>) = 1 [ 59.753493][ T3735] loop0: detected capacity change from 0 to 4096 [ 59.763443][ T3735] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3735] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3735] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3736] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3734] <... futex resumed>) = 0 [pid 3735] mkdirat(-1, NULL, 000 [pid 3734] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3735] <... futex resumed>) = 0 [pid 3736] mkdirat(-1, NULL, 000 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3736] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3736] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3734] <... futex resumed>) = 1 [pid 3735] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3735] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3736] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3734] <... futex resumed>) = 0 [pid 3735] mkdirat(-1, NULL, 000 [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3735] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3734] <... futex resumed>) = 0 [pid 3735] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3734] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3735] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3735] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3734] <... futex resumed>) = 0 [pid 3735] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] exit_group(0 [pid 3736] <... futex resumed>) = ? [pid 3735] <... futex resumed>) = ? [pid 3734] <... exit_group resumed>) = ? [pid 3736] +++ exited with 0 +++ [pid 3735] +++ exited with 0 +++ [pid 3734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3737 ./strace-static-x86_64: Process 3737 attached [pid 3737] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3737] chdir("./32") = 0 [pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3737] setpgid(0, 0) = 0 [pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3737] write(3, "1000", 4) = 4 [pid 3737] close(3) = 0 [pid 3737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3737] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3737] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3738 attached [pid 3738] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3738] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] <... clone resumed>, parent_tid=[3738], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3738 [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3737] <... futex resumed>) = 1 [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3738] memfd_create("syzkaller", 0) = 3 [pid 3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3738] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3738] munmap(0x7f68741c1000, 2097152) = 0 [pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3738] close(3) = 0 [pid 3738] mkdir("./file2", 0777) = 0 [pid 3738] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3738] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3738] chdir("./file2") = 0 [pid 3738] ioctl(4, LOOP_CLR_FD) = 0 [pid 3738] close(4) = 0 [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] mkdirat(4, "./bus", 000 [pid 3737] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3737] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3737] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3739 attached [pid 3739] set_robust_list(0x7f68743c09e0, 24 [pid 3737] <... clone resumed>, parent_tid=[3739], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3739 [pid 3739] <... set_robust_list resumed>) = 0 [pid 3737] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] mkdirat(4, "./bus/file0", 000 [pid 3737] <... futex resumed>) = 0 [pid 3739] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 3737] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3739] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3737] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3737] <... futex resumed>) = 0 [pid 3739] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = 0 [pid 3737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3739] mkdirat(-1, NULL, 000 [pid 3737] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3738] <... mkdirat resumed>) = 0 [pid 3737] <... futex resumed>) = 0 [pid 3739] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = 0 [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] <... futex resumed>) = 0 [pid 3739] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3738] <... futex resumed>) = 0 [pid 3737] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 3738] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] <... mprotect resumed>) = 0 [pid 3737] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3740 attached , parent_tid=[3740], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3740 [pid 3737] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3740] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3740] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3740] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3740] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3737] <... futex resumed>) = 1 [pid 3738] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [ 59.904895][ T3738] loop0: detected capacity change from 0 to 4096 [ 59.914090][ T3738] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3738] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3737] <... futex resumed>) = 0 [pid 3738] mkdirat(-1, NULL, 000 [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3738] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3737] <... futex resumed>) = 0 [pid 3738] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3737] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3738] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3738] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3737] exit_group(0 [pid 3738] <... futex resumed>) = ? [pid 3737] <... exit_group resumed>) = ? [pid 3738] +++ exited with 0 +++ [pid 3740] <... futex resumed>) = ? [pid 3739] <... futex resumed>) = ? [pid 3739] +++ exited with 0 +++ [pid 3740] +++ exited with 0 +++ [pid 3737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3741 ./strace-static-x86_64: Process 3741 attached [pid 3741] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3741] chdir("./33") = 0 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3741] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3742], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3742] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3742] memfd_create("syzkaller", 0) = 3 [pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3742] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3742] munmap(0x7f68741c1000, 2097152) = 0 [pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3742] close(3) = 0 [pid 3742] mkdir("./file2", 0777) = 0 [pid 3742] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3742] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3742] chdir("./file2") = 0 [pid 3742] ioctl(4, LOOP_CLR_FD) = 0 [pid 3742] close(4) = 0 [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3742] openat(AT_FDCWD, ".", O_RDONLY [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... openat resumed>) = 4 [pid 3741] <... futex resumed>) = 0 [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] mkdirat(4, "./bus", 000 [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] <... mkdirat resumed>) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3741] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... mprotect resumed>) = 0 [pid 3742] <... futex resumed>) = 0 [pid 3741] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3742] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] <... clone resumed>, parent_tid=[3743], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3743 [pid 3741] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3743 attached [pid 3743] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3743] mkdirat(4, "./bus/file0", 000) = 0 [pid 3743] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3743] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = 1 [pid 3742] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 60.072697][ T3742] loop0: detected capacity change from 0 to 4096 [ 60.083223][ T3742] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = 1 [pid 3742] mkdirat(-1, NULL, 000 [pid 3741] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3743] <... futex resumed>) = 0 [pid 3743] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3743] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = 1 [pid 3742] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] mkdirat(-1, NULL, 000 [pid 3741] <... futex resumed>) = 0 [pid 3742] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3741] <... futex resumed>) = 0 [pid 3742] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3741] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] exit_group(0 [pid 3743] <... futex resumed>) = ? [pid 3742] <... futex resumed>) = ? [pid 3741] <... exit_group resumed>) = ? [pid 3743] +++ exited with 0 +++ [pid 3742] +++ exited with 0 +++ [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3744] chdir("./34") = 0 [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3744] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3745 attached [pid 3745] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] <... clone resumed>, parent_tid=[3745], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3745 [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3745] <... futex resumed>) = 0 [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3745] memfd_create("syzkaller", 0) = 3 [pid 3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3745] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3745] munmap(0x7f68741c1000, 2097152) = 0 [pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3745] close(3) = 0 [pid 3745] mkdir("./file2", 0777) = 0 [pid 3745] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3745] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3745] chdir("./file2") = 0 [pid 3745] ioctl(4, LOOP_CLR_FD) = 0 [pid 3745] close(4) = 0 [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = 1 [pid 3745] openat(AT_FDCWD, ".", O_RDONLY [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... openat resumed>) = 4 [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3744] <... futex resumed>) = 0 [pid 3745] mkdirat(4, "./bus", 000 [pid 3744] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3744] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3745] <... mkdirat resumed>) = 0 [pid 3744] <... clone resumed>, parent_tid=[3746], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3746 [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3746 attached [pid 3746] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3746] mkdirat(4, "./bus/file0", 000) = 0 [ 60.231406][ T3745] loop0: detected capacity change from 0 to 4096 [ 60.242232][ T3745] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3746] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = 1 [pid 3745] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3746] <... futex resumed>) = 1 [pid 3746] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3746] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = 1 [pid 3745] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3746] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3745] mkdirat(-1, NULL, 000 [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3744] <... futex resumed>) = 0 [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3744] <... futex resumed>) = 0 [pid 3745] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3744] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3745] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3745] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] exit_group(0 [pid 3746] <... futex resumed>) = ? [pid 3745] <... futex resumed>) = ? [pid 3744] <... exit_group resumed>) = ? [pid 3746] +++ exited with 0 +++ [pid 3745] +++ exited with 0 +++ [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3747 ./strace-static-x86_64: Process 3747 attached [pid 3747] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3747] chdir("./35") = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3747] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3747] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3748 attached [pid 3748] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3748] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] <... clone resumed>, parent_tid=[3748], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3748 [pid 3747] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3748] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3748] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3748] munmap(0x7f68741c1000, 2097152) = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] close(3) = 0 [pid 3748] mkdir("./file2", 0777) = 0 [pid 3748] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3748] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3748] chdir("./file2") = 0 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3748] openat(AT_FDCWD, ".", O_RDONLY [pid 3747] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... openat resumed>) = 4 [pid 3747] <... futex resumed>) = 0 [pid 3748] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 0 [pid 3747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3748] mkdirat(4, "./bus", 000 [pid 3747] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] <... mkdirat resumed>) = 0 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3748] <... futex resumed>) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3748] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] <... mmap resumed>) = 0x7f68743a0000 [pid 3747] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3749 attached , parent_tid=[3749], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3749 [pid 3747] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3749] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3747] <... futex resumed>) = 0 [pid 3749] mkdirat(4, "./bus/file0", 000 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... mkdirat resumed>) = 0 [pid 3749] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3749] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3748] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3748] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... futex resumed>) = 0 [pid 3749] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3749] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... futex resumed>) = 1 [pid 3749] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3749] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] mkdirat(-1, NULL, 000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3749] <... futex resumed>) = 1 [pid 3749] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3749] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3749] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3747] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3749] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3747] <... futex resumed>) = 0 [pid 3749] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] <... futex resumed>) = 0 [pid 3748] <... futex resumed>) = 0 [pid 3747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3749] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3748] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] exit_group(0 [pid 3749] <... futex resumed>) = ? [pid 3747] <... exit_group resumed>) = ? [pid 3749] +++ exited with 0 +++ [pid 3748] <... futex resumed>) = ? [pid 3748] +++ exited with 0 +++ [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 60.390069][ T3748] loop0: detected capacity change from 0 to 4096 [ 60.398855][ T3748] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3750 ./strace-static-x86_64: Process 3750 attached [pid 3750] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3750] chdir("./36") = 0 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3750] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3751 attached [pid 3751] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3750] <... clone resumed>, parent_tid=[3751], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3751 [pid 3751] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3751] memfd_create("syzkaller", 0) = 3 [pid 3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3751] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3751] munmap(0x7f68741c1000, 2097152) = 0 [pid 3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3751] close(3) = 0 [pid 3751] mkdir("./file2", 0777) = 0 [pid 3751] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3751] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3751] chdir("./file2") = 0 [pid 3751] ioctl(4, LOOP_CLR_FD) = 0 [pid 3751] close(4) = 0 [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 1 [pid 3751] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3750] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3752], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3752 [pid 3750] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 1 [pid 3751] mkdirat(4, "./bus", 000) = 0 [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3752 attached [pid 3752] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3752] mkdirat(4, "./bus/file0", 000) = 0 [pid 3752] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 0 [pid 3751] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3752] <... futex resumed>) = 1 [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] <... futex resumed>) = 0 [pid 3751] <... futex resumed>) = 1 [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] mkdirat(-1, NULL, 000 [pid 3750] <... futex resumed>) = 0 [pid 3751] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3750] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 1 [pid 3752] <... futex resumed>) = 0 [pid 3751] <... futex resumed>) = 0 [pid 3750] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3752] mkdirat(-1, NULL, 000 [pid 3751] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3752] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3752] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] <... futex resumed>) = 0 [pid 3752] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] <... futex resumed>) = 0 [pid 3750] <... futex resumed>) = 1 [pid 3751] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 60.545742][ T3751] loop0: detected capacity change from 0 to 4096 [ 60.554813][ T3751] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] <... futex resumed>) = 0 [pid 3751] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3750] <... futex resumed>) = 0 [pid 3751] mkdirat(-1, NULL, 000 [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3751] <... futex resumed>) = 1 [pid 3750] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3750] <... futex resumed>) = 0 [pid 3751] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3750] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3751] <... futex resumed>) = 0 [pid 3751] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] exit_group(0 [pid 3752] <... futex resumed>) = ? [pid 3751] <... futex resumed>) = ? [pid 3750] <... exit_group resumed>) = ? [pid 3752] +++ exited with 0 +++ [pid 3751] +++ exited with 0 +++ [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3753 attached , child_tidptr=0x55555736f5d0) = 3753 [pid 3753] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3753] chdir("./37") = 0 [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3753] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3754] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3754] <... futex resumed>) = 0 [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3754] memfd_create("syzkaller", 0) = 3 [pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3754] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3754] munmap(0x7f68741c1000, 2097152) = 0 [pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3754] close(3) = 0 [pid 3754] mkdir("./file2", 0777) = 0 [pid 3754] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3754] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3754] chdir("./file2") = 0 [pid 3754] ioctl(4, LOOP_CLR_FD) = 0 [pid 3754] close(4) = 0 [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] openat(AT_FDCWD, ".", O_RDONLY [pid 3753] <... futex resumed>) = 0 [pid 3754] <... openat resumed>) = 4 [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3753] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3755], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3755 [pid 3753] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3755] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3755] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3755] <... futex resumed>) = 1 [ 60.706063][ T3754] loop0: detected capacity change from 0 to 4096 [ 60.714888][ T3754] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3755] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3755] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = 0 [pid 3753] <... futex resumed>) = 0 [pid 3754] mkdirat(4, "./bus", 000 [pid 3753] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3753] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3754] <... mkdirat resumed>) = 0 [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... clone resumed>, parent_tid=[3756], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3756 [pid 3753] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3755] <... futex resumed>) = 1 [pid 3754] <... futex resumed>) = 0 [pid 3755] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3755] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3756] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3756] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = 0 [pid 3753] <... futex resumed>) = 1 [pid 3754] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3753] <... futex resumed>) = 0 [pid 3754] mkdirat(-1, NULL, 000 [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3756] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3754] <... futex resumed>) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3753] <... futex resumed>) = 0 [pid 3754] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3753] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3754] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3754] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] exit_group(0 [pid 3756] <... futex resumed>) = ? [pid 3755] <... futex resumed>) = ? [pid 3754] <... futex resumed>) = ? [pid 3753] <... exit_group resumed>) = ? [pid 3756] +++ exited with 0 +++ [pid 3754] +++ exited with 0 +++ [pid 3755] +++ exited with 0 +++ [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3757 ./strace-static-x86_64: Process 3757 attached [pid 3757] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3757] chdir("./38") = 0 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3757] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3758], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3758 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3758 attached [pid 3758] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3758] memfd_create("syzkaller", 0) = 3 [pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3758] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3758] munmap(0x7f68741c1000, 2097152) = 0 [pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3758] close(3) = 0 [pid 3758] mkdir("./file2", 0777) = 0 [pid 3758] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3758] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3758] chdir("./file2") = 0 [pid 3758] ioctl(4, LOOP_CLR_FD) = 0 [pid 3758] close(4) = 0 [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3757] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3759], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3759 [pid 3757] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] mkdirat(4, "./bus", 000) = 0 [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3758] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3759 attached [pid 3759] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3759] mkdirat(4, "./bus/file0", 000) = 0 [pid 3759] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 0 [pid 3758] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3758] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3759] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3758] <... futex resumed>) = 0 [pid 3757] <... futex resumed>) = 1 [pid 3758] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 60.872892][ T3758] loop0: detected capacity change from 0 to 4096 [ 60.882034][ T3758] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3758] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3757] <... futex resumed>) = 0 [pid 3758] mkdirat(-1, NULL, 000 [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3759] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3758] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3757] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3757] <... futex resumed>) = 0 [pid 3758] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3757] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3758] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3758] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3757] exit_group(0 [pid 3758] <... futex resumed>) = ? [pid 3757] <... exit_group resumed>) = ? [pid 3758] +++ exited with 0 +++ [pid 3759] <... futex resumed>) = ? [pid 3759] +++ exited with 0 +++ [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3760 ./strace-static-x86_64: Process 3760 attached [pid 3760] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3760] chdir("./39") = 0 [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3760] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3760] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3761 attached , parent_tid=[3761], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3761 [pid 3761] set_robust_list(0x7f687c5e19e0, 24 [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3761] <... set_robust_list resumed>) = 0 [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3761] memfd_create("syzkaller", 0) = 3 [pid 3761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3761] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3761] munmap(0x7f68741c1000, 2097152) = 0 [pid 3761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3761] close(3) = 0 [pid 3761] mkdir("./file2", 0777) = 0 [pid 3761] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3761] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3761] chdir("./file2") = 0 [pid 3761] ioctl(4, LOOP_CLR_FD) = 0 [pid 3761] close(4) = 0 [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3761] openat(AT_FDCWD, ".", O_RDONLY [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3761] <... openat resumed>) = 4 [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.041381][ T3761] loop0: detected capacity change from 0 to 4096 [ 61.051132][ T3761] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3760] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3760] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3762], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3762 [pid 3760] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3762 attached [pid 3762] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3762] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3762] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3762] <... futex resumed>) = 1 [pid 3762] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3762] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3760] <... futex resumed>) = 0 [pid 3760] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3760] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3760] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3763], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3763 [pid 3760] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3762] <... futex resumed>) = 1 [pid 3762] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3762] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3763 attached [pid 3761] mkdirat(4, "./bus", 000 [pid 3763] set_robust_list(0x7f687439f9e0, 24 [pid 3761] <... mkdirat resumed>) = 0 [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3761] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3763] <... set_robust_list resumed>) = 0 [pid 3763] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3763] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3763] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3761] <... futex resumed>) = 0 [pid 3760] <... futex resumed>) = 1 [pid 3761] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3761] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3760] <... futex resumed>) = 0 [pid 3761] mkdirat(-1, NULL, 000 [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3761] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3760] <... futex resumed>) = 0 [pid 3761] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3760] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3761] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3761] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3760] exit_group(0 [pid 3763] <... futex resumed>) = ? [pid 3762] <... futex resumed>) = ? [pid 3761] <... futex resumed>) = ? [pid 3760] <... exit_group resumed>) = ? [pid 3763] +++ exited with 0 +++ [pid 3762] +++ exited with 0 +++ [pid 3761] +++ exited with 0 +++ [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3764 ./strace-static-x86_64: Process 3764 attached [pid 3764] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3764] chdir("./40") = 0 [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3764] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3764] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3765], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3765 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3765 attached [pid 3765] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3765] memfd_create("syzkaller", 0) = 3 [pid 3765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3765] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3765] munmap(0x7f68741c1000, 2097152) = 0 [pid 3765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3765] close(3) = 0 [pid 3765] mkdir("./file2", 0777) = 0 [pid 3765] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3765] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3765] chdir("./file2") = 0 [pid 3765] ioctl(4, LOOP_CLR_FD) = 0 [pid 3765] close(4) = 0 [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3765] <... futex resumed>) = 1 [pid 3765] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3764] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3764] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3766], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3766 [pid 3764] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3766 attached [pid 3766] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3766] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3766] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3766] <... futex resumed>) = 1 [pid 3765] mkdirat(4, "./bus", 000 [pid 3766] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3766] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3764] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3764] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3765] <... mkdirat resumed>) = 0 [pid 3764] <... clone resumed>, parent_tid=[3767], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3767 [pid 3764] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3766] <... futex resumed>) = 1 [pid 3766] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3766] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3766] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3765] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3767 attached [pid 3765] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3767] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3767] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3767] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3767] <... futex resumed>) = 1 [ 61.206957][ T3765] loop0: detected capacity change from 0 to 4096 [ 61.216013][ T3765] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3767] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3765] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3765] mkdirat(-1, NULL, 000 [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3765] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3765] <... futex resumed>) = 1 [pid 3764] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3765] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3764] <... futex resumed>) = 0 [pid 3764] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3765] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3765] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3764] <... futex resumed>) = 0 [pid 3765] <... futex resumed>) = 1 [pid 3764] exit_group(0 [pid 3765] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 3764] <... exit_group resumed>) = ? [pid 3766] <... futex resumed>) = ? [pid 3766] +++ exited with 0 +++ [pid 3767] <... futex resumed>) = ? [pid 3765] +++ exited with 0 +++ [pid 3767] +++ exited with 0 +++ [pid 3764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3768 ./strace-static-x86_64: Process 3768 attached [pid 3768] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3768] chdir("./41") = 0 [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3768] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3768] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3769], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3769 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3769 attached [pid 3769] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3769] memfd_create("syzkaller", 0) = 3 [pid 3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3769] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3769] munmap(0x7f68741c1000, 2097152) = 0 [pid 3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3769] close(3) = 0 [pid 3769] mkdir("./file2", 0777) = 0 [pid 3769] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3769] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3769] chdir("./file2") = 0 [pid 3769] ioctl(4, LOOP_CLR_FD) = 0 [pid 3769] close(4) = 0 [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 1 [pid 3769] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3768] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3768] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3769] <... futex resumed>) = 1 [pid 3769] mkdirat(4, "./bus", 000 [pid 3768] <... clone resumed>, parent_tid=[3770], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3770 [pid 3768] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... mkdirat resumed>) = 0 [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3769] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3770 attached [pid 3770] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3770] mkdirat(4, "./bus/file0", 000) = 0 [pid 3770] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 0 [pid 3769] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 1 [pid 3769] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3769] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3770] <... futex resumed>) = 1 [pid 3770] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3770] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3769] <... futex resumed>) = 0 [pid 3768] <... futex resumed>) = 1 [pid 3769] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3768] <... futex resumed>) = 0 [pid 3769] mkdirat(-1, NULL, 000 [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3770] <... futex resumed>) = 1 [pid 3769] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3768] <... futex resumed>) = 0 [pid 3770] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 0 [pid 3768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3769] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3768] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3769] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3768] <... futex resumed>) = 0 [ 61.364743][ T3769] loop0: detected capacity change from 0 to 4096 [ 61.374992][ T3769] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3769] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 0 [pid 3768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3769] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] exit_group(0 [pid 3770] <... futex resumed>) = ? [pid 3769] <... futex resumed>) = ? [pid 3768] <... exit_group resumed>) = ? [pid 3770] +++ exited with 0 +++ [pid 3769] +++ exited with 0 +++ [pid 3768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3771 ./strace-static-x86_64: Process 3771 attached [pid 3771] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3771] chdir("./42") = 0 [pid 3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3771] setpgid(0, 0) = 0 [pid 3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3771] write(3, "1000", 4) = 4 [pid 3771] close(3) = 0 [pid 3771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3771] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3771] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3772], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3772 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3772 attached [pid 3772] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3772] memfd_create("syzkaller", 0) = 3 [pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3772] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3772] munmap(0x7f68741c1000, 2097152) = 0 [pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3772] close(3) = 0 [pid 3772] mkdir("./file2", 0777) = 0 [pid 3772] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3772] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3772] chdir("./file2") = 0 [pid 3772] ioctl(4, LOOP_CLR_FD) = 0 [pid 3772] close(4) = 0 [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3771] <... futex resumed>) = 0 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... futex resumed>) = 1 [pid 3772] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3771] <... futex resumed>) = 0 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3771] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3771] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3773], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3773 [pid 3771] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... futex resumed>) = 1 [pid 3772] mkdirat(4, "./bus", 000) = 0 [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3773 attached [pid 3773] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3773] mkdirat(4, "./bus/file0", 000) = 0 [pid 3773] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... futex resumed>) = 0 [pid 3771] <... futex resumed>) = 1 [pid 3772] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3773] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] mkdirat(-1, NULL, 000 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3771] <... futex resumed>) = 0 [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3771] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... futex resumed>) = 0 [pid 3771] <... futex resumed>) = 0 [pid 3772] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3771] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3773] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3773] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... futex resumed>) = 0 [pid 3771] <... futex resumed>) = 1 [pid 3772] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [ 61.544255][ T3772] loop0: detected capacity change from 0 to 4096 [ 61.554071][ T3772] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3772] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3771] <... futex resumed>) = 0 [pid 3772] mkdirat(-1, NULL, 000 [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3773] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] <... futex resumed>) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3772] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3771] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3771] <... futex resumed>) = 0 [pid 3772] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3771] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3772] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3772] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3771] exit_group(0 [pid 3772] <... futex resumed>) = ? [pid 3771] <... exit_group resumed>) = ? [pid 3773] <... futex resumed>) = ? [pid 3772] +++ exited with 0 +++ [pid 3773] +++ exited with 0 +++ [pid 3771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3774 attached , child_tidptr=0x55555736f5d0) = 3774 [pid 3774] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3774] chdir("./43") = 0 [pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3774] setpgid(0, 0) = 0 [pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3774] write(3, "1000", 4) = 4 [pid 3774] close(3) = 0 [pid 3774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3774] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3774] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3775 attached , parent_tid=[3775], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3775 [pid 3775] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3775] memfd_create("syzkaller", 0) = 3 [pid 3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3775] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3775] munmap(0x7f68741c1000, 2097152) = 0 [pid 3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3775] close(3) = 0 [pid 3775] mkdir("./file2", 0777) = 0 [pid 3775] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3775] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3775] chdir("./file2") = 0 [pid 3775] ioctl(4, LOOP_CLR_FD) = 0 [pid 3775] close(4) = 0 [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3775] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3774] <... futex resumed>) = 0 [pid 3775] openat(AT_FDCWD, ".", O_RDONLY [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... openat resumed>) = 4 [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3775] mkdirat(4, "./bus", 000 [pid 3774] <... mmap resumed>) = 0x7f68743a0000 [pid 3774] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3774] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3776], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3776 [pid 3774] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3776 attached ) = 0 [pid 3776] set_robust_list(0x7f68743c09e0, 24 [pid 3774] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] <... set_robust_list resumed>) = 0 [pid 3776] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3776] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3776] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3774] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3776] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 61.697472][ T3775] loop0: detected capacity change from 0 to 4096 [ 61.707580][ T3775] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3775] <... mkdirat resumed>) = 0 [pid 3774] <... futex resumed>) = 0 [pid 3776] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] <... futex resumed>) = 0 [pid 3774] <... futex resumed>) = 0 [pid 3774] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] mkdirat(-1, NULL, 000 [pid 3774] <... futex resumed>) = 0 [pid 3776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3774] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3776] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3776] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3776] <... futex resumed>) = 1 [pid 3775] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] <... futex resumed>) = 0 [pid 3776] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] <... futex resumed>) = 0 [pid 3774] <... futex resumed>) = 1 [pid 3775] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3775] mkdirat(-1, NULL, 000 [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3774] <... futex resumed>) = 0 [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... futex resumed>) = 0 [pid 3774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3775] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3774] <... futex resumed>) = 0 [pid 3775] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3774] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3775] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3775] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] exit_group(0 [pid 3775] <... futex resumed>) = ? [pid 3774] <... exit_group resumed>) = ? [pid 3776] <... futex resumed>) = ? [pid 3775] +++ exited with 0 +++ [pid 3776] +++ exited with 0 +++ [pid 3774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3777 ./strace-static-x86_64: Process 3777 attached [pid 3777] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3777] chdir("./44") = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3777] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3778], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3778 ./strace-static-x86_64: Process 3778 attached [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3778] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3778] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3778] munmap(0x7f68741c1000, 2097152) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file2", 0777) = 0 [pid 3778] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3778] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file2") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3777] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3779], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3779 ./strace-static-x86_64: Process 3779 attached [pid 3779] set_robust_list(0x7f68743c09e0, 24 [pid 3777] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3779] <... set_robust_list resumed>) = 0 [pid 3777] <... futex resumed>) = 0 [pid 3779] mkdirat(4, "./bus/file0", 000 [pid 3777] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] mkdirat(4, "./bus", 000 [pid 3779] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 3779] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] <... futex resumed>) = 0 [pid 3779] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3777] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3779] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3778] <... mkdirat resumed>) = 0 [pid 3779] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3779] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] <... futex resumed>) = 0 [pid 3779] <... futex resumed>) = 1 [pid 3777] <... futex resumed>) = 0 [pid 3778] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3779] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] mkdirat(-1, NULL, 000 [pid 3777] <... futex resumed>) = 0 [pid 3778] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3777] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3779] <... futex resumed>) = 0 [pid 3777] <... futex resumed>) = 1 [pid 3778] <... futex resumed>) = 0 [pid 3779] mkdirat(-1, NULL, 000 [pid 3777] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3779] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3779] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] <... futex resumed>) = 0 [pid 3779] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] <... futex resumed>) = 0 [pid 3777] <... futex resumed>) = 1 [pid 3778] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3778] <... futex resumed>) = 1 [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] mkdirat(-1, NULL, 000 [pid 3777] <... futex resumed>) = 0 [pid 3778] <... mkdirat resumed>) = -1 EFAULT (Bad address) [ 61.859898][ T3778] loop0: detected capacity change from 0 to 4096 [ 61.869596][ T3778] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] <... futex resumed>) = 0 [pid 3778] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3777] <... futex resumed>) = 0 [pid 3778] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3777] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3778] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] <... futex resumed>) = 0 [pid 3778] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] exit_group(0) = ? [pid 3779] <... futex resumed>) = ? [pid 3778] <... futex resumed>) = ? [pid 3779] +++ exited with 0 +++ [pid 3778] +++ exited with 0 +++ [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3780 attached , child_tidptr=0x55555736f5d0) = 3780 [pid 3780] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3780] chdir("./45") = 0 [pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3780] setpgid(0, 0) = 0 [pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3780] write(3, "1000", 4) = 4 [pid 3780] close(3) = 0 [pid 3780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3780] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3780] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3781], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3781 ./strace-static-x86_64: Process 3781 attached [pid 3781] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3781] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3781] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3781] memfd_create("syzkaller", 0) = 3 [pid 3781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3781] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3781] munmap(0x7f68741c1000, 2097152) = 0 [pid 3781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3781] close(3) = 0 [pid 3781] mkdir("./file2", 0777) = 0 [pid 3781] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3781] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3781] chdir("./file2") = 0 [pid 3781] ioctl(4, LOOP_CLR_FD) = 0 [pid 3781] close(4) = 0 [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 1 [pid 3781] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3780] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3780] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3782], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3782 [pid 3780] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 1 [pid 3781] mkdirat(4, "./bus", 000) = 0 [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3781] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3782 attached [pid 3782] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3782] mkdirat(4, "./bus/file0", 000) = 0 [pid 3782] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 0 [pid 3781] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3781] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3782] <... futex resumed>) = 1 [pid 3782] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3782] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3781] <... futex resumed>) = 0 [pid 3780] <... futex resumed>) = 1 [pid 3781] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] <... futex resumed>) = 0 [pid 3781] mkdirat(-1, NULL, 000 [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3781] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3780] <... futex resumed>) = 0 [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 0 [pid 3780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3781] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3780] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3781] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3780] <... futex resumed>) = 0 [pid 3781] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3780] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 0 [pid 3780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3781] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3780] exit_group(0 [pid 3781] <... futex resumed>) = ? [pid 3780] <... exit_group resumed>) = ? [pid 3781] +++ exited with 0 +++ [pid 3782] <... futex resumed>) = ? [pid 3782] +++ exited with 0 +++ [pid 3780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 62.017979][ T3781] loop0: detected capacity change from 0 to 4096 [ 62.026934][ T3781] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3783 ./strace-static-x86_64: Process 3783 attached [pid 3783] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3783] chdir("./46") = 0 [pid 3783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3783] setpgid(0, 0) = 0 [pid 3783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3783] write(3, "1000", 4) = 4 [pid 3783] close(3) = 0 [pid 3783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3783] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3783] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3784 attached , parent_tid=[3784], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3784 [pid 3784] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3784] memfd_create("syzkaller", 0) = 3 [pid 3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3784] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3784] munmap(0x7f68741c1000, 2097152) = 0 [pid 3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3784] close(3) = 0 [pid 3784] mkdir("./file2", 0777) = 0 [pid 3784] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3784] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3784] chdir("./file2") = 0 [pid 3784] ioctl(4, LOOP_CLR_FD) = 0 [pid 3784] close(4) = 0 [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3783] <... futex resumed>) = 0 [pid 3784] openat(AT_FDCWD, ".", O_RDONLY [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... openat resumed>) = 4 [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3783] <... futex resumed>) = 0 [pid 3784] mkdirat(4, "./bus", 000 [pid 3783] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3783] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3784] <... mkdirat resumed>) = 0 [pid 3783] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3785], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3785 [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 0 [ 62.158334][ T3784] loop0: detected capacity change from 0 to 4096 [ 62.168685][ T3784] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3785 attached [pid 3785] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3785] mkdirat(4, "./bus/file0", 000) = 0 [pid 3785] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... futex resumed>) = 0 [pid 3783] <... futex resumed>) = 1 [pid 3784] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3783] <... futex resumed>) = 0 [pid 3784] mkdirat(-1, NULL, 000 [pid 3783] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3784] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3783] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3785] <... futex resumed>) = 1 [pid 3785] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3785] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3785] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3784] <... futex resumed>) = 0 [pid 3783] <... futex resumed>) = 1 [pid 3784] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3784] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3783] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3784] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3783] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3784] <... futex resumed>) = 0 [pid 3784] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] exit_group(0 [pid 3785] <... futex resumed>) = ? [pid 3784] <... futex resumed>) = ? [pid 3783] <... exit_group resumed>) = ? [pid 3785] +++ exited with 0 +++ [pid 3784] +++ exited with 0 +++ [pid 3783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3783, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3786 ./strace-static-x86_64: Process 3786 attached [pid 3786] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3786] chdir("./47") = 0 [pid 3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3786] setpgid(0, 0) = 0 [pid 3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3786] write(3, "1000", 4) = 4 [pid 3786] close(3) = 0 [pid 3786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3786] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3786] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3787 attached [pid 3787] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3787] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3786] <... clone resumed>, parent_tid=[3787], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3787 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3787] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3787] memfd_create("syzkaller", 0) = 3 [pid 3787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3787] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3787] munmap(0x7f68741c1000, 2097152) = 0 [pid 3787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3787] close(3) = 0 [pid 3787] mkdir("./file2", 0777) = 0 [pid 3787] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3787] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3787] chdir("./file2") = 0 [pid 3787] ioctl(4, LOOP_CLR_FD) = 0 [pid 3787] close(4) = 0 [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 1 [pid 3787] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3786] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3786] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3788], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3788 [pid 3786] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 1 [pid 3787] mkdirat(4, "./bus", 000) = 0 [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3787] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3788 attached [pid 3788] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3788] mkdirat(4, "./bus/file0", 000) = 0 [pid 3788] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 0 [pid 3787] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 1 [pid 3787] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3787] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3788] <... futex resumed>) = 1 [pid 3788] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3788] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] <... futex resumed>) = 0 [pid 3786] <... futex resumed>) = 1 [pid 3787] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3786] <... futex resumed>) = 0 [pid 3787] mkdirat(-1, NULL, 000 [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3786] <... futex resumed>) = 0 [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 0 [pid 3786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3787] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3786] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3786] <... futex resumed>) = 0 [pid 3787] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 0 [pid 3786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3787] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3786] exit_group(0 [pid 3787] <... futex resumed>) = ? [pid 3786] <... exit_group resumed>) = ? [pid 3787] +++ exited with 0 +++ [pid 3788] <... futex resumed>) = ? [ 62.331048][ T3787] loop0: detected capacity change from 0 to 4096 [ 62.340033][ T3787] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3788] +++ exited with 0 +++ [pid 3786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3789 ./strace-static-x86_64: Process 3789 attached [pid 3789] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3789] chdir("./48") = 0 [pid 3789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3789] setpgid(0, 0) = 0 [pid 3789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3789] write(3, "1000", 4) = 4 [pid 3789] close(3) = 0 [pid 3789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3789] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3789] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3790 attached , parent_tid=[3790], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3790 [pid 3790] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3790] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3790] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3790] memfd_create("syzkaller", 0) = 3 [pid 3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3790] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3790] munmap(0x7f68741c1000, 2097152) = 0 [pid 3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3790] close(3) = 0 [pid 3790] mkdir("./file2", 0777) = 0 [pid 3790] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3790] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3790] chdir("./file2") = 0 [pid 3790] ioctl(4, LOOP_CLR_FD) = 0 [pid 3790] close(4) = 0 [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3789] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3789] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3789] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3791], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3791 [pid 3789] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3791 attached ) = 0 [pid 3789] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3791] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3791] mkdirat(4, "./bus/file0", 000 [pid 3790] <... futex resumed>) = 1 [pid 3790] mkdirat(4, "./bus", 000 [pid 3791] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 3791] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3789] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3791] <... futex resumed>) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3791] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3789] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... mkdirat resumed>) = 0 [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3790] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3791] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3791] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3791] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] <... futex resumed>) = 1 [pid 3790] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3790] mkdirat(-1, NULL, 000 [pid 3789] <... futex resumed>) = 0 [pid 3791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3789] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3791] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3791] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3790] <... futex resumed>) = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3791] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3790] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3790] mkdirat(-1, NULL, 000 [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3790] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3790] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3790] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3790] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] <... futex resumed>) = 0 [pid 3789] exit_group(0 [pid 3791] <... futex resumed>) = ? [pid 3790] <... futex resumed>) = ? [pid 3789] <... exit_group resumed>) = ? [pid 3791] +++ exited with 0 +++ [pid 3790] +++ exited with 0 +++ [pid 3789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3789, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 62.484886][ T3790] loop0: detected capacity change from 0 to 4096 [ 62.494492][ T3790] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3792 ./strace-static-x86_64: Process 3792 attached [pid 3792] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3792] chdir("./49") = 0 [pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3792] setpgid(0, 0) = 0 [pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3792] write(3, "1000", 4) = 4 [pid 3792] close(3) = 0 [pid 3792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3792] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3792] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3793 attached , parent_tid=[3793], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3793 [pid 3793] set_robust_list(0x7f687c5e19e0, 24 [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3793] <... set_robust_list resumed>) = 0 [pid 3793] memfd_create("syzkaller", 0) = 3 [pid 3793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3793] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3793] munmap(0x7f68741c1000, 2097152) = 0 [pid 3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3793] close(3) = 0 [pid 3793] mkdir("./file2", 0777) = 0 [pid 3793] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3793] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3793] chdir("./file2") = 0 [pid 3793] ioctl(4, LOOP_CLR_FD) = 0 [pid 3793] close(4) = 0 [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3792] <... futex resumed>) = 0 [pid 3793] openat(AT_FDCWD, ".", O_RDONLY [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... openat resumed>) = 4 [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3792] <... futex resumed>) = 0 [pid 3793] mkdirat(4, "./bus", 000 [pid 3792] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3793] <... mkdirat resumed>) = 0 [pid 3792] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] <... mprotect resumed>) = 0 [pid 3793] <... futex resumed>) = 0 [pid 3792] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3794 attached [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3794] set_robust_list(0x7f68743c09e0, 24 [pid 3792] <... clone resumed>, parent_tid=[3794], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3794 [pid 3794] <... set_robust_list resumed>) = 0 [pid 3792] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3794] mkdirat(4, "./bus/file0", 000 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3794] <... mkdirat resumed>) = 0 [pid 3794] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3794] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = 0 [ 62.617047][ T3793] loop0: detected capacity change from 0 to 4096 [ 62.627639][ T3793] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3792] <... futex resumed>) = 1 [pid 3793] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3792] <... futex resumed>) = 0 [pid 3793] mkdirat(-1, NULL, 000 [pid 3792] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3794] <... futex resumed>) = 0 [pid 3793] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3792] <... futex resumed>) = 1 [pid 3794] mkdirat(-1, NULL, 000 [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3794] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3793] <... futex resumed>) = 0 [pid 3794] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3794] <... futex resumed>) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3794] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = 0 [pid 3792] <... futex resumed>) = 1 [pid 3793] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3792] <... futex resumed>) = 0 [pid 3793] mkdirat(-1, NULL, 000 [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3792] <... futex resumed>) = 0 [pid 3793] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3792] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3793] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] exit_group(0 [pid 3794] <... futex resumed>) = ? [pid 3793] <... futex resumed>) = ? [pid 3792] <... exit_group resumed>) = ? [pid 3794] +++ exited with 0 +++ [pid 3793] +++ exited with 0 +++ [pid 3792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3795 ./strace-static-x86_64: Process 3795 attached [pid 3795] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3795] chdir("./50") = 0 [pid 3795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3795] setpgid(0, 0) = 0 [pid 3795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3795] write(3, "1000", 4) = 4 [pid 3795] close(3) = 0 [pid 3795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3795] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3795] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3796 attached , parent_tid=[3796], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3796 [pid 3796] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3796] <... futex resumed>) = 0 [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3796] memfd_create("syzkaller", 0) = 3 [pid 3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3796] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3796] munmap(0x7f68741c1000, 2097152) = 0 [pid 3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3796] close(3) = 0 [pid 3796] mkdir("./file2", 0777) = 0 [pid 3796] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3796] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3796] chdir("./file2") = 0 [pid 3796] ioctl(4, LOOP_CLR_FD) = 0 [pid 3796] close(4) = 0 [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] <... futex resumed>) = 1 [pid 3796] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... futex resumed>) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3796] mkdirat(4, "./bus", 000 [pid 3795] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3795] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3796] <... mkdirat resumed>) = 0 [pid 3795] <... mprotect resumed>) = 0 [pid 3795] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] <... clone resumed>, parent_tid=[3797], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3797 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3797 attached [pid 3797] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3797] mkdirat(4, "./bus/file0", 000) = 0 [pid 3797] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... futex resumed>) = 0 [pid 3795] <... futex resumed>) = 1 [pid 3796] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3796] mkdirat(-1, NULL, 000 [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3795] <... futex resumed>) = 0 [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3795] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... futex resumed>) = 0 [pid 3795] <... futex resumed>) = 0 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3797] <... futex resumed>) = 1 [pid 3797] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3797] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... futex resumed>) = 0 [pid 3795] <... futex resumed>) = 1 [pid 3796] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3797] <... futex resumed>) = 1 [pid 3796] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3795] <... futex resumed>) = 0 [pid 3797] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3796] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3795] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3796] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3796] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] exit_group(0 [pid 3797] <... futex resumed>) = ? [pid 3796] <... futex resumed>) = ? [pid 3795] <... exit_group resumed>) = ? [ 62.773218][ T3796] loop0: detected capacity change from 0 to 4096 [ 62.782662][ T3796] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3797] +++ exited with 0 +++ [pid 3796] +++ exited with 0 +++ [pid 3795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3795, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3798 ./strace-static-x86_64: Process 3798 attached [pid 3798] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3798] chdir("./51") = 0 [pid 3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3798] setpgid(0, 0) = 0 [pid 3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3798] write(3, "1000", 4) = 4 [pid 3798] close(3) = 0 [pid 3798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3798] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3798] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3799], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3799 [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3799 attached [pid 3799] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3799] memfd_create("syzkaller", 0) = 3 [pid 3799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3799] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3799] munmap(0x7f68741c1000, 2097152) = 0 [pid 3799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3799] close(3) = 0 [pid 3799] mkdir("./file2", 0777) = 0 [pid 3799] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3799] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3799] chdir("./file2") = 0 [pid 3799] ioctl(4, LOOP_CLR_FD) = 0 [pid 3799] close(4) = 0 [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] <... futex resumed>) = 0 [pid 3799] openat(AT_FDCWD, ".", O_RDONLY [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3799] <... openat resumed>) = 4 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3799] mkdirat(4, "./bus", 000 [pid 3798] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3798] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3800 attached [pid 3800] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3800] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3798] <... clone resumed>, parent_tid=[3800], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3800 [pid 3798] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3800] <... futex resumed>) = 0 [pid 3800] mkdirat(4, "./bus/file0", 000 [pid 3799] <... mkdirat resumed>) = 0 [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3800] <... mkdirat resumed>) = 0 [pid 3800] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3799] <... futex resumed>) = 0 [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3800] <... futex resumed>) = 1 [pid 3800] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3799] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3800] <... futex resumed>) = 0 [pid 3799] mkdirat(-1, NULL, 000 [pid 3798] <... futex resumed>) = 1 [pid 3800] mkdirat(-1, NULL, 000 [pid 3798] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3800] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3800] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] <... futex resumed>) = 0 [pid 3800] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3798] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3800] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3799] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3798] <... futex resumed>) = 0 [pid 3800] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3800] <... futex resumed>) = 0 [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3800] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3799] <... futex resumed>) = 0 [pid 3798] <... futex resumed>) = 0 [pid 3799] mkdirat(-1, NULL, 000 [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] <... futex resumed>) = 0 [pid 3799] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3798] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3798] <... futex resumed>) = 0 [pid 3799] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3798] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3799] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3798] <... futex resumed>) = 0 [pid 3799] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3798] exit_group(0 [pid 3800] <... futex resumed>) = ? [pid 3798] <... exit_group resumed>) = ? [pid 3800] +++ exited with 0 +++ [pid 3799] <... futex resumed>) = ? [pid 3799] +++ exited with 0 +++ [pid 3798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [ 62.912931][ T3799] loop0: detected capacity change from 0 to 4096 [ 62.923045][ T3799] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3801 ./strace-static-x86_64: Process 3801 attached [pid 3801] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3801] chdir("./52") = 0 [pid 3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3801] setpgid(0, 0) = 0 [pid 3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3801] write(3, "1000", 4) = 4 [pid 3801] close(3) = 0 [pid 3801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3801] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3801] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3802], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3802 [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3802 attached [pid 3802] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3802] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3802] munmap(0x7f68741c1000, 2097152) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file2", 0777) = 0 [pid 3802] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3802] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file2") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] openat(AT_FDCWD, ".", O_RDONLY [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... openat resumed>) = 4 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 0 [pid 3801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3802] mkdirat(4, "./bus", 000 [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] <... mkdirat resumed>) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... mmap resumed>) = 0x7f68743a0000 [pid 3802] <... futex resumed>) = 0 [pid 3801] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] <... mprotect resumed>) = 0 [pid 3801] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3803], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3803 [pid 3801] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3803 attached [pid 3803] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3803] mkdirat(4, "./bus/file0", 000) = 0 [pid 3803] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3803] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = 0 [pid 3801] <... futex resumed>) = 1 [pid 3802] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] <... futex resumed>) = 0 [pid 3802] mkdirat(-1, NULL, 000 [pid 3801] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3803] <... futex resumed>) = 0 [pid 3802] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3801] <... futex resumed>) = 1 [pid 3803] mkdirat(-1, NULL, 000 [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3803] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3802] <... futex resumed>) = 0 [ 63.045067][ T3802] loop0: detected capacity change from 0 to 4096 [ 63.056519][ T3802] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3803] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3803] <... futex resumed>) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3803] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = 0 [pid 3801] <... futex resumed>) = 1 [pid 3802] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] <... futex resumed>) = 0 [pid 3802] mkdirat(-1, NULL, 000 [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] <... futex resumed>) = 0 [pid 3802] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3801] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3802] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] exit_group(0 [pid 3803] <... futex resumed>) = ? [pid 3802] <... futex resumed>) = ? [pid 3801] <... exit_group resumed>) = ? [pid 3803] +++ exited with 0 +++ [pid 3802] +++ exited with 0 +++ [pid 3801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3804 ./strace-static-x86_64: Process 3804 attached [pid 3804] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3804] chdir("./53") = 0 [pid 3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3804] setpgid(0, 0) = 0 [pid 3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3804] write(3, "1000", 4) = 4 [pid 3804] close(3) = 0 [pid 3804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3804] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3804] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3805], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3805 ./strace-static-x86_64: Process 3805 attached [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3804] <... futex resumed>) = 0 [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3805] memfd_create("syzkaller", 0) = 3 [pid 3805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3805] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3805] munmap(0x7f68741c1000, 2097152) = 0 [pid 3805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3805] close(3) = 0 [pid 3805] mkdir("./file2", 0777) = 0 [pid 3805] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3805] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3805] chdir("./file2") = 0 [pid 3805] ioctl(4, LOOP_CLR_FD) = 0 [pid 3805] close(4) = 0 [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] <... futex resumed>) = 0 [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... futex resumed>) = 1 [pid 3805] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] <... futex resumed>) = 0 [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3804] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3804] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3806], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3806 [pid 3804] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... futex resumed>) = 1 [pid 3805] mkdirat(4, "./bus", 000) = 0 [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3805] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3806 attached [pid 3806] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3806] mkdirat(4, "./bus/file0", 000) = 0 [pid 3806] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... futex resumed>) = 0 [pid 3804] <... futex resumed>) = 1 [pid 3805] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3805] mkdirat(-1, NULL, 000 [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... futex resumed>) = 0 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3804] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3806] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3806] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... futex resumed>) = 0 [pid 3804] <... futex resumed>) = 1 [pid 3805] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3804] <... futex resumed>) = 0 [ 63.217475][ T3805] loop0: detected capacity change from 0 to 4096 [ 63.227808][ T3805] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3805] mkdirat(-1, NULL, 000 [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3804] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3804] <... futex resumed>) = 0 [pid 3805] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3804] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3805] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3804] exit_group(0 [pid 3805] <... futex resumed>) = ? [pid 3804] <... exit_group resumed>) = ? [pid 3805] +++ exited with 0 +++ [pid 3806] +++ exited with 0 +++ [pid 3804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3807 ./strace-static-x86_64: Process 3807 attached [pid 3807] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3807] chdir("./54") = 0 [pid 3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3807] setpgid(0, 0) = 0 [pid 3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3807] write(3, "1000", 4) = 4 [pid 3807] close(3) = 0 [pid 3807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3807] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3807] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3808 attached , parent_tid=[3808], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3808 [pid 3808] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3808] <... futex resumed>) = 0 [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3808] memfd_create("syzkaller", 0) = 3 [pid 3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3808] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3808] munmap(0x7f68741c1000, 2097152) = 0 [pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3808] close(3) = 0 [pid 3808] mkdir("./file2", 0777) = 0 [pid 3808] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3808] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3808] chdir("./file2") = 0 [pid 3808] ioctl(4, LOOP_CLR_FD) = 0 [pid 3808] close(4) = 0 [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3807] <... futex resumed>) = 0 [pid 3808] openat(AT_FDCWD, ".", O_RDONLY [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... openat resumed>) = 4 [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3807] <... futex resumed>) = 0 [pid 3808] mkdirat(4, "./bus", 000 [ 63.365703][ T3808] loop0: detected capacity change from 0 to 4096 [ 63.376888][ T3808] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3807] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3807] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3808] <... mkdirat resumed>) = 0 [pid 3807] <... mprotect resumed>) = 0 [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3809 attached [pid 3808] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] <... clone resumed>, parent_tid=[3809], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3809 [pid 3807] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3809] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3809] mkdirat(4, "./bus/file0", 000) = 0 [pid 3809] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = 0 [pid 3807] <... futex resumed>) = 1 [pid 3808] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3807] <... futex resumed>) = 0 [pid 3808] mkdirat(-1, NULL, 000 [pid 3807] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3809] <... futex resumed>) = 1 [pid 3809] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3809] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = 0 [pid 3807] <... futex resumed>) = 1 [pid 3808] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3807] <... futex resumed>) = 0 [pid 3808] mkdirat(-1, NULL, 000 [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3809] <... futex resumed>) = 1 [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3809] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3808] <... futex resumed>) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3807] <... futex resumed>) = 0 [pid 3808] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3807] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3808] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] exit_group(0 [pid 3809] <... futex resumed>) = ? [pid 3808] <... futex resumed>) = ? [pid 3807] <... exit_group resumed>) = ? [pid 3809] +++ exited with 0 +++ [pid 3808] +++ exited with 0 +++ [pid 3807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3810 ./strace-static-x86_64: Process 3810 attached [pid 3810] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3810] chdir("./55") = 0 [pid 3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3810] setpgid(0, 0) = 0 [pid 3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3810] write(3, "1000", 4) = 4 [pid 3810] close(3) = 0 [pid 3810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3810] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3810] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3811 attached , parent_tid=[3811], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3811 [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3811] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3811] memfd_create("syzkaller", 0) = 3 [pid 3811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3811] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3811] munmap(0x7f68741c1000, 2097152) = 0 [pid 3811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3811] close(3) = 0 [pid 3811] mkdir("./file2", 0777) = 0 [pid 3811] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3811] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3811] chdir("./file2") = 0 [pid 3811] ioctl(4, LOOP_CLR_FD) = 0 [pid 3811] close(4) = 0 [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] <... futex resumed>) = 0 [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3811] <... futex resumed>) = 1 [pid 3811] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] <... futex resumed>) = 0 [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3810] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3810] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3812], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3812 ./strace-static-x86_64: Process 3812 attached [pid 3810] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] set_robust_list(0x7f68743c09e0, 24 [pid 3810] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3812] <... set_robust_list resumed>) = 0 [pid 3812] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3812] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] <... futex resumed>) = 0 [pid 3812] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3810] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3810] <... futex resumed>) = 0 [pid 3812] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3812] <... futex resumed>) = 0 [pid 3810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3812] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3810] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3810] <... futex resumed>) = 0 [pid 3812] mkdirat(-1, NULL, 000 [pid 3810] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3810] <... futex resumed>) = 0 [pid 3812] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3812] <... futex resumed>) = 0 [pid 3812] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3811] <... futex resumed>) = 1 [pid 3810] <... mmap resumed>) = 0x7f687437f000 [pid 3810] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 3811] mkdirat(4, "./bus", 000 [pid 3810] <... mprotect resumed>) = 0 [pid 3810] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3811] <... mkdirat resumed>) = 0 [pid 3810] <... clone resumed>, parent_tid=[3813], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3813 [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3811] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3813 attached [pid 3813] set_robust_list(0x7f687439f9e0, 24 [pid 3810] <... futex resumed>) = 0 [pid 3811] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3810] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3813] <... set_robust_list resumed>) = 0 [ 63.524701][ T3811] loop0: detected capacity change from 0 to 4096 [ 63.534818][ T3811] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3813] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3813] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] <... futex resumed>) = 0 [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3813] <... futex resumed>) = 1 [pid 3813] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3811] <... futex resumed>) = 0 [pid 3811] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] <... futex resumed>) = 0 [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3811] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] <... futex resumed>) = 0 [pid 3811] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3810] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3810] <... futex resumed>) = 0 [pid 3811] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3810] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3811] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3811] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] <... futex resumed>) = 0 [pid 3811] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3810] exit_group(0) = ? [pid 3812] <... futex resumed>) = ? [pid 3811] <... futex resumed>) = ? [pid 3813] <... futex resumed>) = ? [pid 3812] +++ exited with 0 +++ [pid 3811] +++ exited with 0 +++ [pid 3813] +++ exited with 0 +++ [pid 3810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3814 ./strace-static-x86_64: Process 3814 attached [pid 3814] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3814] chdir("./56") = 0 [pid 3814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3814] setpgid(0, 0) = 0 [pid 3814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3814] write(3, "1000", 4) = 4 [pid 3814] close(3) = 0 [pid 3814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3814] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3814] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3815 attached , parent_tid=[3815], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3815 [pid 3815] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3815] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3815] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3815] memfd_create("syzkaller", 0) = 3 [pid 3815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3815] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3815] munmap(0x7f68741c1000, 2097152) = 0 [pid 3815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3815] close(3) = 0 [pid 3815] mkdir("./file2", 0777) = 0 [pid 3815] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3815] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3815] chdir("./file2") = 0 [pid 3815] ioctl(4, LOOP_CLR_FD) = 0 [pid 3815] close(4) = 0 [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 1 [pid 3815] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3814] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3814] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3816], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3816 [pid 3814] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 1 [pid 3815] mkdirat(4, "./bus", 000) = 0 [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3815] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3816 attached [pid 3816] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3816] mkdirat(4, "./bus/file0", 000) = 0 [pid 3816] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 0 [pid 3815] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 1 [pid 3815] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3815] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3816] <... futex resumed>) = 1 [pid 3816] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3816] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 0 [pid 3815] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 1 [pid 3815] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... futex resumed>) = 0 [pid 3814] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3815] <... futex resumed>) = 1 [pid 3815] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [ 63.657383][ T3815] loop0: detected capacity change from 0 to 4096 [ 63.666513][ T3815] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3815] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3814] <... futex resumed>) = 0 [pid 3815] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3814] exit_group(0 [pid 3815] <... futex resumed>) = ? [pid 3814] <... exit_group resumed>) = ? [pid 3815] +++ exited with 0 +++ [pid 3816] <... futex resumed>) = ? [pid 3816] +++ exited with 0 +++ [pid 3814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3814, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3817 ./strace-static-x86_64: Process 3817 attached [pid 3817] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3817] chdir("./57") = 0 [pid 3817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3817] setpgid(0, 0) = 0 [pid 3817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3817] write(3, "1000", 4) = 4 [pid 3817] close(3) = 0 [pid 3817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3817] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3817] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3818 attached , parent_tid=[3818], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3818 [pid 3818] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3818] <... futex resumed>) = 0 [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3818] memfd_create("syzkaller", 0) = 3 [pid 3818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3818] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3818] munmap(0x7f68741c1000, 2097152) = 0 [pid 3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3818] close(3) = 0 [pid 3818] mkdir("./file2", 0777) = 0 [pid 3818] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3818] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3818] chdir("./file2") = 0 [pid 3818] ioctl(4, LOOP_CLR_FD) = 0 [pid 3818] close(4) = 0 [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... futex resumed>) = 1 [pid 3818] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3817] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3818] <... futex resumed>) = 1 [pid 3817] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3818] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3819 attached [pid 3817] <... clone resumed>, parent_tid=[3819], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3819 [pid 3817] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3819] set_robust_list(0x7f68743c09e0, 24 [pid 3818] <... mkdirat resumed>) = 0 [pid 3817] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3819] <... set_robust_list resumed>) = 0 [pid 3819] mkdirat(4, "./bus/file0", 000) = 0 [pid 3819] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... futex resumed>) = 0 [pid 3817] <... futex resumed>) = 1 [pid 3819] <... futex resumed>) = 1 [pid 3818] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3819] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3818] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3818] mkdirat(-1, NULL, 000 [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3817] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3819] <... futex resumed>) = 0 [pid 3818] <... futex resumed>) = 0 [pid 3817] <... futex resumed>) = 1 [pid 3819] mkdirat(-1, NULL, 000 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3819] <... mkdirat resumed>) = -1 EFAULT (Bad address) [ 63.796121][ T3818] loop0: detected capacity change from 0 to 4096 [ 63.804955][ T3818] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3819] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3819] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... futex resumed>) = 0 [pid 3817] <... futex resumed>) = 1 [pid 3818] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3817] <... futex resumed>) = 0 [pid 3818] mkdirat(-1, NULL, 000 [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3817] <... futex resumed>) = 0 [pid 3818] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3817] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3818] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3818] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] exit_group(0 [pid 3819] <... futex resumed>) = ? [pid 3818] <... futex resumed>) = ? [pid 3817] <... exit_group resumed>) = ? [pid 3819] +++ exited with 0 +++ [pid 3818] +++ exited with 0 +++ [pid 3817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3817, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3820 ./strace-static-x86_64: Process 3820 attached [pid 3820] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3820] chdir("./58") = 0 [pid 3820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3820] setpgid(0, 0) = 0 [pid 3820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3820] write(3, "1000", 4) = 4 [pid 3820] close(3) = 0 [pid 3820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3820] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3820] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3821 attached [pid 3821] set_robust_list(0x7f687c5e19e0, 24 [pid 3820] <... clone resumed>, parent_tid=[3821], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3821 [pid 3821] <... set_robust_list resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = 0 [pid 3820] <... futex resumed>) = 1 [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3821] memfd_create("syzkaller", 0) = 3 [pid 3821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3821] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3821] munmap(0x7f68741c1000, 2097152) = 0 [pid 3821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3821] close(3) = 0 [pid 3821] mkdir("./file2", 0777) = 0 [pid 3821] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3821] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3821] chdir("./file2") = 0 [pid 3821] ioctl(4, LOOP_CLR_FD) = 0 [pid 3821] close(4) = 0 [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] <... futex resumed>) = 0 [pid 3821] openat(AT_FDCWD, ".", O_RDONLY [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] <... openat resumed>) = 4 [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] <... futex resumed>) = 0 [pid 3821] mkdirat(4, "./bus", 000 [pid 3820] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3821] <... mkdirat resumed>) = 0 [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3820] <... mmap resumed>) = 0x7f68743a0000 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3820] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3822 attached [pid 3822] set_robust_list(0x7f68743c09e0, 24 [pid 3820] <... clone resumed>, parent_tid=[3822], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3822 [pid 3822] <... set_robust_list resumed>) = 0 [pid 3820] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] mkdirat(4, "./bus/file0", 000 [pid 3820] <... futex resumed>) = 0 [pid 3820] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3822] <... mkdirat resumed>) = 0 [pid 3822] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3822] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = 0 [pid 3820] <... futex resumed>) = 1 [pid 3821] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 63.940517][ T3821] loop0: detected capacity change from 0 to 4096 [ 63.950459][ T3821] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] <... futex resumed>) = 0 [pid 3821] mkdirat(-1, NULL, 000 [pid 3820] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3820] <... futex resumed>) = 1 [pid 3821] <... futex resumed>) = 0 [pid 3820] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] <... futex resumed>) = 0 [pid 3822] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3822] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3822] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = 0 [pid 3820] <... futex resumed>) = 1 [pid 3821] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] <... futex resumed>) = 0 [pid 3821] mkdirat(-1, NULL, 000 [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] <... futex resumed>) = 0 [pid 3821] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3820] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3821] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3821] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3820] <... futex resumed>) = 0 [pid 3821] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3820] exit_group(0 [pid 3822] <... futex resumed>) = ? [pid 3821] <... futex resumed>) = ? [pid 3820] <... exit_group resumed>) = ? [pid 3822] +++ exited with 0 +++ [pid 3821] +++ exited with 0 +++ [pid 3820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3820, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3823 attached , child_tidptr=0x55555736f5d0) = 3823 [pid 3823] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3823] chdir("./59") = 0 [pid 3823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3823] setpgid(0, 0) = 0 [pid 3823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3823] write(3, "1000", 4) = 4 [pid 3823] close(3) = 0 [pid 3823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3823] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3823] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3824 attached , parent_tid=[3824], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3824 [pid 3824] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3824] <... futex resumed>) = 0 [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3824] memfd_create("syzkaller", 0) = 3 [pid 3824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3824] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3824] munmap(0x7f68741c1000, 2097152) = 0 [pid 3824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3824] close(3) = 0 [pid 3824] mkdir("./file2", 0777) = 0 [pid 3824] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3824] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3824] chdir("./file2") = 0 [pid 3824] ioctl(4, LOOP_CLR_FD) = 0 [pid 3824] close(4) = 0 [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3823] <... futex resumed>) = 0 [pid 3824] openat(AT_FDCWD, ".", O_RDONLY [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3824] <... openat resumed>) = 4 [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3823] <... futex resumed>) = 0 [pid 3824] mkdirat(4, "./bus", 000 [pid 3823] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... mkdirat resumed>) = 0 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3824] <... futex resumed>) = 0 [pid 3823] <... mmap resumed>) = 0x7f68743a0000 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3823] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3825], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3825 [pid 3823] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3825 attached [pid 3823] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3825] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3825] mkdirat(4, "./bus/file0", 000) = 0 [pid 3825] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... futex resumed>) = 0 [pid 3825] <... futex resumed>) = 1 [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3825] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3824] <... futex resumed>) = 0 [pid 3823] <... futex resumed>) = 1 [pid 3824] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3824] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3823] <... futex resumed>) = 0 [pid 3824] mkdirat(-1, NULL, 000 [pid 3823] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3825] <... futex resumed>) = 0 [pid 3824] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3823] <... futex resumed>) = 1 [pid 3825] mkdirat(-1, NULL, 000 [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3825] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3824] <... futex resumed>) = 0 [ 64.110311][ T3824] loop0: detected capacity change from 0 to 4096 [ 64.120628][ T3824] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3825] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3825] <... futex resumed>) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3825] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = 0 [pid 3823] <... futex resumed>) = 1 [pid 3824] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3824] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3823] <... futex resumed>) = 0 [pid 3824] mkdirat(-1, NULL, 000 [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3824] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3823] <... futex resumed>) = 0 [pid 3824] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3823] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3824] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3824] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] <... futex resumed>) = 0 [pid 3824] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3823] exit_group(0 [pid 3825] <... futex resumed>) = ? [pid 3824] <... futex resumed>) = ? [pid 3823] <... exit_group resumed>) = ? [pid 3825] +++ exited with 0 +++ [pid 3824] +++ exited with 0 +++ [pid 3823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3823, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3826 ./strace-static-x86_64: Process 3826 attached [pid 3826] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3826] chdir("./60") = 0 [pid 3826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3826] setpgid(0, 0) = 0 [pid 3826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3826] write(3, "1000", 4) = 4 [pid 3826] close(3) = 0 [pid 3826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3826] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3826] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3827], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3827 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3827 attached [pid 3827] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3827] memfd_create("syzkaller", 0) = 3 [pid 3827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3827] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3827] munmap(0x7f68741c1000, 2097152) = 0 [pid 3827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3827] close(3) = 0 [pid 3827] mkdir("./file2", 0777) = 0 [pid 3827] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3827] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3827] chdir("./file2") = 0 [pid 3827] ioctl(4, LOOP_CLR_FD) = 0 [pid 3827] close(4) = 0 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] <... futex resumed>) = 0 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... futex resumed>) = 1 [pid 3827] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] <... futex resumed>) = 0 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3826] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3826] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3828], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3828 [pid 3826] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3826] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... futex resumed>) = 1 [pid 3827] mkdirat(4, "./bus", 000) = 0 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3828 attached [pid 3828] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3828] mkdirat(4, "./bus/file0", 000) = 0 [pid 3828] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] <... futex resumed>) = 0 [pid 3828] <... futex resumed>) = 1 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3828] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3826] <... futex resumed>) = 1 [pid 3827] <... futex resumed>) = 0 [pid 3827] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... futex resumed>) = 0 [pid 3826] <... futex resumed>) = 1 [pid 3827] mkdirat(-1, NULL, 000 [pid 3826] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3826] <... futex resumed>) = 1 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... futex resumed>) = 0 [pid 3827] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3828] <... futex resumed>) = 0 [pid 3828] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3828] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3826] <... futex resumed>) = 0 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... futex resumed>) = 0 [pid 3826] <... futex resumed>) = 1 [pid 3827] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3826] <... futex resumed>) = 0 [pid 3827] mkdirat(-1, NULL, 000 [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3826] <... futex resumed>) = 0 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... futex resumed>) = 0 [pid 3826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3827] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3826] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3826] <... futex resumed>) = 0 [pid 3827] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] <... futex resumed>) = 0 [pid 3826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3827] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3826] exit_group(0 [pid 3827] <... futex resumed>) = ? [pid 3826] <... exit_group resumed>) = ? [pid 3827] +++ exited with 0 +++ [pid 3828] +++ exited with 0 +++ [pid 3826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3826, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 64.250899][ T3827] loop0: detected capacity change from 0 to 4096 [ 64.259938][ T3827] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3829 ./strace-static-x86_64: Process 3829 attached [pid 3829] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3829] chdir("./61") = 0 [pid 3829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3829] setpgid(0, 0) = 0 [pid 3829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3829] write(3, "1000", 4) = 4 [pid 3829] close(3) = 0 [pid 3829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3829] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3829] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3830], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3830 [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3830 attached [pid 3830] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3830] memfd_create("syzkaller", 0) = 3 [pid 3830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3830] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3830] munmap(0x7f68741c1000, 2097152) = 0 [pid 3830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3830] close(3) = 0 [pid 3830] mkdir("./file2", 0777) = 0 [pid 3830] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3830] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3830] chdir("./file2") = 0 [pid 3830] ioctl(4, LOOP_CLR_FD) = 0 [pid 3830] close(4) = 0 [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3830] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3829] <... futex resumed>) = 0 [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3830] <... futex resumed>) = 0 [pid 3830] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3829] <... futex resumed>) = 0 [pid 3830] mkdirat(4, "./bus", 000 [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3829] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3829] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3831], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3831 ./strace-static-x86_64: Process 3831 attached [pid 3829] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3831] set_robust_list(0x7f68743c09e0, 24 [pid 3829] <... futex resumed>) = 0 [pid 3831] <... set_robust_list resumed>) = 0 [pid 3829] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3831] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3831] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] <... futex resumed>) = 0 [pid 3829] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3831] <... futex resumed>) = 1 [pid 3831] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3831] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] <... futex resumed>) = 0 [pid 3829] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3829] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 3830] <... mkdirat resumed>) = 0 [pid 3829] <... mprotect resumed>) = 0 [ 64.378203][ T3830] loop0: detected capacity change from 0 to 4096 [ 64.388868][ T3830] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3829] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] <... clone resumed>, parent_tid=[3832], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3832 [pid 3831] <... futex resumed>) = 1 [pid 3829] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3831] mkdirat(-1, NULL, 000 [pid 3829] <... futex resumed>) = 0 [pid 3831] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3829] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3831] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3831] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3832 attached [pid 3832] set_robust_list(0x7f687439f9e0, 24 [pid 3830] <... futex resumed>) = 0 [pid 3832] <... set_robust_list resumed>) = 0 [pid 3830] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3832] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3832] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] <... futex resumed>) = 0 [pid 3832] <... futex resumed>) = 1 [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3830] <... futex resumed>) = 0 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3830] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3832] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3829] <... futex resumed>) = 0 [pid 3830] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3830] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3829] <... futex resumed>) = 0 [pid 3829] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3829] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3830] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3830] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3829] <... futex resumed>) = 0 [pid 3830] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3829] exit_group(0 [pid 3832] <... futex resumed>) = ? [pid 3831] <... futex resumed>) = ? [pid 3830] <... futex resumed>) = ? [pid 3829] <... exit_group resumed>) = ? [pid 3832] +++ exited with 0 +++ [pid 3831] +++ exited with 0 +++ [pid 3830] +++ exited with 0 +++ [pid 3829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3829, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3833 ./strace-static-x86_64: Process 3833 attached [pid 3833] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3833] chdir("./62") = 0 [pid 3833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3833] setpgid(0, 0) = 0 [pid 3833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3833] write(3, "1000", 4) = 4 [pid 3833] close(3) = 0 [pid 3833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3833] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3833] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3834], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3834 [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3834 attached [pid 3834] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3834] memfd_create("syzkaller", 0) = 3 [pid 3834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3834] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3834] munmap(0x7f68741c1000, 2097152) = 0 [pid 3834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3834] close(3) = 0 [pid 3834] mkdir("./file2", 0777) = 0 [pid 3834] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3834] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3834] chdir("./file2") = 0 [pid 3834] ioctl(4, LOOP_CLR_FD) = 0 [pid 3834] close(4) = 0 [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3834] openat(AT_FDCWD, ".", O_RDONLY [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... openat resumed>) = 4 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3834] <... futex resumed>) = 0 [pid 3833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3834] mkdirat(4, "./bus", 000 [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3833] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... mkdirat resumed>) = 0 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3834] <... futex resumed>) = 0 [pid 3833] <... mmap resumed>) = 0x7f68743a0000 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3833] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3835], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3835 [pid 3833] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3833] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3835 attached [pid 3835] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3835] mkdirat(4, "./bus/file0", 000) = 0 [pid 3835] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... futex resumed>) = 0 [pid 3833] <... futex resumed>) = 1 [pid 3834] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3835] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3833] <... futex resumed>) = 0 [pid 3834] mkdirat(-1, NULL, 000 [pid 3833] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3835] <... futex resumed>) = 0 [pid 3834] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3833] <... futex resumed>) = 1 [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3833] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3834] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3835] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3835] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3835] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] <... futex resumed>) = 0 [pid 3833] <... futex resumed>) = 1 [pid 3834] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [ 64.518241][ T3834] loop0: detected capacity change from 0 to 4096 [ 64.528750][ T3834] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3834] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3833] <... futex resumed>) = 0 [pid 3834] mkdirat(-1, NULL, 000 [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3834] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3833] <... futex resumed>) = 0 [pid 3834] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3833] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3834] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3834] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3833] <... futex resumed>) = 0 [pid 3834] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] exit_group(0 [pid 3835] <... futex resumed>) = ? [pid 3834] <... futex resumed>) = ? [pid 3833] <... exit_group resumed>) = ? [pid 3835] +++ exited with 0 +++ [pid 3834] +++ exited with 0 +++ [pid 3833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3833, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3836 ./strace-static-x86_64: Process 3836 attached [pid 3836] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3836] chdir("./63") = 0 [pid 3836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3836] setpgid(0, 0) = 0 [pid 3836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3836] write(3, "1000", 4) = 4 [pid 3836] close(3) = 0 [pid 3836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3836] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3836] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3837], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3837 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3837 attached [pid 3837] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3837] memfd_create("syzkaller", 0) = 3 [pid 3837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3837] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3837] munmap(0x7f68741c1000, 2097152) = 0 [pid 3837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3837] close(3) = 0 [pid 3837] mkdir("./file2", 0777) = 0 [pid 3837] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3837] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3837] chdir("./file2") = 0 [pid 3837] ioctl(4, LOOP_CLR_FD) = 0 [pid 3837] close(4) = 0 [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3837] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3837] mkdirat(4, "./bus", 000 [pid 3836] <... mmap resumed>) = 0x7f68743a0000 [pid 3836] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3836] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3838], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3838 [pid 3836] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3836] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3837] <... mkdirat resumed>) = 0 ./strace-static-x86_64: Process 3838 attached [pid 3838] set_robust_list(0x7f68743c09e0, 24 [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3838] <... set_robust_list resumed>) = 0 [pid 3838] mkdirat(4, "./bus/file0", 000 [ 64.668397][ T3837] loop0: detected capacity change from 0 to 4096 [ 64.678526][ T3837] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3837] <... futex resumed>) = 0 [pid 3837] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3838] <... mkdirat resumed>) = 0 [pid 3838] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3836] <... futex resumed>) = 0 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3836] <... futex resumed>) = 1 [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3837] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3838] <... futex resumed>) = 1 [pid 3837] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3838] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] mkdirat(-1, NULL, 000 [pid 3836] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3836] <... futex resumed>) = 1 [pid 3836] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = 0 [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3838] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3838] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3836] <... futex resumed>) = 0 [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3836] <... futex resumed>) = 1 [pid 3837] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = 1 [pid 3837] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3838] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3837] <... futex resumed>) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3837] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3836] <... futex resumed>) = 0 [pid 3837] mkdirat(-1, NULL, 000 [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3837] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3837] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3836] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3836] <... futex resumed>) = 0 [pid 3837] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3836] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3837] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3837] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3836] <... futex resumed>) = 0 [pid 3837] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3836] exit_group(0 [pid 3838] <... futex resumed>) = ? [pid 3837] <... futex resumed>) = ? [pid 3836] <... exit_group resumed>) = ? [pid 3838] +++ exited with 0 +++ [pid 3837] +++ exited with 0 +++ [pid 3836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3836, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3839 ./strace-static-x86_64: Process 3839 attached [pid 3839] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3839] chdir("./64") = 0 [pid 3839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3839] setpgid(0, 0) = 0 [pid 3839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3839] write(3, "1000", 4) = 4 [pid 3839] close(3) = 0 [pid 3839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3839] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3839] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3840 attached , parent_tid=[3840], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3840 [pid 3840] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3839] <... futex resumed>) = 1 [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3840] memfd_create("syzkaller", 0) = 3 [pid 3840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3840] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3840] munmap(0x7f68741c1000, 2097152) = 0 [pid 3840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3840] close(3) = 0 [pid 3840] mkdir("./file2", 0777) = 0 [pid 3840] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3840] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3840] chdir("./file2") = 0 [pid 3840] ioctl(4, LOOP_CLR_FD) = 0 [pid 3840] close(4) = 0 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3839] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3839] <... futex resumed>) = 0 [pid 3840] openat(AT_FDCWD, ".", O_RDONLY [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3840] <... openat resumed>) = 4 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3839] <... futex resumed>) = 0 [pid 3840] mkdirat(4, "./bus", 000 [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... mkdirat resumed>) = 0 [pid 3839] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3839] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3839] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3839] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3839] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3841], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3841 [pid 3839] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3839] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3841 attached [pid 3841] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3841] mkdirat(4, "./bus/file0", 000) = 0 [pid 3841] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3839] <... futex resumed>) = 0 [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3839] <... futex resumed>) = 1 [pid 3840] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3840] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3841] <... futex resumed>) = 1 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3841] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3840] <... futex resumed>) = 1 [pid 3839] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 64.830267][ T3840] loop0: detected capacity change from 0 to 4096 [ 64.839266][ T3840] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3839] <... futex resumed>) = 0 [pid 3840] mkdirat(-1, NULL, 000 [pid 3839] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3839] <... futex resumed>) = 1 [pid 3841] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3839] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3841] mkdirat(-1, NULL, 000 [pid 3840] <... futex resumed>) = 0 [pid 3841] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3841] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3839] <... futex resumed>) = 0 [pid 3841] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3839] <... futex resumed>) = 1 [pid 3840] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3839] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3839] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3839] <... futex resumed>) = 1 [pid 3840] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3840] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3839] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3840] <... futex resumed>) = 0 [pid 3840] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3839] exit_group(0 [pid 3840] <... futex resumed>) = ? [pid 3841] <... futex resumed>) = ? [pid 3839] <... exit_group resumed>) = ? [pid 3840] +++ exited with 0 +++ [pid 3841] +++ exited with 0 +++ [pid 3839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3839, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3842 ./strace-static-x86_64: Process 3842 attached [pid 3842] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3842] chdir("./65") = 0 [pid 3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3842] setpgid(0, 0) = 0 [pid 3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3842] write(3, "1000", 4) = 4 [pid 3842] close(3) = 0 [pid 3842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3842] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3842] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3843], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3843 [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3843 attached [pid 3843] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3843] memfd_create("syzkaller", 0) = 3 [pid 3843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3843] munmap(0x7f68741c1000, 2097152) = 0 [pid 3843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3843] close(3) = 0 [pid 3843] mkdir("./file2", 0777) = 0 [pid 3843] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3843] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3843] chdir("./file2") = 0 [pid 3843] ioctl(4, LOOP_CLR_FD) = 0 [pid 3843] close(4) = 0 [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... futex resumed>) = 1 [pid 3843] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3842] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3843] <... futex resumed>) = 1 [pid 3842] <... mprotect resumed>) = 0 [pid 3843] mkdirat(4, "./bus", 000 [pid 3842] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3844], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3844 [pid 3842] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3844 attached ) = 0 [pid 3844] set_robust_list(0x7f68743c09e0, 24 [pid 3842] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... set_robust_list resumed>) = 0 [pid 3844] mkdirat(4, "./bus/file0", 000 [pid 3843] <... mkdirat resumed>) = 0 [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3844] <... mkdirat resumed>) = 0 [pid 3844] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3842] <... futex resumed>) = 0 [pid 3844] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3842] <... futex resumed>) = 1 [pid 3843] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3842] <... futex resumed>) = 0 [pid 3843] mkdirat(-1, NULL, 000 [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3842] <... futex resumed>) = 0 [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3842] <... futex resumed>) = 1 [pid 3843] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 0 [ 64.976368][ T3843] loop0: detected capacity change from 0 to 4096 [ 64.985433][ T3843] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3844] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3844] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3842] <... futex resumed>) = 0 [pid 3844] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3842] <... futex resumed>) = 0 [pid 3843] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3842] <... futex resumed>) = 0 [pid 3843] mkdirat(-1, NULL, 000 [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3842] <... futex resumed>) = 0 [pid 3843] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3842] <... futex resumed>) = 0 [pid 3843] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3842] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3843] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3843] <... futex resumed>) = 1 [pid 3842] exit_group(0 [pid 3843] ????( [pid 3842] <... exit_group resumed>) = ? [pid 3844] <... futex resumed>) = ? [pid 3844] +++ exited with 0 +++ [pid 3843] <... ???? resumed>) = ? [pid 3843] +++ exited with 0 +++ [pid 3842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3845 ./strace-static-x86_64: Process 3845 attached [pid 3845] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3845] chdir("./66") = 0 [pid 3845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3845] setpgid(0, 0) = 0 [pid 3845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3845] write(3, "1000", 4) = 4 [pid 3845] close(3) = 0 [pid 3845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3845] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3845] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3846 attached , parent_tid=[3846], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3846 [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3846] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3846] memfd_create("syzkaller", 0) = 3 [pid 3846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3846] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3846] munmap(0x7f68741c1000, 2097152) = 0 [pid 3846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3846] close(3) = 0 [pid 3846] mkdir("./file2", 0777) = 0 [pid 3846] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3846] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3846] chdir("./file2") = 0 [pid 3846] ioctl(4, LOOP_CLR_FD) = 0 [pid 3846] close(4) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3845] <... futex resumed>) = 0 [pid 3846] openat(AT_FDCWD, ".", O_RDONLY [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... openat resumed>) = 4 [pid 3845] <... futex resumed>) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] <... futex resumed>) = 0 [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3846] mkdirat(4, "./bus", 000 [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... mkdirat resumed>) = 0 [pid 3845] <... futex resumed>) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3846] <... futex resumed>) = 0 [pid 3845] <... mmap resumed>) = 0x7f68743a0000 [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3845] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3845] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3847], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3847 ./strace-static-x86_64: Process 3847 attached [pid 3845] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3847] set_robust_list(0x7f68743c09e0, 24 [pid 3845] <... futex resumed>) = 0 [pid 3847] <... set_robust_list resumed>) = 0 [pid 3845] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3847] mkdirat(4, "./bus/file0", 000) = 0 [pid 3847] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3845] <... futex resumed>) = 0 [pid 3847] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... futex resumed>) = 0 [pid 3845] <... futex resumed>) = 1 [pid 3846] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3845] <... futex resumed>) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3845] <... futex resumed>) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 65.124640][ T3846] loop0: detected capacity change from 0 to 4096 [ 65.134656][ T3846] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... futex resumed>) = 0 [pid 3845] <... futex resumed>) = 1 [pid 3846] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... futex resumed>) = 0 [pid 3845] <... futex resumed>) = 1 [pid 3846] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3845] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3845] <... futex resumed>) = 0 [pid 3846] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3845] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3846] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3845] exit_group(0 [pid 3847] <... futex resumed>) = ? [pid 3846] <... futex resumed>) = ? [pid 3845] <... exit_group resumed>) = ? [pid 3847] +++ exited with 0 +++ [pid 3846] +++ exited with 0 +++ [pid 3845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3845, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3848 ./strace-static-x86_64: Process 3848 attached [pid 3848] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3848] chdir("./67") = 0 [pid 3848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3848] setpgid(0, 0) = 0 [pid 3848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3848] write(3, "1000", 4) = 4 [pid 3848] close(3) = 0 [pid 3848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3848] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3848] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3848] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3849 attached , parent_tid=[3849], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3849 [pid 3849] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3849] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3848] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3849] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3849] memfd_create("syzkaller", 0) = 3 [pid 3849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3849] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3849] munmap(0x7f68741c1000, 2097152) = 0 [pid 3849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3849] close(3) = 0 [pid 3849] mkdir("./file2", 0777) = 0 [pid 3849] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3849] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3849] chdir("./file2") = 0 [pid 3849] ioctl(4, LOOP_CLR_FD) = 0 [pid 3849] close(4) = 0 [pid 3849] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3849] openat(AT_FDCWD, ".", O_RDONLY [pid 3848] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] <... openat resumed>) = 4 [pid 3848] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3849] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3849] mkdirat(4, "./bus", 000 [pid 3848] <... mmap resumed>) = 0x7f68743a0000 [pid 3848] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3848] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3850 attached [pid 3850] set_robust_list(0x7f68743c09e0, 24 [pid 3848] <... clone resumed>, parent_tid=[3850], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3850 [pid 3848] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3850] <... set_robust_list resumed>) = 0 [pid 3848] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3850] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3850] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3850] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3850] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3850] mkdirat(-1, NULL, 000 [pid 3848] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3850] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3848] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3850] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3850] <... futex resumed>) = 0 [pid 3850] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3848] <... mmap resumed>) = 0x7f687437f000 [pid 3848] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3848] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3851], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3851 [pid 3848] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3851 attached ) = 0 [pid 3851] set_robust_list(0x7f687439f9e0, 24 [pid 3848] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3851] <... set_robust_list resumed>) = 0 [pid 3851] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3851] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3851] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3850] <... futex resumed>) = 0 [pid 3848] <... futex resumed>) = 1 [pid 3849] <... mkdirat resumed>) = 0 [pid 3848] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.278769][ T3849] loop0: detected capacity change from 0 to 4096 [ 65.288970][ T3849] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3850] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3849] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3850] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3849] <... futex resumed>) = 0 [pid 3849] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3850] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3848] <... futex resumed>) = 0 [pid 3850] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3848] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3849] <... futex resumed>) = 0 [pid 3848] <... futex resumed>) = 1 [pid 3849] mkdirat(-1, NULL, 000 [pid 3848] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3849] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3849] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3848] <... futex resumed>) = 0 [pid 3849] <... futex resumed>) = 1 [pid 3848] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3849] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3848] <... futex resumed>) = 0 [pid 3848] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3849] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3849] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3848] <... futex resumed>) = 0 [pid 3849] <... futex resumed>) = 1 [pid 3848] exit_group(0 [pid 3851] <... futex resumed>) = ? [pid 3850] <... futex resumed>) = ? [pid 3848] <... exit_group resumed>) = ? [pid 3851] +++ exited with 0 +++ [pid 3850] +++ exited with 0 +++ [pid 3849] +++ exited with 0 +++ [pid 3848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3848, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3852 attached , child_tidptr=0x55555736f5d0) = 3852 [pid 3852] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3852] chdir("./68") = 0 [pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3852] setpgid(0, 0) = 0 [pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3852] write(3, "1000", 4) = 4 [pid 3852] close(3) = 0 [pid 3852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3852] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3852] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3853], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3853 [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3853 attached [pid 3853] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3853] memfd_create("syzkaller", 0) = 3 [pid 3853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3853] munmap(0x7f68741c1000, 2097152) = 0 [pid 3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3853] close(3) = 0 [pid 3853] mkdir("./file2", 0777) = 0 [pid 3853] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3853] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3853] chdir("./file2") = 0 [pid 3853] ioctl(4, LOOP_CLR_FD) = 0 [pid 3853] close(4) = 0 [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3852] <... futex resumed>) = 0 [pid 3853] openat(AT_FDCWD, ".", O_RDONLY [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... openat resumed>) = 4 [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3853] mkdirat(4, "./bus", 000 [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... mkdirat resumed>) = 0 [pid 3852] <... futex resumed>) = 0 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... mmap resumed>) = 0x7f68743a0000 [pid 3853] <... futex resumed>) = 0 [pid 3852] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] <... mprotect resumed>) = 0 [pid 3852] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3854], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3854 [pid 3852] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3854 attached [pid 3854] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3854] mkdirat(4, "./bus/file0", 000) = 0 [pid 3854] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = 0 [pid 3852] <... futex resumed>) = 1 [pid 3853] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3852] <... futex resumed>) = 0 [pid 3853] mkdirat(-1, NULL, 000 [pid 3852] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3852] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3854] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3854] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = 0 [pid 3852] <... futex resumed>) = 1 [pid 3853] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 65.425998][ T3853] loop0: detected capacity change from 0 to 4096 [ 65.435585][ T3853] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3852] <... futex resumed>) = 0 [pid 3853] mkdirat(-1, NULL, 000 [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3854] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3852] <... futex resumed>) = 0 [pid 3853] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3852] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3853] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3853] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] exit_group(0 [pid 3853] <... futex resumed>) = ? [pid 3852] <... exit_group resumed>) = ? [pid 3853] +++ exited with 0 +++ [pid 3854] <... futex resumed>) = ? [pid 3854] +++ exited with 0 +++ [pid 3852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3855 attached , child_tidptr=0x55555736f5d0) = 3855 [pid 3855] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3855] chdir("./69") = 0 [pid 3855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3855] setpgid(0, 0) = 0 [pid 3855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3855] write(3, "1000", 4) = 4 [pid 3855] close(3) = 0 [pid 3855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3855] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3855] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3855] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3856 attached [pid 3856] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3855] <... clone resumed>, parent_tid=[3856], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3856 [pid 3856] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3856] <... futex resumed>) = 0 [pid 3855] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3856] memfd_create("syzkaller", 0) = 3 [pid 3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3856] munmap(0x7f68741c1000, 2097152) = 0 [pid 3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3856] close(3) = 0 [pid 3856] mkdir("./file2", 0777) = 0 [pid 3856] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3856] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3856] chdir("./file2") = 0 [pid 3856] ioctl(4, LOOP_CLR_FD) = 0 [pid 3856] close(4) = 0 [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3856] openat(AT_FDCWD, ".", O_RDONLY [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3856] <... openat resumed>) = 4 [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3856] mkdirat(4, "./bus", 000 [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3855] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3855] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3857], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3857 [pid 3855] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3857 attached [pid 3857] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3857] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3857] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3856] <... mkdirat resumed>) = 0 [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] <... futex resumed>) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3856] <... futex resumed>) = 0 [pid 3856] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3855] <... futex resumed>) = 0 [ 65.579125][ T3856] loop0: detected capacity change from 0 to 4096 [ 65.588480][ T3856] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] <... futex resumed>) = 0 [pid 3855] <... futex resumed>) = 1 [pid 3857] mkdirat(-1, NULL, 000 [pid 3855] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3857] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3857] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3856] <... futex resumed>) = 1 [pid 3857] <... futex resumed>) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3857] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3855] <... futex resumed>) = 0 [pid 3857] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3855] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3857] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3856] mkdirat(-1, NULL, 000 [pid 3857] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3856] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3855] <... futex resumed>) = 0 [pid 3857] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3855] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3856] <... futex resumed>) = 0 [pid 3855] <... futex resumed>) = 0 [pid 3857] mkdirat(-1, NULL, 000 [pid 3856] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3857] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3857] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3857] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3856] <... futex resumed>) = 0 [pid 3855] <... futex resumed>) = 1 [pid 3856] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3855] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3856] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3856] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3856] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3855] exit_group(0 [pid 3857] <... futex resumed>) = ? [pid 3856] <... futex resumed>) = ? [pid 3855] <... exit_group resumed>) = ? [pid 3857] +++ exited with 0 +++ [pid 3856] +++ exited with 0 +++ [pid 3855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3855, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3858 ./strace-static-x86_64: Process 3858 attached [pid 3858] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3858] chdir("./70") = 0 [pid 3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3858] setpgid(0, 0) = 0 [pid 3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3858] write(3, "1000", 4) = 4 [pid 3858] close(3) = 0 [pid 3858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3858] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3858] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3859 attached , parent_tid=[3859], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3859 [pid 3859] set_robust_list(0x7f687c5e19e0, 24 [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... set_robust_list resumed>) = 0 [pid 3858] <... futex resumed>) = 0 [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3859] memfd_create("syzkaller", 0) = 3 [pid 3859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3859] munmap(0x7f68741c1000, 2097152) = 0 [pid 3859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3859] close(3) = 0 [pid 3859] mkdir("./file2", 0777) = 0 [pid 3859] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3859] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3859] chdir("./file2") = 0 [pid 3859] ioctl(4, LOOP_CLR_FD) = 0 [pid 3859] close(4) = 0 [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3858] <... futex resumed>) = 0 [pid 3859] openat(AT_FDCWD, ".", O_RDONLY [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... openat resumed>) = 4 [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] <... futex resumed>) = 0 [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = 0 [pid 3858] <... futex resumed>) = 1 [pid 3859] mkdirat(4, "./bus", 000 [pid 3858] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... mkdirat resumed>) = 0 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3859] <... futex resumed>) = 0 [pid 3858] <... mmap resumed>) = 0x7f68743a0000 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3858] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3860 attached , parent_tid=[3860], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3860 [pid 3858] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3860] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3860] mkdirat(4, "./bus/file0", 000) = 0 [pid 3860] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [ 65.711365][ T3859] loop0: detected capacity change from 0 to 4096 [ 65.720838][ T3859] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = 0 [pid 3858] <... futex resumed>) = 1 [pid 3859] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3858] <... futex resumed>) = 0 [pid 3859] mkdirat(-1, NULL, 000 [pid 3858] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3860] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3860] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = 0 [pid 3860] <... futex resumed>) = 1 [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = 0 [pid 3858] <... futex resumed>) = 1 [pid 3859] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3858] <... futex resumed>) = 0 [pid 3859] mkdirat(-1, NULL, 000 [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3859] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3859] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3859] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3858] exit_group(0) = ? [pid 3859] <... futex resumed>) = ? [pid 3859] +++ exited with 0 +++ [pid 3860] +++ exited with 0 +++ [pid 3858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3861 attached , child_tidptr=0x55555736f5d0) = 3861 [pid 3861] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3861] chdir("./71") = 0 [pid 3861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3861] setpgid(0, 0) = 0 [pid 3861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3861] write(3, "1000", 4) = 4 [pid 3861] close(3) = 0 [pid 3861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3861] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3861] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3862 attached , parent_tid=[3862], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3862 [pid 3862] set_robust_list(0x7f687c5e19e0, 24 [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... set_robust_list resumed>) = 0 [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3862] memfd_create("syzkaller", 0) = 3 [pid 3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3862] munmap(0x7f68741c1000, 2097152) = 0 [pid 3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3862] close(3) = 0 [pid 3862] mkdir("./file2", 0777) = 0 [pid 3862] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3862] chdir("./file2") = 0 [pid 3862] ioctl(4, LOOP_CLR_FD) = 0 [pid 3862] close(4) = 0 [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3861] <... futex resumed>) = 1 [pid 3862] openat(AT_FDCWD, ".", O_RDONLY [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... openat resumed>) = 4 [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] mkdirat(4, "./bus", 000 [pid 3861] <... futex resumed>) = 0 [pid 3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3861] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3862] <... mkdirat resumed>) = 0 [pid 3861] <... mprotect resumed>) = 0 [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3861] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3862] <... futex resumed>) = 0 [ 65.862122][ T3862] loop0: detected capacity change from 0 to 4096 [ 65.872362][ T3862] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] <... clone resumed>, parent_tid=[3863], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3863 [pid 3861] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3863 attached [pid 3863] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3863] mkdirat(4, "./bus/file0", 000) = 0 [pid 3863] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3863] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3861] <... futex resumed>) = 1 [pid 3862] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3861] <... futex resumed>) = 0 [pid 3862] mkdirat(-1, NULL, 000 [pid 3861] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3863] <... futex resumed>) = 0 [pid 3862] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3861] <... futex resumed>) = 1 [pid 3863] mkdirat(-1, NULL, 000 [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3861] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3863] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3862] <... futex resumed>) = 0 [pid 3863] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3863] <... futex resumed>) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3863] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3861] <... futex resumed>) = 1 [pid 3862] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3861] <... futex resumed>) = 0 [pid 3862] mkdirat(-1, NULL, 000 [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3861] <... futex resumed>) = 0 [pid 3862] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3861] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3862] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3862] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] exit_group(0 [pid 3863] <... futex resumed>) = ? [pid 3862] <... futex resumed>) = ? [pid 3861] <... exit_group resumed>) = ? [pid 3862] +++ exited with 0 +++ [pid 3863] +++ exited with 0 +++ [pid 3861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3861, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3864] chdir("./72") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3864] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3865], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3865 ./strace-static-x86_64: Process 3865 attached [pid 3865] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3865] <... futex resumed>) = 0 [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3865] memfd_create("syzkaller", 0) = 3 [pid 3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3865] munmap(0x7f68741c1000, 2097152) = 0 [pid 3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3865] close(3) = 0 [pid 3865] mkdir("./file2", 0777) = 0 [pid 3865] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3865] chdir("./file2") = 0 [pid 3865] ioctl(4, LOOP_CLR_FD) = 0 [pid 3865] close(4) = 0 [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] openat(AT_FDCWD, ".", O_RDONLY [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... openat resumed>) = 4 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 0 [pid 3864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3865] mkdirat(4, "./bus", 000 [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... mkdirat resumed>) = 0 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = 0 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3864] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3866 attached , parent_tid=[3866], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3866 [pid 3866] set_robust_list(0x7f68743c09e0, 24 [pid 3864] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3866] <... set_robust_list resumed>) = 0 [pid 3866] mkdirat(4, "./bus/file0", 000) = 0 [pid 3866] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = 0 [pid 3864] <... futex resumed>) = 1 [pid 3866] <... futex resumed>) = 1 [pid 3865] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3866] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3865] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3864] <... futex resumed>) = 0 [pid 3865] mkdirat(-1, NULL, 000 [pid 3864] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3866] <... futex resumed>) = 0 [pid 3865] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3864] <... futex resumed>) = 1 [pid 3866] mkdirat(-1, NULL, 000 [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3866] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3865] <... futex resumed>) = 0 [pid 3866] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3866] <... futex resumed>) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3866] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 66.030233][ T3865] loop0: detected capacity change from 0 to 4096 [ 66.039394][ T3865] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = 0 [pid 3864] <... futex resumed>) = 1 [pid 3865] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3864] <... futex resumed>) = 0 [pid 3865] mkdirat(-1, NULL, 000 [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3864] <... futex resumed>) = 0 [pid 3865] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3864] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3865] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] exit_group(0 [pid 3866] <... futex resumed>) = ? [pid 3865] <... futex resumed>) = ? [pid 3864] <... exit_group resumed>) = ? [pid 3866] +++ exited with 0 +++ [pid 3865] +++ exited with 0 +++ [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3867 ./strace-static-x86_64: Process 3867 attached [pid 3867] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3867] chdir("./73") = 0 [pid 3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3867] setpgid(0, 0) = 0 [pid 3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3867] write(3, "1000", 4) = 4 [pid 3867] close(3) = 0 [pid 3867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3867] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3868 attached [pid 3868] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] <... clone resumed>, parent_tid=[3868], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3868 [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3868] <... futex resumed>) = 0 [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3868] memfd_create("syzkaller", 0) = 3 [pid 3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3868] munmap(0x7f68741c1000, 2097152) = 0 [pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3868] close(3) = 0 [pid 3868] mkdir("./file2", 0777) = 0 [pid 3868] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3868] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3868] chdir("./file2") = 0 [pid 3868] ioctl(4, LOOP_CLR_FD) = 0 [pid 3868] close(4) = 0 [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3868] <... futex resumed>) = 0 [pid 3868] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3868] <... futex resumed>) = 0 [pid 3867] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] mkdirat(4, "./bus", 000 [pid 3867] <... futex resumed>) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3867] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3869], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3869 [pid 3867] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... mkdirat resumed>) = 0 [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.178642][ T3868] loop0: detected capacity change from 0 to 4096 [ 66.189882][ T3868] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3869 attached [pid 3869] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3869] mkdirat(4, "./bus/file0", 000) = 0 [pid 3869] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3869] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] <... futex resumed>) = 0 [pid 3867] <... futex resumed>) = 1 [pid 3868] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3867] <... futex resumed>) = 0 [pid 3868] mkdirat(-1, NULL, 000 [pid 3867] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3867] <... futex resumed>) = 1 [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... futex resumed>) = 0 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3869] <... futex resumed>) = 0 [pid 3869] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3869] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3869] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] <... futex resumed>) = 0 [pid 3867] <... futex resumed>) = 1 [pid 3868] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] mkdirat(-1, NULL, 000 [pid 3867] <... futex resumed>) = 0 [pid 3868] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3868] <... futex resumed>) = 0 [pid 3867] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3868] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3867] <... futex resumed>) = 0 [pid 3868] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3867] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3868] <... futex resumed>) = 0 [pid 3868] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] exit_group(0 [pid 3868] <... futex resumed>) = ? [pid 3867] <... exit_group resumed>) = ? [pid 3869] <... futex resumed>) = ? [pid 3868] +++ exited with 0 +++ [pid 3869] +++ exited with 0 +++ [pid 3867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3870 ./strace-static-x86_64: Process 3870 attached [pid 3870] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3870] chdir("./74") = 0 [pid 3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3870] setpgid(0, 0) = 0 [pid 3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3870] write(3, "1000", 4) = 4 [pid 3870] close(3) = 0 [pid 3870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3870] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3870] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3871 attached [pid 3871] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] <... clone resumed>, parent_tid=[3871], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3871 [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3871] <... futex resumed>) = 0 [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3871] memfd_create("syzkaller", 0) = 3 [pid 3871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3871] munmap(0x7f68741c1000, 2097152) = 0 [pid 3871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3871] close(3) = 0 [pid 3871] mkdir("./file2", 0777) = 0 [pid 3871] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3871] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3871] chdir("./file2") = 0 [pid 3871] ioctl(4, LOOP_CLR_FD) = 0 [pid 3871] close(4) = 0 [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] openat(AT_FDCWD, ".", O_RDONLY [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... openat resumed>) = 4 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... futex resumed>) = 0 [pid 3870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3871] mkdirat(4, "./bus", 000 [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3871] <... mkdirat resumed>) = 0 [pid 3870] <... mmap resumed>) = 0x7f68743a0000 [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3871] <... futex resumed>) = 0 [pid 3870] <... mprotect resumed>) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3872], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3872 [pid 3870] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3872 attached [pid 3872] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3872] mkdirat(4, "./bus/file0", 000) = 0 [pid 3872] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] <... futex resumed>) = 0 [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = 0 [pid 3870] <... futex resumed>) = 1 [pid 3871] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3870] <... futex resumed>) = 0 [pid 3871] mkdirat(-1, NULL, 000 [pid 3870] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3872] <... futex resumed>) = 1 [pid 3871] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3870] <... futex resumed>) = 0 [pid 3872] mkdirat(-1, NULL, 000 [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3872] <... mkdirat resumed>) = -1 EFAULT (Bad address) [ 66.362597][ T3871] loop0: detected capacity change from 0 to 4096 [ 66.372215][ T3871] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3871] <... futex resumed>) = 0 [pid 3872] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3872] <... futex resumed>) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3872] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = 0 [pid 3870] <... futex resumed>) = 1 [pid 3871] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3870] <... futex resumed>) = 0 [pid 3871] mkdirat(-1, NULL, 000 [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3870] <... futex resumed>) = 0 [pid 3871] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3870] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3871] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] exit_group(0 [pid 3872] <... futex resumed>) = ? [pid 3871] <... futex resumed>) = ? [pid 3870] <... exit_group resumed>) = ? [pid 3872] +++ exited with 0 +++ [pid 3871] +++ exited with 0 +++ [pid 3870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3873 ./strace-static-x86_64: Process 3873 attached [pid 3873] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3873] chdir("./75") = 0 [pid 3873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3873] setpgid(0, 0) = 0 [pid 3873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3873] write(3, "1000", 4) = 4 [pid 3873] close(3) = 0 [pid 3873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3873] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3873] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3874 attached [pid 3874] set_robust_list(0x7f687c5e19e0, 24 [pid 3873] <... clone resumed>, parent_tid=[3874], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3874 [pid 3874] <... set_robust_list resumed>) = 0 [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3874] <... futex resumed>) = 0 [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3874] memfd_create("syzkaller", 0) = 3 [pid 3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3874] munmap(0x7f68741c1000, 2097152) = 0 [pid 3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3874] close(3) = 0 [pid 3874] mkdir("./file2", 0777) = 0 [pid 3874] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3874] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3874] chdir("./file2") = 0 [pid 3874] ioctl(4, LOOP_CLR_FD) = 0 [pid 3874] close(4) = 0 [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... futex resumed>) = 1 [pid 3874] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3874] mkdirat(4, "./bus", 000 [pid 3873] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3873] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3874] <... mkdirat resumed>) = 0 [pid 3873] <... mprotect resumed>) = 0 [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3874] <... futex resumed>) = 0 [pid 3873] <... clone resumed>, parent_tid=[3875], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3875 [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3875 attached ) = 0 [pid 3875] set_robust_list(0x7f68743c09e0, 24 [pid 3873] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3875] <... set_robust_list resumed>) = 0 [pid 3875] mkdirat(4, "./bus/file0", 000) = 0 [pid 3875] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... futex resumed>) = 0 [pid 3873] <... futex resumed>) = 1 [pid 3874] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3875] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3873] <... futex resumed>) = 0 [pid 3874] mkdirat(-1, NULL, 000 [pid 3873] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3873] <... futex resumed>) = 1 [pid 3875] <... futex resumed>) = 0 [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3875] mkdirat(-1, NULL, 000 [pid 3874] <... futex resumed>) = 0 [pid 3875] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 66.528883][ T3874] loop0: detected capacity change from 0 to 4096 [ 66.538810][ T3874] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3875] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3875] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... futex resumed>) = 0 [pid 3873] <... futex resumed>) = 1 [pid 3874] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3873] <... futex resumed>) = 0 [pid 3874] mkdirat(-1, NULL, 000 [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3873] <... futex resumed>) = 0 [pid 3874] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3873] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3874] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3873] <... futex resumed>) = 0 [pid 3874] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] exit_group(0 [pid 3875] <... futex resumed>) = ? [pid 3874] <... futex resumed>) = ? [pid 3873] <... exit_group resumed>) = ? [pid 3874] +++ exited with 0 +++ [pid 3875] +++ exited with 0 +++ [pid 3873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3876 ./strace-static-x86_64: Process 3876 attached [pid 3876] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3876] chdir("./76") = 0 [pid 3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3876] setpgid(0, 0) = 0 [pid 3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3876] write(3, "1000", 4) = 4 [pid 3876] close(3) = 0 [pid 3876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3876] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3876] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3876] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3877 attached , parent_tid=[3877], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3877 [pid 3877] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3877] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3876] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3877] <... futex resumed>) = 0 [pid 3876] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3877] memfd_create("syzkaller", 0) = 3 [pid 3877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3877] munmap(0x7f68741c1000, 2097152) = 0 [pid 3877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3877] close(3) = 0 [pid 3877] mkdir("./file2", 0777) = 0 [pid 3877] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3877] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3877] chdir("./file2") = 0 [pid 3877] ioctl(4, LOOP_CLR_FD) = 0 [pid 3877] close(4) = 0 [pid 3877] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3876] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] <... futex resumed>) = 1 [pid 3877] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3877] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3876] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3876] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3876] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3878], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3878 [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] <... futex resumed>) = 1 [pid 3877] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3878 attached [pid 3878] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3878] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3876] <... futex resumed>) = 0 [pid 3878] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3876] <... futex resumed>) = 0 [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... futex resumed>) = 0 [pid 3876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3878] mkdirat(-1, NULL, 000 [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3876] <... futex resumed>) = 0 [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... futex resumed>) = 0 [pid 3876] <... futex resumed>) = 0 [pid 3878] mkdirat(-1, NULL, 000 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3876] <... futex resumed>) = 0 [pid 3878] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3876] <... futex resumed>) = 0 [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... futex resumed>) = 0 [pid 3876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3878] mkdirat(-1, NULL, 000 [pid 3877] <... mkdirat resumed>) = 0 [pid 3876] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3877] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3878] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] <... futex resumed>) = 0 [pid 3876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3878] <... futex resumed>) = 0 [pid 3877] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3876] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3876] <... futex resumed>) = 0 [pid 3877] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3876] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3876] <... futex resumed>) = 0 [pid 3877] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3876] exit_group(0 [pid 3878] <... futex resumed>) = ? [ 66.675242][ T3877] loop0: detected capacity change from 0 to 4096 [ 66.684950][ T3877] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3877] <... futex resumed>) = ? [pid 3876] <... exit_group resumed>) = ? [pid 3878] +++ exited with 0 +++ [pid 3877] +++ exited with 0 +++ [pid 3876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3879 ./strace-static-x86_64: Process 3879 attached [pid 3879] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3879] chdir("./77") = 0 [pid 3879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3879] setpgid(0, 0) = 0 [pid 3879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3879] write(3, "1000", 4) = 4 [pid 3879] close(3) = 0 [pid 3879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3879] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3879] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3880 attached [pid 3880] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] <... clone resumed>, parent_tid=[3880], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3880 [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = 0 [pid 3879] <... futex resumed>) = 1 [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3880] memfd_create("syzkaller", 0) = 3 [pid 3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3880] munmap(0x7f68741c1000, 2097152) = 0 [pid 3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3880] close(3) = 0 [pid 3880] mkdir("./file2", 0777) = 0 [pid 3880] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3880] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3880] chdir("./file2") = 0 [pid 3880] ioctl(4, LOOP_CLR_FD) = 0 [pid 3880] close(4) = 0 [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3879] <... futex resumed>) = 0 [pid 3880] openat(AT_FDCWD, ".", O_RDONLY [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... openat resumed>) = 4 [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] mkdirat(4, "./bus", 000 [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... mkdirat resumed>) = 0 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3880] <... futex resumed>) = 0 [pid 3879] <... mmap resumed>) = 0x7f68743a0000 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3879] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3881], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3881 [pid 3879] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3881 attached [pid 3881] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3881] mkdirat(4, "./bus/file0", 000) = 0 [pid 3881] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] <... futex resumed>) = 0 [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = 0 [pid 3879] <... futex resumed>) = 1 [pid 3880] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 66.828773][ T3880] loop0: detected capacity change from 0 to 4096 [ 66.838704][ T3880] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3879] <... futex resumed>) = 0 [pid 3880] mkdirat(-1, NULL, 000 [pid 3879] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3881] <... futex resumed>) = 1 [pid 3881] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3881] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] <... futex resumed>) = 0 [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = 0 [pid 3879] <... futex resumed>) = 1 [pid 3880] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3879] <... futex resumed>) = 0 [pid 3880] mkdirat(-1, NULL, 000 [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3879] <... futex resumed>) = 0 [pid 3881] <... futex resumed>) = 1 [pid 3880] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3879] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3881] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3880] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3880] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3880] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] exit_group(0 [pid 3881] <... futex resumed>) = ? [pid 3880] <... futex resumed>) = ? [pid 3879] <... exit_group resumed>) = ? [pid 3881] +++ exited with 0 +++ [pid 3880] +++ exited with 0 +++ [pid 3879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3882 ./strace-static-x86_64: Process 3882 attached [pid 3882] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3882] chdir("./78") = 0 [pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3882] setpgid(0, 0) = 0 [pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3882] write(3, "1000", 4) = 4 [pid 3882] close(3) = 0 [pid 3882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3882] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3883 attached , parent_tid=[3883], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3883 [pid 3883] set_robust_list(0x7f687c5e19e0, 24 [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... set_robust_list resumed>) = 0 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3883] memfd_create("syzkaller", 0) = 3 [pid 3883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3883] munmap(0x7f68741c1000, 2097152) = 0 [pid 3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3883] close(3) = 0 [pid 3883] mkdir("./file2", 0777) = 0 [pid 3883] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3883] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3883] chdir("./file2") = 0 [pid 3883] ioctl(4, LOOP_CLR_FD) = 0 [pid 3883] close(4) = 0 [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3882] <... futex resumed>) = 0 [pid 3883] openat(AT_FDCWD, ".", O_RDONLY [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... openat resumed>) = 4 [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] mkdirat(4, "./bus", 000 [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... mkdirat resumed>) = 0 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3883] <... futex resumed>) = 0 [pid 3882] <... mmap resumed>) = 0x7f68743a0000 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3884 attached [pid 3884] set_robust_list(0x7f68743c09e0, 24 [pid 3882] <... clone resumed>, parent_tid=[3884], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3884 [pid 3884] <... set_robust_list resumed>) = 0 [pid 3882] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3884] mkdirat(4, "./bus/file0", 000 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3884] <... mkdirat resumed>) = 0 [pid 3884] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3884] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 66.984480][ T3883] loop0: detected capacity change from 0 to 4096 [ 66.994145][ T3883] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... futex resumed>) = 0 [pid 3882] <... futex resumed>) = 1 [pid 3883] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3882] <... futex resumed>) = 0 [pid 3883] mkdirat(-1, NULL, 000 [pid 3882] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3882] <... futex resumed>) = 1 [pid 3884] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3884] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3884] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3884] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3883] <... futex resumed>) = 0 [pid 3882] <... futex resumed>) = 1 [pid 3883] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3882] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3882] exit_group(0 [pid 3884] <... futex resumed>) = ? [pid 3882] <... exit_group resumed>) = ? [pid 3884] +++ exited with 0 +++ [pid 3883] <... futex resumed>) = ? [pid 3883] +++ exited with 0 +++ [pid 3882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3885 ./strace-static-x86_64: Process 3885 attached [pid 3885] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3885] chdir("./79") = 0 [pid 3885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3885] setpgid(0, 0) = 0 [pid 3885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3885] write(3, "1000", 4) = 4 [pid 3885] close(3) = 0 [pid 3885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3885] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3885] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3886], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3886 [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3886 attached [pid 3886] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3886] memfd_create("syzkaller", 0) = 3 [pid 3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3886] munmap(0x7f68741c1000, 2097152) = 0 [pid 3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3886] close(3) = 0 [pid 3886] mkdir("./file2", 0777) = 0 [pid 3886] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3886] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3886] chdir("./file2") = 0 [pid 3886] ioctl(4, LOOP_CLR_FD) = 0 [pid 3886] close(4) = 0 [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3885] <... futex resumed>) = 0 [pid 3886] openat(AT_FDCWD, ".", O_RDONLY [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] <... openat resumed>) = 4 [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3885] <... futex resumed>) = 0 [pid 3886] mkdirat(4, "./bus", 000 [pid 3885] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... mkdirat resumed>) = 0 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... mmap resumed>) = 0x7f68743a0000 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3885] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3887 attached , parent_tid=[3887], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3887 [pid 3887] set_robust_list(0x7f68743c09e0, 24 [pid 3885] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3887] <... set_robust_list resumed>) = 0 [pid 3885] <... futex resumed>) = 0 [pid 3887] mkdirat(4, "./bus/file0", 000 [ 67.144682][ T3886] loop0: detected capacity change from 0 to 4096 [ 67.154674][ T3886] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3885] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... mkdirat resumed>) = 0 [pid 3887] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3887] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... futex resumed>) = 1 [pid 3886] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3886] mkdirat(-1, NULL, 000 [pid 3885] <... futex resumed>) = 0 [pid 3886] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3885] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... futex resumed>) = 1 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 0 [pid 3887] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3887] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3887] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... futex resumed>) = 1 [pid 3886] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] mkdirat(-1, NULL, 000 [pid 3885] <... futex resumed>) = 0 [pid 3886] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3886] <... futex resumed>) = 0 [pid 3885] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3885] <... futex resumed>) = 0 [pid 3886] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3885] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] exit_group(0 [pid 3887] <... futex resumed>) = ? [pid 3886] <... futex resumed>) = ? [pid 3885] <... exit_group resumed>) = ? [pid 3887] +++ exited with 0 +++ [pid 3886] +++ exited with 0 +++ [pid 3885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3885, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3888 ./strace-static-x86_64: Process 3888 attached [pid 3888] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3888] chdir("./80") = 0 [pid 3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3888] setpgid(0, 0) = 0 [pid 3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3888] write(3, "1000", 4) = 4 [pid 3888] close(3) = 0 [pid 3888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3888] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3888] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3889], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3889 [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3889 attached [pid 3889] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3888] <... futex resumed>) = 0 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3889] memfd_create("syzkaller", 0) = 3 [pid 3889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3889] munmap(0x7f68741c1000, 2097152) = 0 [pid 3889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3889] close(3) = 0 [pid 3889] mkdir("./file2", 0777) = 0 [pid 3889] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3889] chdir("./file2") = 0 [pid 3889] ioctl(4, LOOP_CLR_FD) = 0 [pid 3889] close(4) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3889] openat(AT_FDCWD, ".", O_RDONLY [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... openat resumed>) = 4 [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... futex resumed>) = 0 [pid 3888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3889] mkdirat(4, "./bus", 000 [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... mkdirat resumed>) = 0 [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... futex resumed>) = 0 [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3888] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3888] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3890], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3890 [pid 3888] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3890 attached [pid 3890] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3890] mkdirat(4, "./bus/file0", 000) = 0 [pid 3890] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3890] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3889] <... futex resumed>) = 0 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 67.304387][ T3889] loop0: detected capacity change from 0 to 4096 [ 67.314523][ T3889] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] mkdirat(-1, NULL, 000 [pid 3888] <... futex resumed>) = 0 [pid 3889] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3888] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3890] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3890] mkdirat(-1, NULL, 000 [pid 3889] <... futex resumed>) = 0 [pid 3890] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3889] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3890] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3890] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... futex resumed>) = 0 [pid 3888] <... futex resumed>) = 1 [pid 3889] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3889] mkdirat(-1, NULL, 000 [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... futex resumed>) = 0 [pid 3888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3889] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3888] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... futex resumed>) = 0 [pid 3888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3889] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] exit_group(0 [pid 3890] <... futex resumed>) = ? [pid 3889] <... futex resumed>) = ? [pid 3888] <... exit_group resumed>) = ? [pid 3890] +++ exited with 0 +++ [pid 3889] +++ exited with 0 +++ [pid 3888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3891 attached , child_tidptr=0x55555736f5d0) = 3891 [pid 3891] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3891] chdir("./81") = 0 [pid 3891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3891] setpgid(0, 0) = 0 [pid 3891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3891] write(3, "1000", 4) = 4 [pid 3891] close(3) = 0 [pid 3891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3891] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3891] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3892 attached , parent_tid=[3892], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3892 [pid 3892] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3892] memfd_create("syzkaller", 0) = 3 [pid 3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3892] munmap(0x7f68741c1000, 2097152) = 0 [pid 3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3892] close(3) = 0 [pid 3892] mkdir("./file2", 0777) = 0 [pid 3892] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3892] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3892] chdir("./file2") = 0 [pid 3892] ioctl(4, LOOP_CLR_FD) = 0 [pid 3892] close(4) = 0 [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] openat(AT_FDCWD, ".", O_RDONLY [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] <... openat resumed>) = 4 [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... futex resumed>) = 0 [pid 3891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3892] mkdirat(4, "./bus", 000 [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3891] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3892] <... mkdirat resumed>) = 0 [pid 3891] <... mprotect resumed>) = 0 [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3891] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3892] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] <... clone resumed>, parent_tid=[3893], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3893 [pid 3891] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3893 attached [pid 3893] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3893] mkdirat(4, "./bus/file0", 000) = 0 [pid 3893] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3892] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3891] <... futex resumed>) = 0 [pid 3892] mkdirat(-1, NULL, 000 [pid 3891] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3891] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3893] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [ 67.458292][ T3892] loop0: detected capacity change from 0 to 4096 [ 67.467208][ T3892] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3893] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3893] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3891] <... futex resumed>) = 0 [pid 3892] mkdirat(-1, NULL, 000 [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3891] <... futex resumed>) = 0 [pid 3892] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3891] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3892] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] exit_group(0 [pid 3893] <... futex resumed>) = ? [pid 3892] <... futex resumed>) = ? [pid 3891] <... exit_group resumed>) = ? [pid 3892] +++ exited with 0 +++ [pid 3893] +++ exited with 0 +++ [pid 3891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3891, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3894 ./strace-static-x86_64: Process 3894 attached [pid 3894] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3894] chdir("./82") = 0 [pid 3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3894] setpgid(0, 0) = 0 [pid 3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3894] write(3, "1000", 4) = 4 [pid 3894] close(3) = 0 [pid 3894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3894] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3894] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3895], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3895 ./strace-static-x86_64: Process 3895 attached [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3895] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3895] memfd_create("syzkaller", 0) = 3 [pid 3895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3895] munmap(0x7f68741c1000, 2097152) = 0 [pid 3895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3895] close(3) = 0 [pid 3895] mkdir("./file2", 0777) = 0 [pid 3895] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3895] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3895] chdir("./file2") = 0 [pid 3895] ioctl(4, LOOP_CLR_FD) = 0 [pid 3895] close(4) = 0 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... futex resumed>) = 1 [pid 3895] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3894] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3894] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3895] <... futex resumed>) = 1 [pid 3894] <... clone resumed>, parent_tid=[3896], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3896 [pid 3894] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] mkdirat(4, "./bus", 000) = 0 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3895] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3896 attached [pid 3896] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3896] mkdirat(4, "./bus/file0", 000) = 0 [ 67.620568][ T3895] loop0: detected capacity change from 0 to 4096 [ 67.629214][ T3895] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3896] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3896] <... futex resumed>) = 1 [pid 3896] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3895] <... futex resumed>) = 0 [pid 3895] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3896] <... futex resumed>) = 0 [pid 3896] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3896] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... futex resumed>) = 1 [pid 3896] <... futex resumed>) = 1 [pid 3895] mkdirat(-1, NULL, 000 [pid 3896] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3895] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3896] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3896] <... futex resumed>) = 1 [pid 3895] <... futex resumed>) = 0 [pid 3894] <... futex resumed>) = 0 [pid 3896] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3895] mkdirat(-1, NULL, 000 [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3895] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3894] <... futex resumed>) = 0 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... futex resumed>) = 0 [pid 3894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3895] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3894] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3895] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3894] <... futex resumed>) = 0 [pid 3895] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3894] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... futex resumed>) = 0 [pid 3894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3895] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3894] exit_group(0 [pid 3896] <... futex resumed>) = ? [pid 3895] <... futex resumed>) = ? [pid 3894] <... exit_group resumed>) = ? [pid 3896] +++ exited with 0 +++ [pid 3895] +++ exited with 0 +++ [pid 3894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3897 ./strace-static-x86_64: Process 3897 attached [pid 3897] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3897] chdir("./83") = 0 [pid 3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3897] setpgid(0, 0) = 0 [pid 3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3897] write(3, "1000", 4) = 4 [pid 3897] close(3) = 0 [pid 3897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3897] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3897] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3898 attached , parent_tid=[3898], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3898 [pid 3897] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3898] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3898] memfd_create("syzkaller", 0) = 3 [pid 3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3898] munmap(0x7f68741c1000, 2097152) = 0 [pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3898] close(3) = 0 [pid 3898] mkdir("./file2", 0777) = 0 [pid 3898] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3898] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3898] chdir("./file2") = 0 [pid 3898] ioctl(4, LOOP_CLR_FD) = 0 [pid 3898] close(4) = 0 [pid 3898] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3898] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3898] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3897] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3899], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3899 [pid 3898] <... futex resumed>) = 0 [pid 3897] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] mkdirat(4, "./bus", 000) = 0 [pid 3898] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3898] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3899 attached [pid 3899] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3899] mkdirat(4, "./bus/file0", 000) = 0 [pid 3899] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3899] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3897] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... futex resumed>) = 0 [pid 3898] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 67.782044][ T3898] loop0: detected capacity change from 0 to 4096 [ 67.790772][ T3898] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3898] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3899] <... futex resumed>) = 0 [pid 3897] <... futex resumed>) = 1 [pid 3899] mkdirat(-1, NULL, 000 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3899] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3899] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3899] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3897] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3899] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3897] <... futex resumed>) = 0 [pid 3899] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3899] <... futex resumed>) = 0 [pid 3897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3899] mkdirat(-1, NULL, 000 [pid 3897] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3899] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3897] <... futex resumed>) = 0 [pid 3899] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3899] <... futex resumed>) = 0 [pid 3897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3899] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3897] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3899] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3897] <... futex resumed>) = 0 [pid 3899] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3899] <... futex resumed>) = 0 [pid 3897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3899] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3898] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3898] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3898] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3897] exit_group(0 [pid 3899] <... futex resumed>) = ? [pid 3898] <... futex resumed>) = ? [pid 3897] <... exit_group resumed>) = ? [pid 3899] +++ exited with 0 +++ [pid 3898] +++ exited with 0 +++ [pid 3897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3900 attached [pid 3900] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3900] chdir("./84" [pid 3636] <... clone resumed>, child_tidptr=0x55555736f5d0) = 3900 [pid 3900] <... chdir resumed>) = 0 [pid 3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3900] setpgid(0, 0) = 0 [pid 3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3900] write(3, "1000", 4) = 4 [pid 3900] close(3) = 0 [pid 3900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3900] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3900] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3901 attached [pid 3901] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3900] <... clone resumed>, parent_tid=[3901], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3901 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] <... futex resumed>) = 0 [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3901] memfd_create("syzkaller", 0) = 3 [pid 3901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3901] munmap(0x7f68741c1000, 2097152) = 0 [pid 3901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3901] close(3) = 0 [pid 3901] mkdir("./file2", 0777) = 0 [pid 3901] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3901] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3901] chdir("./file2") = 0 [pid 3901] ioctl(4, LOOP_CLR_FD) = 0 [pid 3901] close(4) = 0 [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = 0 [pid 3900] <... futex resumed>) = 1 [pid 3901] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3901] <... futex resumed>) = 0 [pid 3900] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] mkdirat(4, "./bus", 000 [pid 3900] <... futex resumed>) = 0 [pid 3901] <... mkdirat resumed>) = 0 [pid 3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] <... mmap resumed>) = 0x7f68743a0000 [pid 3900] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] <... mprotect resumed>) = 0 [pid 3900] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3902 attached , parent_tid=[3902], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3902 [pid 3902] set_robust_list(0x7f68743c09e0, 24 [pid 3900] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3902] <... set_robust_list resumed>) = 0 [pid 3900] <... futex resumed>) = 0 [pid 3902] mkdirat(4, "./bus/file0", 000 [pid 3900] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3902] <... mkdirat resumed>) = 0 [pid 3902] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3902] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = 0 [pid 3900] <... futex resumed>) = 1 [pid 3901] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = 0 [pid 3900] <... futex resumed>) = 0 [pid 3901] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] <... futex resumed>) = 0 [pid 3901] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] <... futex resumed>) = 0 [pid 3901] mkdirat(-1, NULL, 000 [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3900] <... futex resumed>) = 0 [pid 3901] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3900] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3901] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3901] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] exit_group(0 [pid 3902] <... futex resumed>) = ? [pid 3901] <... futex resumed>) = ? [pid 3900] <... exit_group resumed>) = ? [pid 3902] +++ exited with 0 +++ [pid 3901] +++ exited with 0 +++ [pid 3900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 [ 67.940520][ T3901] loop0: detected capacity change from 0 to 4096 [ 67.951112][ T3901] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3903 ./strace-static-x86_64: Process 3903 attached [pid 3903] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3903] chdir("./85") = 0 [pid 3903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3903] setpgid(0, 0) = 0 [pid 3903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3903] write(3, "1000", 4) = 4 [pid 3903] close(3) = 0 [pid 3903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3903] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3903] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3904 attached [pid 3904] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] <... clone resumed>, parent_tid=[3904], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3904 [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3904] <... futex resumed>) = 0 [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3904] memfd_create("syzkaller", 0) = 3 [pid 3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3904] munmap(0x7f68741c1000, 2097152) = 0 [pid 3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3904] close(3) = 0 [pid 3904] mkdir("./file2", 0777) = 0 [pid 3904] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3904] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3904] chdir("./file2") = 0 [pid 3904] ioctl(4, LOOP_CLR_FD) = 0 [pid 3904] close(4) = 0 [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3903] <... futex resumed>) = 0 [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3903] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3903] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3905], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3905 [pid 3904] <... futex resumed>) = 1 [pid 3903] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] mkdirat(4, "./bus", 000 [pid 3903] <... futex resumed>) = 0 [pid 3903] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... mkdirat resumed>) = 0 [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3905 attached [pid 3905] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3905] mkdirat(4, "./bus/file0", 000) = 0 [pid 3905] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3903] <... futex resumed>) = 0 [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] <... futex resumed>) = 0 [pid 3903] <... futex resumed>) = 1 [pid 3904] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3905] <... futex resumed>) = 1 [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3905] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3904] <... futex resumed>) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] mkdirat(-1, NULL, 000 [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3903] <... futex resumed>) = 0 [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3903] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3905] <... futex resumed>) = 0 [pid 3904] <... futex resumed>) = 0 [pid 3903] <... futex resumed>) = 1 [pid 3905] mkdirat(-1, NULL, 000 [ 68.083085][ T3904] loop0: detected capacity change from 0 to 4096 [ 68.092250][ T3904] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3905] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3905] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3905] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] <... futex resumed>) = 0 [pid 3903] <... futex resumed>) = 1 [pid 3904] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3903] <... futex resumed>) = 0 [pid 3904] mkdirat(-1, NULL, 000 [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3903] <... futex resumed>) = 0 [pid 3904] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3903] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3904] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] exit_group(0 [pid 3905] <... futex resumed>) = ? [pid 3904] <... futex resumed>) = ? [pid 3903] <... exit_group resumed>) = ? [pid 3904] +++ exited with 0 +++ [pid 3905] +++ exited with 0 +++ [pid 3903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3903, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3906 ./strace-static-x86_64: Process 3906 attached [pid 3906] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3906] chdir("./86") = 0 [pid 3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3906] setpgid(0, 0) = 0 [pid 3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3906] write(3, "1000", 4) = 4 [pid 3906] close(3) = 0 [pid 3906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3906] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3906] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3907 attached , parent_tid=[3907], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3907 [pid 3907] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3907] <... futex resumed>) = 0 [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3907] memfd_create("syzkaller", 0) = 3 [pid 3907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3907] munmap(0x7f68741c1000, 2097152) = 0 [pid 3907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3907] close(3) = 0 [pid 3907] mkdir("./file2", 0777) = 0 [pid 3907] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3907] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3907] chdir("./file2") = 0 [pid 3907] ioctl(4, LOOP_CLR_FD) = 0 [pid 3907] close(4) = 0 [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] openat(AT_FDCWD, ".", O_RDONLY [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... openat resumed>) = 4 [pid 3906] <... futex resumed>) = 0 [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... futex resumed>) = 0 [pid 3906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3906] <... futex resumed>) = 0 [pid 3907] mkdirat(4, "./bus", 000 [pid 3906] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3906] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3906] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3908 attached , parent_tid=[3908], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3908 [pid 3907] <... mkdirat resumed>) = 0 [pid 3906] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] <... futex resumed>) = 0 [pid 3907] <... futex resumed>) = 0 [pid 3906] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3908] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3908] mkdirat(4, "./bus/file0", 000) = 0 [pid 3908] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = 0 [ 68.236027][ T3907] loop0: detected capacity change from 0 to 4096 [ 68.245201][ T3907] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3906] <... futex resumed>) = 1 [pid 3907] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3906] <... futex resumed>) = 0 [pid 3907] mkdirat(-1, NULL, 000 [pid 3906] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3906] <... futex resumed>) = 0 [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... futex resumed>) = 0 [pid 3908] mkdirat(-1, NULL, 000 [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3908] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3908] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] <... futex resumed>) = 0 [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... futex resumed>) = 0 [pid 3907] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3908] <... futex resumed>) = 1 [pid 3908] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] <... futex resumed>) = 0 [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... futex resumed>) = 1 [pid 3907] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3906] <... futex resumed>) = 0 [pid 3907] <... futex resumed>) = 1 [pid 3906] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3906] <... futex resumed>) = 0 [pid 3907] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3906] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] exit_group(0 [pid 3908] <... futex resumed>) = ? [pid 3907] <... futex resumed>) = ? [pid 3906] <... exit_group resumed>) = ? [pid 3908] +++ exited with 0 +++ [pid 3907] +++ exited with 0 +++ [pid 3906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3909 ./strace-static-x86_64: Process 3909 attached [pid 3909] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3909] chdir("./87") = 0 [pid 3909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3909] setpgid(0, 0) = 0 [pid 3909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3909] write(3, "1000", 4) = 4 [pid 3909] close(3) = 0 [pid 3909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3909] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3909] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3910 attached , parent_tid=[3910], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3910 [pid 3910] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3910] memfd_create("syzkaller", 0) = 3 [pid 3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3910] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3910] munmap(0x7f68741c1000, 2097152) = 0 [pid 3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3910] close(3) = 0 [pid 3910] mkdir("./file2", 0777) = 0 [pid 3910] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3910] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3910] chdir("./file2") = 0 [pid 3910] ioctl(4, LOOP_CLR_FD) = 0 [pid 3910] close(4) = 0 [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = 0 [pid 3909] <... futex resumed>) = 1 [pid 3910] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3910] <... futex resumed>) = 0 [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] mkdirat(4, "./bus", 000 [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3910] <... mkdirat resumed>) = 0 [pid 3909] <... mmap resumed>) = 0x7f68743a0000 [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3910] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] <... mprotect resumed>) = 0 [pid 3909] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3911 attached , parent_tid=[3911], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3911 [pid 3909] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3911] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3911] mkdirat(4, "./bus/file0", 000) = 0 [pid 3911] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3911] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = 0 [pid 3909] <... futex resumed>) = 1 [pid 3910] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3909] <... futex resumed>) = 0 [pid 3910] mkdirat(-1, NULL, 000 [pid 3909] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3909] <... futex resumed>) = 1 [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] <... futex resumed>) = 0 [pid 3911] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3911] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = 0 [pid 3909] <... futex resumed>) = 1 [pid 3911] <... futex resumed>) = 1 [pid 3910] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3911] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3910] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3909] <... futex resumed>) = 0 [ 68.411624][ T3910] loop0: detected capacity change from 0 to 4096 [ 68.421997][ T3910] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3910] mkdirat(-1, NULL, 000 [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3909] <... futex resumed>) = 0 [pid 3910] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3909] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3910] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3910] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] exit_group(0 [pid 3911] <... futex resumed>) = ? [pid 3910] <... futex resumed>) = ? [pid 3909] <... exit_group resumed>) = ? [pid 3911] +++ exited with 0 +++ [pid 3910] +++ exited with 0 +++ [pid 3909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3909, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3912 ./strace-static-x86_64: Process 3912 attached [pid 3912] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3912] chdir("./88") = 0 [pid 3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3912] setpgid(0, 0) = 0 [pid 3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3912] write(3, "1000", 4) = 4 [pid 3912] close(3) = 0 [pid 3912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3912] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3913 attached , parent_tid=[3913], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3913 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3913] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3913] memfd_create("syzkaller", 0) = 3 [pid 3913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3913] munmap(0x7f68741c1000, 2097152) = 0 [pid 3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3913] close(3) = 0 [pid 3913] mkdir("./file2", 0777) = 0 [pid 3913] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3913] chdir("./file2") = 0 [pid 3913] ioctl(4, LOOP_CLR_FD) = 0 [pid 3913] close(4) = 0 [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3912] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3914], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3914 [pid 3912] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 1 [pid 3913] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3914 attached [pid 3914] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3914] mkdirat(4, "./bus/file0", 000 [pid 3913] <... mkdirat resumed>) = 0 [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.561913][ T3913] loop0: detected capacity change from 0 to 4096 [ 68.571646][ T3913] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3913] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3914] <... mkdirat resumed>) = 0 [pid 3914] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 0 [pid 3913] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 1 [pid 3913] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3914] <... futex resumed>) = 1 [pid 3913] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3914] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3914] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3914] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... futex resumed>) = 0 [pid 3912] <... futex resumed>) = 1 [pid 3913] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3913] mkdirat(-1, NULL, 000 [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3912] <... futex resumed>) = 0 [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 0 [pid 3912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3913] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3912] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3912] <... futex resumed>) = 0 [pid 3913] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 0 [pid 3912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3913] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] exit_group(0 [pid 3914] <... futex resumed>) = ? [pid 3913] <... futex resumed>) = ? [pid 3912] <... exit_group resumed>) = ? [pid 3914] +++ exited with 0 +++ [pid 3913] +++ exited with 0 +++ [pid 3912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3915 ./strace-static-x86_64: Process 3915 attached [pid 3915] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3915] chdir("./89") = 0 [pid 3915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3915] setpgid(0, 0) = 0 [pid 3915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3915] write(3, "1000", 4) = 4 [pid 3915] close(3) = 0 [pid 3915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3915] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3915] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3916], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3916 [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3916 attached [pid 3916] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3916] memfd_create("syzkaller", 0) = 3 [pid 3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3916] munmap(0x7f68741c1000, 2097152) = 0 [pid 3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3916] close(3) = 0 [pid 3916] mkdir("./file2", 0777) = 0 [pid 3916] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3916] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3916] chdir("./file2") = 0 [pid 3916] ioctl(4, LOOP_CLR_FD) = 0 [pid 3916] close(4) = 0 [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... futex resumed>) = 1 [pid 3916] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3915] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3915] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3917], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3917 [pid 3915] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... futex resumed>) = 1 [pid 3916] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3917 attached [pid 3917] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3917] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3917] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3917] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [ 68.702924][ T3916] loop0: detected capacity change from 0 to 4096 [ 68.711847][ T3916] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3917] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3916] <... mkdirat resumed>) = 0 [pid 3915] <... futex resumed>) = 0 [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3916] mkdirat(-1, NULL, 000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3917] <... futex resumed>) = 0 [pid 3915] <... futex resumed>) = 1 [pid 3917] mkdirat(-1, NULL, 000 [pid 3915] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3916] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3917] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3915] <... futex resumed>) = 0 [pid 3917] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3916] <... futex resumed>) = 0 [pid 3915] <... futex resumed>) = 1 [pid 3916] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3915] <... futex resumed>) = 0 [pid 3916] mkdirat(-1, NULL, 000 [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3916] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3915] <... futex resumed>) = 0 [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3915] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3916] <... futex resumed>) = 0 [pid 3915] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3916] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3916] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3915] <... futex resumed>) = 0 [pid 3915] exit_group(0 [pid 3917] <... futex resumed>) = ? [pid 3915] <... exit_group resumed>) = ? [pid 3916] <... futex resumed>) = ? [pid 3917] +++ exited with 0 +++ [pid 3916] +++ exited with 0 +++ [pid 3915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3915, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3918 ./strace-static-x86_64: Process 3918 attached [pid 3918] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3918] chdir("./90") = 0 [pid 3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3918] setpgid(0, 0) = 0 [pid 3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3918] write(3, "1000", 4) = 4 [pid 3918] close(3) = 0 [pid 3918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3918] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3918] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3919 attached , parent_tid=[3919], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3919 [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3919] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3919] memfd_create("syzkaller", 0) = 3 [pid 3919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3919] munmap(0x7f68741c1000, 2097152) = 0 [pid 3919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3919] close(3) = 0 [pid 3919] mkdir("./file2", 0777) = 0 [pid 3919] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3919] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3919] chdir("./file2") = 0 [pid 3919] ioctl(4, LOOP_CLR_FD) = 0 [pid 3919] close(4) = 0 [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... futex resumed>) = 0 [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... futex resumed>) = 1 [pid 3919] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3919] mkdirat(4, "./bus", 000 [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3919] <... mkdirat resumed>) = 0 [pid 3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... mmap resumed>) = 0x7f68743a0000 [ 68.856064][ T3919] loop0: detected capacity change from 0 to 4096 [ 68.864793][ T3919] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3919] <... futex resumed>) = 0 [pid 3918] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3919] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] <... mprotect resumed>) = 0 [pid 3918] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3920], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3920 [pid 3918] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3920 attached [pid 3920] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3920] mkdirat(4, "./bus/file0", 000) = 0 [pid 3920] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3920] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3919] <... futex resumed>) = 0 [pid 3918] <... futex resumed>) = 1 [pid 3919] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3919] mkdirat(-1, NULL, 000 [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3919] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3918] <... futex resumed>) = 0 [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3919] <... futex resumed>) = 0 [pid 3920] <... futex resumed>) = 0 [pid 3919] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] <... futex resumed>) = 1 [pid 3920] mkdirat(-1, NULL, 000 [pid 3918] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3920] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3920] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3920] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3919] <... futex resumed>) = 0 [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3919] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3918] <... futex resumed>) = 0 [pid 3919] mkdirat(-1, NULL, 000 [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3919] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3918] <... futex resumed>) = 0 [pid 3919] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3918] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3919] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3919] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3918] exit_group(0 [pid 3920] <... futex resumed>) = ? [pid 3919] <... futex resumed>) = ? [pid 3918] <... exit_group resumed>) = ? [pid 3920] +++ exited with 0 +++ [pid 3919] +++ exited with 0 +++ [pid 3918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3921 ./strace-static-x86_64: Process 3921 attached [pid 3921] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3921] chdir("./91") = 0 [pid 3921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3921] setpgid(0, 0) = 0 [pid 3921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3921] write(3, "1000", 4) = 4 [pid 3921] close(3) = 0 [pid 3921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3921] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3921] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3922], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3922 [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3922 attached [pid 3922] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3922] memfd_create("syzkaller", 0) = 3 [pid 3922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3922] munmap(0x7f68741c1000, 2097152) = 0 [pid 3922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3922] close(3) = 0 [pid 3922] mkdir("./file2", 0777) = 0 [pid 3922] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3922] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3922] chdir("./file2") = 0 [pid 3922] ioctl(4, LOOP_CLR_FD) = 0 [pid 3922] close(4) = 0 [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3922] openat(AT_FDCWD, ".", O_RDONLY [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... openat resumed>) = 4 [pid 3921] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... futex resumed>) = 0 [pid 3921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3922] mkdirat(4, "./bus", 000 [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3921] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3921] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3923 attached [pid 3923] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3923] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] <... clone resumed>, parent_tid=[3923], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3923 [pid 3921] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... mkdirat resumed>) = 0 [pid 3921] <... futex resumed>) = 1 [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3921] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3923] <... futex resumed>) = 0 [pid 3922] <... futex resumed>) = 0 [pid 3923] mkdirat(4, "./bus/file0", 000 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3923] <... mkdirat resumed>) = 0 [pid 3923] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3923] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = 0 [pid 3921] <... futex resumed>) = 1 [pid 3922] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3921] <... futex resumed>) = 0 [pid 3922] mkdirat(-1, NULL, 000 [pid 3921] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3921] <... futex resumed>) = 1 [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3921] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3923] <... futex resumed>) = 0 [pid 3923] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3923] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3923] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3922] <... futex resumed>) = 0 [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3921] <... futex resumed>) = 0 [pid 3922] mkdirat(-1, NULL, 000 [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3921] <... futex resumed>) = 0 [pid 3922] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3921] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3922] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3922] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] exit_group(0 [pid 3923] <... futex resumed>) = ? [pid 3922] <... futex resumed>) = ? [ 69.008134][ T3922] loop0: detected capacity change from 0 to 4096 [ 69.018742][ T3922] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3921] <... exit_group resumed>) = ? [pid 3922] +++ exited with 0 +++ [pid 3923] +++ exited with 0 +++ [pid 3921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3921, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3924 ./strace-static-x86_64: Process 3924 attached [pid 3924] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3924] chdir("./92") = 0 [pid 3924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3924] setpgid(0, 0) = 0 [pid 3924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3924] write(3, "1000", 4) = 4 [pid 3924] close(3) = 0 [pid 3924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3924] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3924] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3924] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3925], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3925 [pid 3924] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3925 attached [pid 3925] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3925] memfd_create("syzkaller", 0) = 3 [pid 3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3925] munmap(0x7f68741c1000, 2097152) = 0 [pid 3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3925] close(3) = 0 [pid 3925] mkdir("./file2", 0777) = 0 [pid 3925] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3925] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3925] chdir("./file2") = 0 [pid 3925] ioctl(4, LOOP_CLR_FD) = 0 [pid 3925] close(4) = 0 [pid 3925] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3925] <... futex resumed>) = 1 [pid 3925] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3925] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3924] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3924] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3926], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3926 [pid 3924] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3925] <... futex resumed>) = 1 [pid 3925] mkdirat(4, "./bus", 000) = 0 [pid 3925] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3925] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3926 attached [pid 3926] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3926] mkdirat(4, "./bus/file0", 000) = 0 [pid 3926] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3926] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3925] <... futex resumed>) = 0 [pid 3925] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3925] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3926] <... futex resumed>) = 0 [pid 3924] <... futex resumed>) = 1 [pid 3926] mkdirat(-1, NULL, 000 [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3926] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3926] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3925] mkdirat(-1, NULL, 000 [pid 3926] <... futex resumed>) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3926] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3924] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3924] <... futex resumed>) = 0 [pid 3926] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3926] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3926] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3926] mkdirat(-1, NULL, 000 [pid 3924] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3926] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3926] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3926] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3924] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3924] <... futex resumed>) = 0 [ 69.148974][ T3925] loop0: detected capacity change from 0 to 4096 [ 69.159404][ T3925] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3925] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3926] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3924] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3926] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3925] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3926] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3925] <... futex resumed>) = 0 [pid 3924] <... futex resumed>) = 0 [pid 3926] <... futex resumed>) = 1 [pid 3926] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3925] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3924] exit_group(0 [pid 3926] <... futex resumed>) = ? [pid 3925] <... futex resumed>) = ? [pid 3924] <... exit_group resumed>) = ? [pid 3925] +++ exited with 0 +++ [pid 3926] +++ exited with 0 +++ [pid 3924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3924, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3927 attached [pid 3927] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3927] chdir("./93") = 0 [pid 3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3927] setpgid(0, 0) = 0 [pid 3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3927] write(3, "1000", 4) = 4 [pid 3927] close(3) = 0 [pid 3927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3636] <... clone resumed>, child_tidptr=0x55555736f5d0) = 3927 [pid 3927] <... mmap resumed>) = 0x7f687c5c1000 [pid 3927] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3927] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3928 attached , parent_tid=[3928], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3928 [pid 3928] set_robust_list(0x7f687c5e19e0, 24 [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] <... set_robust_list resumed>) = 0 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3928] memfd_create("syzkaller", 0) = 3 [pid 3928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3928] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3928] munmap(0x7f68741c1000, 2097152) = 0 [pid 3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3928] close(3) = 0 [pid 3928] mkdir("./file2", 0777) = 0 [pid 3928] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3928] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3928] chdir("./file2") = 0 [pid 3928] ioctl(4, LOOP_CLR_FD) = 0 [pid 3928] close(4) = 0 [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3928] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3927] <... futex resumed>) = 0 [pid 3928] openat(AT_FDCWD, ".", O_RDONLY [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] <... openat resumed>) = 4 [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3928] mkdirat(4, "./bus", 000 [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] <... mkdirat resumed>) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3927] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3927] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3929], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3929 ./strace-static-x86_64: Process 3929 attached [pid 3927] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3929] set_robust_list(0x7f68743c09e0, 24 [pid 3927] <... futex resumed>) = 0 [pid 3929] <... set_robust_list resumed>) = 0 [pid 3927] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3929] mkdirat(4, "./bus/file0", 000 [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3929] <... mkdirat resumed>) = 0 [pid 3929] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3929] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] <... futex resumed>) = 0 [ 69.292235][ T3928] loop0: detected capacity change from 0 to 4096 [ 69.302434][ T3928] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3928] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3929] <... futex resumed>) = 0 [pid 3928] <... futex resumed>) = 1 [pid 3927] <... futex resumed>) = 1 [pid 3929] mkdirat(-1, NULL, 000 [pid 3928] mkdirat(-1, NULL, 000 [pid 3927] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3929] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3928] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3929] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3929] <... futex resumed>) = 1 [pid 3928] <... futex resumed>) = 0 [pid 3927] <... futex resumed>) = 0 [pid 3929] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3928] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3928] mkdirat(-1, NULL, 000 [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3928] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3927] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3928] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3928] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] exit_group(0 [pid 3929] <... futex resumed>) = ? [pid 3928] <... futex resumed>) = ? [pid 3927] <... exit_group resumed>) = ? [pid 3929] +++ exited with 0 +++ [pid 3928] +++ exited with 0 +++ [pid 3927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3930 ./strace-static-x86_64: Process 3930 attached [pid 3930] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3930] chdir("./94") = 0 [pid 3930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3930] setpgid(0, 0) = 0 [pid 3930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3930] write(3, "1000", 4) = 4 [pid 3930] close(3) = 0 [pid 3930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3930] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3930] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3931 attached [pid 3931] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] <... clone resumed>, parent_tid=[3931], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3931 [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3931] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3931] memfd_create("syzkaller", 0) = 3 [pid 3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3931] munmap(0x7f68741c1000, 2097152) = 0 [pid 3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3931] close(3) = 0 [pid 3931] mkdir("./file2", 0777) = 0 [pid 3931] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3931] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3931] chdir("./file2") = 0 [pid 3931] ioctl(4, LOOP_CLR_FD) = 0 [pid 3931] close(4) = 0 [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3931] <... futex resumed>) = 0 [pid 3931] openat(AT_FDCWD, ".", O_RDONLY [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... openat resumed>) = 4 [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3931] mkdirat(4, "./bus", 000 [pid 3930] <... futex resumed>) = 0 [pid 3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3930] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3931] <... mkdirat resumed>) = 0 [pid 3930] <... mprotect resumed>) = 0 [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3931] <... futex resumed>) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3932 attached [pid 3930] <... clone resumed>, parent_tid=[3932], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3932 [pid 3932] set_robust_list(0x7f68743c09e0, 24 [pid 3930] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3932] <... set_robust_list resumed>) = 0 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3932] mkdirat(4, "./bus/file0", 000) = 0 [pid 3932] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3931] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3932] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3931] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3930] <... futex resumed>) = 0 [pid 3931] mkdirat(-1, NULL, 000 [pid 3930] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3931] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] <... futex resumed>) = 1 [pid 3931] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3932] <... futex resumed>) = 0 [pid 3932] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3932] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3931] <... futex resumed>) = 0 [pid 3931] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3932] <... futex resumed>) = 1 [pid 3931] <... futex resumed>) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3932] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3930] <... futex resumed>) = 0 [pid 3931] mkdirat(-1, NULL, 000 [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 69.454646][ T3931] loop0: detected capacity change from 0 to 4096 [ 69.465005][ T3931] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3930] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3930] <... futex resumed>) = 0 [pid 3931] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3930] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3931] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3931] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] exit_group(0 [pid 3932] <... futex resumed>) = ? [pid 3931] <... futex resumed>) = ? [pid 3930] <... exit_group resumed>) = ? [pid 3932] +++ exited with 0 +++ [pid 3931] +++ exited with 0 +++ [pid 3930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3930, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3933 ./strace-static-x86_64: Process 3933 attached [pid 3933] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3933] chdir("./95") = 0 [pid 3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3933] setpgid(0, 0) = 0 [pid 3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3933] write(3, "1000", 4) = 4 [pid 3933] close(3) = 0 [pid 3933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3933] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3934], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3934 ./strace-static-x86_64: Process 3934 attached [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3934] memfd_create("syzkaller", 0) = 3 [pid 3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3934] munmap(0x7f68741c1000, 2097152) = 0 [pid 3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3934] close(3) = 0 [pid 3934] mkdir("./file2", 0777) = 0 [pid 3934] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3934] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3934] chdir("./file2") = 0 [pid 3934] ioctl(4, LOOP_CLR_FD) = 0 [pid 3934] close(4) = 0 [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 0 [pid 3934] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3933] <... futex resumed>) = 0 [pid 3934] mkdirat(4, "./bus", 000 [pid 3933] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3933] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3935 attached , parent_tid=[3935], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3935 [pid 3934] <... mkdirat resumed>) = 0 [pid 3933] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... futex resumed>) = 0 [pid 3933] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3935] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3935] mkdirat(4, "./bus/file0", 000) = 0 [ 69.597324][ T3934] loop0: detected capacity change from 0 to 4096 [ 69.606642][ T3934] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3935] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3935] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = 1 [pid 3934] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] <... futex resumed>) = 0 [pid 3934] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = 0 [pid 3934] mkdirat(-1, NULL, 000 [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3933] <... futex resumed>) = 0 [pid 3934] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3933] <... futex resumed>) = 0 [pid 3934] mkdirat(-1, NULL, 000 [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3933] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3934] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3933] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3934] <... futex resumed>) = 0 [pid 3933] exit_group(0) = ? [pid 3934] +++ exited with 0 +++ [pid 3935] <... futex resumed>) = ? [pid 3935] +++ exited with 0 +++ [pid 3933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3936 ./strace-static-x86_64: Process 3936 attached [pid 3936] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3936] chdir("./96") = 0 [pid 3936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3936] setpgid(0, 0) = 0 [pid 3936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3936] write(3, "1000", 4) = 4 [pid 3936] close(3) = 0 [pid 3936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3936] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3936] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3937], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3937 [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3937 attached [pid 3937] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3937] memfd_create("syzkaller", 0) = 3 [pid 3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3937] munmap(0x7f68741c1000, 2097152) = 0 [pid 3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3937] close(3) = 0 [pid 3937] mkdir("./file2", 0777) = 0 [pid 3937] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3937] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3937] chdir("./file2") = 0 [pid 3937] ioctl(4, LOOP_CLR_FD) = 0 [pid 3937] close(4) = 0 [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] <... futex resumed>) = 0 [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3936] <... futex resumed>) = 1 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] mkdirat(4, "./bus", 000 [pid 3936] <... futex resumed>) = 0 [pid 3936] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [ 69.766298][ T3937] loop0: detected capacity change from 0 to 4096 [ 69.776259][ T3937] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3936] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3936] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3938], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3938 [pid 3936] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] <... mkdirat resumed>) = 0 [pid 3936] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3938 attached [pid 3938] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3938] mkdirat(4, "./bus/file0", 000) = 0 [pid 3938] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3938] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... futex resumed>) = 0 [pid 3937] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] mkdirat(-1, NULL, 000 [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3936] <... futex resumed>) = 0 [pid 3937] mkdirat(-1, NULL, 000 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3936] <... futex resumed>) = 0 [pid 3937] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3936] <... futex resumed>) = 0 [pid 3937] mkdirat(-1, NULL, 000 [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3936] <... futex resumed>) = 0 [pid 3937] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3936] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3937] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] exit_group(0 [pid 3938] <... futex resumed>) = ? [pid 3937] <... futex resumed>) = ? [pid 3936] <... exit_group resumed>) = ? [pid 3938] +++ exited with 0 +++ [pid 3937] +++ exited with 0 +++ [pid 3936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3936, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3939 ./strace-static-x86_64: Process 3939 attached [pid 3939] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3939] chdir("./97") = 0 [pid 3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3939] setpgid(0, 0) = 0 [pid 3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3939] write(3, "1000", 4) = 4 [pid 3939] close(3) = 0 [pid 3939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3939] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3939] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3940 attached , parent_tid=[3940], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3940 [pid 3940] set_robust_list(0x7f687c5e19e0, 24 [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3940] <... set_robust_list resumed>) = 0 [pid 3940] memfd_create("syzkaller", 0) = 3 [pid 3940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3940] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3940] munmap(0x7f68741c1000, 2097152) = 0 [pid 3940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3940] close(3) = 0 [pid 3940] mkdir("./file2", 0777) = 0 [pid 3940] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3940] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3940] chdir("./file2") = 0 [pid 3940] ioctl(4, LOOP_CLR_FD) = 0 [pid 3940] close(4) = 0 [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3940] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = 0 [pid 3939] <... futex resumed>) = 1 [pid 3940] openat(AT_FDCWD, ".", O_RDONLY [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... openat resumed>) = 4 [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3939] <... futex resumed>) = 0 [pid 3940] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3940] mkdirat(4, "./bus", 000 [pid 3939] <... mmap resumed>) = 0x7f68743a0000 [pid 3939] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3939] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3941], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3941 [pid 3939] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3941 attached [pid 3941] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3941] mkdirat(4, "./bus/file0", 000 [pid 3940] <... mkdirat resumed>) = 0 [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3940] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3941] <... mkdirat resumed>) = 0 [pid 3941] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] <... futex resumed>) = 0 [pid 3941] <... futex resumed>) = 1 [pid 3941] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = 0 [pid 3939] <... futex resumed>) = 1 [pid 3940] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3939] <... futex resumed>) = 0 [ 69.929099][ T3940] loop0: detected capacity change from 0 to 4096 [ 69.950098][ T3940] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3940] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] mkdirat(-1, NULL, 000 [pid 3941] <... futex resumed>) = 0 [pid 3939] <... futex resumed>) = 1 [pid 3939] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3941] mkdirat(-1, NULL, 000 [pid 3940] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3941] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3941] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = 0 [pid 3940] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] <... futex resumed>) = 0 [pid 3941] <... futex resumed>) = 1 [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... futex resumed>) = 0 [pid 3939] <... futex resumed>) = 1 [pid 3941] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3939] <... futex resumed>) = 0 [pid 3940] mkdirat(-1, NULL, 000 [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3939] <... futex resumed>) = 0 [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... futex resumed>) = 0 [pid 3939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3940] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3939] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3939] <... futex resumed>) = 0 [pid 3940] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3940] <... futex resumed>) = 0 [pid 3939] exit_group(0 [pid 3941] <... futex resumed>) = ? [pid 3939] <... exit_group resumed>) = ? [pid 3941] +++ exited with 0 +++ [pid 3940] +++ exited with 0 +++ [pid 3939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3942 ./strace-static-x86_64: Process 3942 attached [pid 3942] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3942] chdir("./98") = 0 [pid 3942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3942] setpgid(0, 0) = 0 [pid 3942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3942] write(3, "1000", 4) = 4 [pid 3942] close(3) = 0 [pid 3942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3942] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3943], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3943 ./strace-static-x86_64: Process 3943 attached [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] set_robust_list(0x7f687c5e19e0, 24 [pid 3942] <... futex resumed>) = 0 [pid 3943] <... set_robust_list resumed>) = 0 [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3943] memfd_create("syzkaller", 0) = 3 [pid 3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3943] munmap(0x7f68741c1000, 2097152) = 0 [pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3943] close(3) = 0 [pid 3943] mkdir("./file2", 0777) = 0 [pid 3943] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3943] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3943] chdir("./file2") = 0 [pid 3943] ioctl(4, LOOP_CLR_FD) = 0 [pid 3943] close(4) = 0 [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [ 70.106885][ T3943] loop0: detected capacity change from 0 to 4096 [ 70.117294][ T3943] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3943] mkdirat(4, "./bus", 000 [pid 3942] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3944], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3944 [pid 3942] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3944 attached [pid 3944] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3944] mkdirat(4, "./bus/file0", 000 [pid 3943] <... mkdirat resumed>) = 0 [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3944] <... mkdirat resumed>) = 0 [pid 3944] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 0 [pid 3943] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3944] <... futex resumed>) = 1 [pid 3943] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3944] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3942] <... futex resumed>) = 0 [pid 3943] mkdirat(-1, NULL, 000 [pid 3942] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3942] <... futex resumed>) = 1 [pid 3944] <... futex resumed>) = 0 [pid 3942] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3944] mkdirat(-1, NULL, 000 [pid 3943] <... futex resumed>) = 0 [pid 3944] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3944] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] <... futex resumed>) = 0 [pid 3942] <... futex resumed>) = 1 [pid 3944] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3943] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3942] <... futex resumed>) = 0 [pid 3943] mkdirat(-1, NULL, 000 [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3942] <... futex resumed>) = 0 [pid 3943] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3942] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3943] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3942] <... futex resumed>) = 0 [pid 3943] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] exit_group(0 [pid 3944] <... futex resumed>) = ? [pid 3943] <... futex resumed>) = ? [pid 3942] <... exit_group resumed>) = ? [pid 3944] +++ exited with 0 +++ [pid 3943] +++ exited with 0 +++ [pid 3942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3942, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3945 ./strace-static-x86_64: Process 3945 attached [pid 3945] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3945] chdir("./99") = 0 [pid 3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3945] setpgid(0, 0) = 0 [pid 3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3945] write(3, "1000", 4) = 4 [pid 3945] close(3) = 0 [pid 3945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3945] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3945] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3946 attached [pid 3946] set_robust_list(0x7f687c5e19e0, 24 [pid 3945] <... clone resumed>, parent_tid=[3946], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3946 [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3946] <... set_robust_list resumed>) = 0 [pid 3946] memfd_create("syzkaller", 0) = 3 [pid 3946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3946] munmap(0x7f68741c1000, 2097152) = 0 [pid 3946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3946] close(3) = 0 [pid 3946] mkdir("./file2", 0777) = 0 [pid 3946] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3946] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3946] chdir("./file2") = 0 [pid 3946] ioctl(4, LOOP_CLR_FD) = 0 [pid 3946] close(4) = 0 [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3945] <... futex resumed>) = 0 [pid 3946] openat(AT_FDCWD, ".", O_RDONLY [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... openat resumed>) = 4 [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] mkdirat(4, "./bus", 000 [pid 3945] <... futex resumed>) = 0 [pid 3946] <... mkdirat resumed>) = 0 [pid 3945] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 70.253116][ T3946] loop0: detected capacity change from 0 to 4096 [ 70.263337][ T3946] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3945] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3945] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3947], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3947 [pid 3945] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3947 attached [pid 3947] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3947] mkdirat(4, "./bus/file0", 000) = 0 [pid 3947] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = 0 [pid 3945] <... futex resumed>) = 1 [pid 3946] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3945] <... futex resumed>) = 0 [pid 3946] mkdirat(-1, NULL, 000 [pid 3945] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3945] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3947] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3947] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3947] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = 0 [pid 3945] <... futex resumed>) = 1 [pid 3946] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3945] <... futex resumed>) = 0 [pid 3946] mkdirat(-1, NULL, 000 [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3945] <... futex resumed>) = 0 [pid 3946] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3945] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3946] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] exit_group(0) = ? [pid 3946] <... futex resumed>) = ? [pid 3947] <... futex resumed>) = ? [pid 3946] +++ exited with 0 +++ [pid 3947] +++ exited with 0 +++ [pid 3945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3948 attached , child_tidptr=0x55555736f5d0) = 3948 [pid 3948] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3948] chdir("./100") = 0 [pid 3948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3948] setpgid(0, 0) = 0 [pid 3948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3948] write(3, "1000", 4) = 4 [pid 3948] close(3) = 0 [pid 3948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3948] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3948] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3949], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3949 [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3949 attached [pid 3949] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3949] memfd_create("syzkaller", 0) = 3 [pid 3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3949] munmap(0x7f68741c1000, 2097152) = 0 [pid 3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3949] close(3) = 0 [pid 3949] mkdir("./file2", 0777) = 0 [pid 3949] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3949] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3949] chdir("./file2") = 0 [pid 3949] ioctl(4, LOOP_CLR_FD) = 0 [pid 3949] close(4) = 0 [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] <... futex resumed>) = 0 [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3949] <... futex resumed>) = 0 [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3948] <... futex resumed>) = 0 [pid 3949] mkdirat(4, "./bus", 000 [pid 3948] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3949] <... mkdirat resumed>) = 0 [pid 3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] <... mmap resumed>) = 0x7f68743a0000 [pid 3948] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3948] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3950], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3950 [pid 3948] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3950 attached [pid 3950] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3950] mkdirat(4, "./bus/file0", 000) = 0 [ 70.409747][ T3949] loop0: detected capacity change from 0 to 4096 [ 70.420155][ T3949] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3950] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3950] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] <... futex resumed>) = 1 [pid 3949] <... futex resumed>) = 0 [pid 3949] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3949] mkdirat(-1, NULL, 000 [pid 3948] <... futex resumed>) = 0 [pid 3949] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3948] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3950] <... futex resumed>) = 0 [pid 3949] <... futex resumed>) = 0 [pid 3948] <... futex resumed>) = 1 [pid 3950] mkdirat(-1, NULL, 000 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3950] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3950] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3950] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = 0 [pid 3948] <... futex resumed>) = 1 [pid 3949] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3948] <... futex resumed>) = 0 [pid 3949] mkdirat(-1, NULL, 000 [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3948] <... futex resumed>) = 0 [pid 3949] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3948] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3949] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] exit_group(0 [pid 3950] <... futex resumed>) = ? [pid 3949] <... futex resumed>) = ? [pid 3948] <... exit_group resumed>) = ? [pid 3950] +++ exited with 0 +++ [pid 3949] +++ exited with 0 +++ [pid 3948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3948, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3951 ./strace-static-x86_64: Process 3951 attached [pid 3951] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3951] chdir("./101") = 0 [pid 3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3951] setpgid(0, 0) = 0 [pid 3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3951] write(3, "1000", 4) = 4 [pid 3951] close(3) = 0 [pid 3951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3951] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3951] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3952], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3952 [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3952 attached [pid 3952] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3952] memfd_create("syzkaller", 0) = 3 [pid 3952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3952] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3952] munmap(0x7f68741c1000, 2097152) = 0 [pid 3952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3952] close(3) = 0 [pid 3952] mkdir("./file2", 0777) = 0 [pid 3952] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3952] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3952] chdir("./file2") = 0 [pid 3952] ioctl(4, LOOP_CLR_FD) = 0 [pid 3952] close(4) = 0 [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3951] <... futex resumed>) = 0 [pid 3952] openat(AT_FDCWD, ".", O_RDONLY [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] <... openat resumed>) = 4 [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... futex resumed>) = 0 [ 70.565076][ T3952] loop0: detected capacity change from 0 to 4096 [ 70.574874][ T3952] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3951] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3952] mkdirat(4, "./bus", 000 [pid 3951] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3953], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3953 [pid 3952] <... mkdirat resumed>) = 0 [pid 3951] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] <... futex resumed>) = 0 [pid 3952] <... futex resumed>) = 0 [pid 3951] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3953 attached [pid 3953] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3953] mkdirat(4, "./bus/file0", 000) = 0 [pid 3953] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3951] <... futex resumed>) = 0 [pid 3953] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] <... futex resumed>) = 0 [pid 3951] <... futex resumed>) = 1 [pid 3952] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3951] <... futex resumed>) = 0 [pid 3952] mkdirat(-1, NULL, 000 [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3951] <... futex resumed>) = 0 [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... futex resumed>) = 1 [pid 3951] <... futex resumed>) = 0 [pid 3952] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3952] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3952] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3951] <... futex resumed>) = 0 [pid 3952] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3952] <... futex resumed>) = 0 [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] mkdirat(-1, NULL, 000 [pid 3951] <... futex resumed>) = 0 [pid 3952] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... futex resumed>) = 0 [pid 3952] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3951] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] <... futex resumed>) = 0 [pid 3951] <... futex resumed>) = 1 [pid 3952] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3951] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3952] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3951] <... futex resumed>) = 0 [pid 3952] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] exit_group(0 [pid 3953] <... futex resumed>) = ? [pid 3952] <... futex resumed>) = ? [pid 3951] <... exit_group resumed>) = ? [pid 3953] +++ exited with 0 +++ [pid 3952] +++ exited with 0 +++ [pid 3951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3954 ./strace-static-x86_64: Process 3954 attached [pid 3954] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3954] chdir("./102") = 0 [pid 3954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3954] setpgid(0, 0) = 0 [pid 3954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3954] write(3, "1000", 4) = 4 [pid 3954] close(3) = 0 [pid 3954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3954] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3954] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3955 attached [pid 3955] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3955] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] <... clone resumed>, parent_tid=[3955], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3955 [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3955] memfd_create("syzkaller", 0) = 3 [pid 3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3955] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3955] munmap(0x7f68741c1000, 2097152) = 0 [pid 3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3955] close(3) = 0 [pid 3955] mkdir("./file2", 0777) = 0 [pid 3955] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3955] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3955] chdir("./file2") = 0 [pid 3955] ioctl(4, LOOP_CLR_FD) = 0 [pid 3955] close(4) = 0 [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3954] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3954] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3956 attached , parent_tid=[3956], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3956 [pid 3956] set_robust_list(0x7f68743c09e0, 24 [pid 3954] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] <... set_robust_list resumed>) = 0 [pid 3954] <... futex resumed>) = 0 [pid 3956] mkdirat(4, "./bus/file0", 000 [pid 3954] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] mkdirat(4, "./bus", 000 [pid 3956] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 3956] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3956] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3954] <... futex resumed>) = 0 [pid 3956] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3954] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 70.728871][ T3955] loop0: detected capacity change from 0 to 4096 [ 70.739012][ T3955] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3956] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] mkdirat(-1, NULL, 000 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] <... mkdirat resumed>) = 0 [pid 3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3954] <... mmap resumed>) = 0x7f687437f000 [pid 3956] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3955] <... futex resumed>) = 0 [pid 3954] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 3956] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3956] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] <... mprotect resumed>) = 0 [pid 3955] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3957 attached , parent_tid=[3957], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3957 [pid 3957] set_robust_list(0x7f687439f9e0, 24 [pid 3954] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... set_robust_list resumed>) = 0 [pid 3954] <... futex resumed>) = 0 [pid 3957] mkdirat(-1, NULL, 000 [pid 3954] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3957] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3957] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3957] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3954] <... futex resumed>) = 1 [pid 3955] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3955] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3954] <... futex resumed>) = 0 [pid 3955] mkdirat(-1, NULL, 000 [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3955] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3954] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3954] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] exit_group(0 [pid 3957] <... futex resumed>) = ? [pid 3956] <... futex resumed>) = ? [pid 3955] <... futex resumed>) = ? [pid 3954] <... exit_group resumed>) = ? [pid 3957] +++ exited with 0 +++ [pid 3956] +++ exited with 0 +++ [pid 3955] +++ exited with 0 +++ [pid 3954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3954, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3958 ./strace-static-x86_64: Process 3958 attached [pid 3958] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3958] chdir("./103") = 0 [pid 3958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3958] setpgid(0, 0) = 0 [pid 3958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3958] write(3, "1000", 4) = 4 [pid 3958] close(3) = 0 [pid 3958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3958] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3958] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3958] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3959], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3959 [pid 3958] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3959 attached ) = 0 [pid 3958] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3959] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3959] memfd_create("syzkaller", 0) = 3 [pid 3959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3959] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3959] munmap(0x7f68741c1000, 2097152) = 0 [pid 3959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3959] close(3) = 0 [pid 3959] mkdir("./file2", 0777) = 0 [pid 3959] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3959] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3959] chdir("./file2") = 0 [pid 3959] ioctl(4, LOOP_CLR_FD) = 0 [pid 3959] close(4) = 0 [pid 3959] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3959] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3959] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3959] mkdirat(4, "./bus", 000 [pid 3958] <... futex resumed>) = 0 [pid 3958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3958] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3958] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3960], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3960 [pid 3958] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3960 attached [pid 3960] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3960] mkdirat(4, "./bus/file0", 000 [pid 3959] <... mkdirat resumed>) = 0 [pid 3960] <... mkdirat resumed>) = 0 [pid 3960] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.885298][ T3959] loop0: detected capacity change from 0 to 4096 [ 70.895316][ T3959] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3959] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3960] <... futex resumed>) = 1 [pid 3960] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3960] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3960] <... futex resumed>) = 1 [pid 3960] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3960] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3960] <... futex resumed>) = 1 [pid 3960] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3959] <... futex resumed>) = 0 [pid 3960] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3959] mkdirat(-1, NULL, 000 [pid 3960] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3959] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3959] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3960] <... futex resumed>) = 1 [pid 3960] mkdirat(-1, NULL, 000 [pid 3959] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3960] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3960] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3960] <... futex resumed>) = 1 [pid 3958] <... futex resumed>) = 1 [pid 3960] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3958] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3959] <... futex resumed>) = 0 [pid 3959] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3959] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3958] <... futex resumed>) = 0 [pid 3959] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3958] exit_group(0 [pid 3960] <... futex resumed>) = ? [pid 3959] <... futex resumed>) = ? [pid 3958] <... exit_group resumed>) = ? [pid 3960] +++ exited with 0 +++ [pid 3959] +++ exited with 0 +++ [pid 3958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3958, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3961 ./strace-static-x86_64: Process 3961 attached [pid 3961] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3961] chdir("./104") = 0 [pid 3961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3961] setpgid(0, 0) = 0 [pid 3961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3961] write(3, "1000", 4) = 4 [pid 3961] close(3) = 0 [pid 3961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3961] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3961] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3962 attached , parent_tid=[3962], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3962 [pid 3962] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3961] <... futex resumed>) = 1 [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3962] memfd_create("syzkaller", 0) = 3 [pid 3962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3962] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3962] munmap(0x7f68741c1000, 2097152) = 0 [pid 3962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3962] close(3) = 0 [pid 3962] mkdir("./file2", 0777) = 0 [pid 3962] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3962] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3962] chdir("./file2") = 0 [pid 3962] ioctl(4, LOOP_CLR_FD) = 0 [pid 3962] close(4) = 0 [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] <... futex resumed>) = 0 [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3962] <... futex resumed>) = 0 [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3961] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] mkdirat(4, "./bus", 000 [pid 3961] <... futex resumed>) = 0 [pid 3961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3961] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3961] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3962] <... mkdirat resumed>) = 0 [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... clone resumed>, parent_tid=[3963], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3963 [pid 3961] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3963 attached [pid 3963] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3963] mkdirat(4, "./bus/file0", 000) = 0 [pid 3963] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3963] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3962] <... futex resumed>) = 0 [pid 3961] <... futex resumed>) = 1 [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3961] <... futex resumed>) = 0 [pid 3962] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3961] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [ 71.018087][ T3962] loop0: detected capacity change from 0 to 4096 [ 71.027696][ T3962] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... futex resumed>) = 0 [pid 3963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3962] <... futex resumed>) = 0 [pid 3961] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3963] mkdirat(-1, NULL, 000 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3963] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3963] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3963] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3961] <... futex resumed>) = 1 [pid 3962] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3961] <... futex resumed>) = 0 [pid 3962] mkdirat(-1, NULL, 000 [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3961] <... futex resumed>) = 0 [pid 3962] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3961] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3962] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3961] <... futex resumed>) = 0 [pid 3962] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3961] exit_group(0 [pid 3963] <... futex resumed>) = ? [pid 3962] <... futex resumed>) = ? [pid 3961] <... exit_group resumed>) = ? [pid 3963] +++ exited with 0 +++ [pid 3962] +++ exited with 0 +++ [pid 3961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3961, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3964 ./strace-static-x86_64: Process 3964 attached [pid 3964] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3964] chdir("./105") = 0 [pid 3964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3964] setpgid(0, 0) = 0 [pid 3964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3964] write(3, "1000", 4) = 4 [pid 3964] close(3) = 0 [pid 3964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3964] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3964] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3965], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3965 [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3965 attached [pid 3965] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3965] memfd_create("syzkaller", 0) = 3 [pid 3965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3965] munmap(0x7f68741c1000, 2097152) = 0 [pid 3965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3965] close(3) = 0 [pid 3965] mkdir("./file2", 0777) = 0 [pid 3965] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3965] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3965] chdir("./file2") = 0 [pid 3965] ioctl(4, LOOP_CLR_FD) = 0 [pid 3965] close(4) = 0 [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3964] <... futex resumed>) = 0 [pid 3965] <... futex resumed>) = 1 [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] openat(AT_FDCWD, ".", O_RDONLY [pid 3964] <... futex resumed>) = 0 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] <... openat resumed>) = 4 [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3964] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3964] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3966], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3966 [pid 3964] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3966 attached [ 71.165286][ T3965] loop0: detected capacity change from 0 to 4096 [ 71.175231][ T3965] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3966] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3966] mkdirat(4, "./bus/file0", 000 [pid 3965] <... mkdirat resumed>) = 0 [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3966] <... mkdirat resumed>) = 0 [pid 3966] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3966] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] <... futex resumed>) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 3965] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] mkdirat(-1, NULL, 000 [pid 3964] <... futex resumed>) = 0 [pid 3964] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3966] <... futex resumed>) = 0 [pid 3964] <... futex resumed>) = 1 [pid 3966] mkdirat(-1, NULL, 000 [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3964] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3966] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3966] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] <... futex resumed>) = 0 [pid 3966] <... futex resumed>) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3966] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3964] <... futex resumed>) = 0 [pid 3965] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3965] mkdirat(-1, NULL, 000 [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3964] <... futex resumed>) = 0 [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] <... futex resumed>) = 0 [pid 3964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3965] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3964] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3964] <... futex resumed>) = 0 [pid 3965] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3964] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3965] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3965] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3965] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3964] exit_group(0 [pid 3966] <... futex resumed>) = ? [pid 3965] <... futex resumed>) = ? [pid 3964] <... exit_group resumed>) = ? [pid 3966] +++ exited with 0 +++ [pid 3965] +++ exited with 0 +++ [pid 3964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3967 ./strace-static-x86_64: Process 3967 attached [pid 3967] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3967] chdir("./106") = 0 [pid 3967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3967] setpgid(0, 0) = 0 [pid 3967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3967] write(3, "1000", 4) = 4 [pid 3967] close(3) = 0 [pid 3967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3967] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3967] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3968], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3968 [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3968 attached [pid 3968] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3968] memfd_create("syzkaller", 0) = 3 [pid 3968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3968] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3968] munmap(0x7f68741c1000, 2097152) = 0 [pid 3968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3968] close(3) = 0 [pid 3968] mkdir("./file2", 0777) = 0 [pid 3968] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [ 71.404513][ T3968] loop0: detected capacity change from 0 to 4096 [ 71.416774][ T3968] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3968] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3968] chdir("./file2") = 0 [pid 3968] ioctl(4, LOOP_CLR_FD) = 0 [pid 3968] close(4) = 0 [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3968] mkdirat(4, "./bus", 000 [pid 3967] <... mmap resumed>) = 0x7f68743a0000 [pid 3967] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3967] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3969], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3969 [pid 3967] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... mkdirat resumed>) = 0 [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3968] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3969 attached [pid 3969] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3969] mkdirat(4, "./bus/file0", 000) = 0 [pid 3969] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3969] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3968] <... futex resumed>) = 0 [pid 3967] <... futex resumed>) = 1 [pid 3968] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3968] mkdirat(-1, NULL, 000 [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3968] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3969] <... futex resumed>) = 0 [pid 3968] <... futex resumed>) = 0 [pid 3967] <... futex resumed>) = 1 [pid 3969] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3969] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3968] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3967] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3968] <... futex resumed>) = 0 [pid 3967] <... futex resumed>) = 1 [pid 3968] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3968] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3967] <... futex resumed>) = 0 [pid 3968] mkdirat(-1, NULL, 000 [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3968] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3967] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3967] <... futex resumed>) = 0 [pid 3968] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3967] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3968] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] <... futex resumed>) = 0 [pid 3968] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3967] exit_group(0 [pid 3969] <... futex resumed>) = ? [pid 3968] <... futex resumed>) = ? [pid 3967] <... exit_group resumed>) = ? [pid 3969] +++ exited with 0 +++ [pid 3968] +++ exited with 0 +++ [pid 3967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3967, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3970 ./strace-static-x86_64: Process 3970 attached [pid 3970] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3970] chdir("./107") = 0 [pid 3970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3970] setpgid(0, 0) = 0 [pid 3970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3970] write(3, "1000", 4) = 4 [pid 3970] close(3) = 0 [pid 3970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3970] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3970] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3971], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3971 [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3971 attached [pid 3971] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3971] memfd_create("syzkaller", 0) = 3 [pid 3971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3971] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3971] munmap(0x7f68741c1000, 2097152) = 0 [pid 3971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3971] close(3) = 0 [pid 3971] mkdir("./file2", 0777) = 0 [pid 3971] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3971] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3971] chdir("./file2") = 0 [pid 3971] ioctl(4, LOOP_CLR_FD) = 0 [pid 3971] close(4) = 0 [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] <... futex resumed>) = 0 [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3971] <... futex resumed>) = 1 [pid 3971] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] <... futex resumed>) = 0 [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3970] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3970] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3972], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3972 [pid 3970] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3971] <... futex resumed>) = 1 [pid 3971] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 3972 attached [pid 3972] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3972] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3972] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3970] <... futex resumed>) = 0 [pid 3972] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3970] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3970] <... futex resumed>) = 0 [pid 3972] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3972] <... futex resumed>) = 0 [pid 3970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3972] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3970] <... futex resumed>) = 0 [pid 3972] mkdirat(-1, NULL, 000 [pid 3970] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3970] <... futex resumed>) = 0 [pid 3972] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3972] <... futex resumed>) = 0 [pid 3970] <... mmap resumed>) = 0x7f687437f000 [pid 3972] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3970] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3971] <... mkdirat resumed>) = 0 [ 71.699648][ T3971] loop0: detected capacity change from 0 to 4096 [ 71.710785][ T3971] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] <... clone resumed>, parent_tid=[3973], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3973 [pid 3971] <... futex resumed>) = 0 [pid 3970] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3971] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] <... futex resumed>) = 0 [pid 3970] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3973 attached [pid 3973] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 3973] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3973] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3970] <... futex resumed>) = 0 [pid 3973] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3971] <... futex resumed>) = 0 [pid 3970] <... futex resumed>) = 1 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3971] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3971] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] <... futex resumed>) = 0 [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3971] <... futex resumed>) = 0 [pid 3970] <... futex resumed>) = 1 [pid 3971] mkdirat(-1, NULL, 000 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3971] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3970] <... futex resumed>) = 0 [pid 3971] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3970] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3971] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3970] <... futex resumed>) = 0 [pid 3971] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3970] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3971] <... futex resumed>) = 0 [pid 3970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3971] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3970] exit_group(0 [pid 3973] <... futex resumed>) = ? [pid 3972] <... futex resumed>) = ? [pid 3971] <... futex resumed>) = ? [pid 3970] <... exit_group resumed>) = ? [pid 3973] +++ exited with 0 +++ [pid 3972] +++ exited with 0 +++ [pid 3971] +++ exited with 0 +++ [pid 3970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3970, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3974 ./strace-static-x86_64: Process 3974 attached [pid 3974] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3974] chdir("./108") = 0 [pid 3974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3974] setpgid(0, 0) = 0 [pid 3974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3974] write(3, "1000", 4) = 4 [pid 3974] close(3) = 0 [pid 3974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3974] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3974] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3975 attached [pid 3975] set_robust_list(0x7f687c5e19e0, 24 [pid 3974] <... clone resumed>, parent_tid=[3975], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3975 [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] <... set_robust_list resumed>) = 0 [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3975] memfd_create("syzkaller", 0) = 3 [pid 3975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3975] munmap(0x7f68741c1000, 2097152) = 0 [pid 3975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3975] close(3) = 0 [pid 3975] mkdir("./file2", 0777) = 0 [pid 3975] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3975] chdir("./file2") = 0 [pid 3975] ioctl(4, LOOP_CLR_FD) = 0 [pid 3975] close(4) = 0 [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3974] <... futex resumed>) = 0 [pid 3975] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] mkdirat(4, "./bus", 000 [pid 3974] <... futex resumed>) = 0 [pid 3974] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3975] <... mkdirat resumed>) = 0 [pid 3974] <... mmap resumed>) = 0x7f68743a0000 [pid 3974] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3974] <... mprotect resumed>) = 0 [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3976 attached [pid 3976] set_robust_list(0x7f68743c09e0, 24 [pid 3974] <... clone resumed>, parent_tid=[3976], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3976 [pid 3976] <... set_robust_list resumed>) = 0 [pid 3974] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3974] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3976] mkdirat(4, "./bus/file0", 000) = 0 [pid 3976] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3974] <... futex resumed>) = 0 [pid 3976] <... futex resumed>) = 1 [ 71.857069][ T3975] loop0: detected capacity change from 0 to 4096 [ 71.867617][ T3975] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3976] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3975] <... futex resumed>) = 0 [pid 3974] <... futex resumed>) = 1 [pid 3975] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3975] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3974] <... futex resumed>) = 0 [pid 3975] mkdirat(-1, NULL, 000 [pid 3974] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3976] <... futex resumed>) = 0 [pid 3975] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3976] mkdirat(-1, NULL, 000 [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3976] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3975] <... futex resumed>) = 0 [pid 3976] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3976] <... futex resumed>) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3976] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3975] <... futex resumed>) = 0 [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3975] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3975] mkdirat(-1, NULL, 000 [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3974] <... futex resumed>) = 0 [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3975] <... futex resumed>) = 0 [pid 3974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3974] <... futex resumed>) = 0 [pid 3975] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3974] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3975] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3975] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3974] <... futex resumed>) = 0 [pid 3975] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] exit_group(0 [pid 3976] <... futex resumed>) = ? [pid 3975] <... futex resumed>) = ? [pid 3974] <... exit_group resumed>) = ? [pid 3975] +++ exited with 0 +++ [pid 3976] +++ exited with 0 +++ [pid 3974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3974, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3977] chdir("./109") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3977] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3978], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3978 [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3978 attached [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3978] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3978] memfd_create("syzkaller", 0) = 3 [pid 3978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3978] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3978] munmap(0x7f68741c1000, 2097152) = 0 [pid 3978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3978] close(3) = 0 [pid 3978] mkdir("./file2", 0777) = 0 [pid 3978] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3978] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3978] chdir("./file2") = 0 [pid 3978] ioctl(4, LOOP_CLR_FD) = 0 [pid 3978] close(4) = 0 [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3977] <... futex resumed>) = 0 [pid 3978] <... futex resumed>) = 1 [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] openat(AT_FDCWD, ".", O_RDONLY [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... openat resumed>) = 4 [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] mkdirat(4, "./bus", 000 [pid 3977] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... mkdirat resumed>) = 0 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3978] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] <... mmap resumed>) = 0x7f68743a0000 [ 72.025541][ T3978] loop0: detected capacity change from 0 to 4096 [ 72.035600][ T3978] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3977] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3979 attached [pid 3979] set_robust_list(0x7f68743c09e0, 24 [pid 3977] <... clone resumed>, parent_tid=[3979], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3979 [pid 3979] <... set_robust_list resumed>) = 0 [pid 3977] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3979] mkdirat(4, "./bus/file0", 000 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3979] <... mkdirat resumed>) = 0 [pid 3979] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = 0 [pid 3977] <... futex resumed>) = 1 [pid 3978] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] mkdirat(-1, NULL, 000 [pid 3977] <... futex resumed>) = 0 [pid 3978] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] mkdirat(-1, NULL, 000 [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3979] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3978] <... futex resumed>) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] mkdirat(-1, NULL, 000 [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3977] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3978] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] exit_group(0 [pid 3979] <... futex resumed>) = ? [pid 3978] <... futex resumed>) = ? [pid 3977] <... exit_group resumed>) = ? [pid 3979] +++ exited with 0 +++ [pid 3978] +++ exited with 0 +++ [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3980 ./strace-static-x86_64: Process 3980 attached [pid 3980] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3980] chdir("./110") = 0 [pid 3980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3980] setpgid(0, 0) = 0 [pid 3980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3980] write(3, "1000", 4) = 4 [pid 3980] close(3) = 0 [pid 3980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3980] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3980] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3981], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3981 ./strace-static-x86_64: Process 3981 attached [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3981] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3981] memfd_create("syzkaller", 0) = 3 [pid 3981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3981] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3981] munmap(0x7f68741c1000, 2097152) = 0 [pid 3981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3981] close(3) = 0 [pid 3981] mkdir("./file2", 0777) = 0 [pid 3981] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3981] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3981] chdir("./file2") = 0 [pid 3981] ioctl(4, LOOP_CLR_FD) = 0 [pid 3981] close(4) = 0 [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3980] <... futex resumed>) = 0 [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] <... futex resumed>) = 1 [pid 3981] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3980] <... futex resumed>) = 0 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3980] <... futex resumed>) = 0 [pid 3981] mkdirat(4, "./bus", 000 [pid 3980] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3981] <... mkdirat resumed>) = 0 [pid 3980] <... mmap resumed>) = 0x7f68743a0000 [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3980] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3981] <... futex resumed>) = 0 [pid 3980] <... mprotect resumed>) = 0 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3982], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3982 [pid 3980] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3982 attached [pid 3982] set_robust_list(0x7f68743c09e0, 24) = 0 [ 72.178192][ T3981] loop0: detected capacity change from 0 to 4096 [ 72.187822][ T3981] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3982] mkdirat(4, "./bus/file0", 000) = 0 [pid 3982] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3980] <... futex resumed>) = 0 [pid 3982] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3980] <... futex resumed>) = 1 [pid 3981] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3980] <... futex resumed>) = 0 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3980] <... futex resumed>) = 0 [pid 3981] mkdirat(-1, NULL, 000 [pid 3980] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3982] <... futex resumed>) = 0 [pid 3981] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3980] <... futex resumed>) = 1 [pid 3982] mkdirat(-1, NULL, 000 [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3980] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3982] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3981] <... futex resumed>) = 0 [pid 3982] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3982] <... futex resumed>) = 1 [pid 3980] <... futex resumed>) = 0 [pid 3982] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3980] <... futex resumed>) = 1 [pid 3981] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] mkdirat(-1, NULL, 000 [pid 3980] <... futex resumed>) = 0 [pid 3981] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] <... futex resumed>) = 0 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3980] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3980] <... futex resumed>) = 1 [pid 3981] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3980] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3981] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3980] <... futex resumed>) = 0 [pid 3981] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3980] exit_group(0 [pid 3982] <... futex resumed>) = ? [pid 3981] <... futex resumed>) = ? [pid 3980] <... exit_group resumed>) = ? [pid 3981] +++ exited with 0 +++ [pid 3982] +++ exited with 0 +++ [pid 3980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3980, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3983 ./strace-static-x86_64: Process 3983 attached [pid 3983] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3983] chdir("./111") = 0 [pid 3983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3983] setpgid(0, 0) = 0 [pid 3983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3983] write(3, "1000", 4) = 4 [pid 3983] close(3) = 0 [pid 3983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3983] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3983] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3984 attached , parent_tid=[3984], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3984 [pid 3984] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3984] <... futex resumed>) = 0 [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3984] memfd_create("syzkaller", 0) = 3 [pid 3984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3984] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3984] munmap(0x7f68741c1000, 2097152) = 0 [pid 3984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3984] close(3) = 0 [pid 3984] mkdir("./file2", 0777) = 0 [pid 3984] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3984] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3984] chdir("./file2") = 0 [pid 3984] ioctl(4, LOOP_CLR_FD) = 0 [pid 3984] close(4) = 0 [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... futex resumed>) = 0 [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] <... futex resumed>) = 1 [pid 3984] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3983] <... futex resumed>) = 0 [pid 3984] mkdirat(4, "./bus", 000 [pid 3983] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3984] <... mkdirat resumed>) = 0 [pid 3983] <... mmap resumed>) = 0x7f68743a0000 [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 3984] <... futex resumed>) = 0 [pid 3983] <... mprotect resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3985], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3985 [pid 3983] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3983] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3985 attached [pid 3985] set_robust_list(0x7f68743c09e0, 24) = 0 [ 72.326838][ T3984] loop0: detected capacity change from 0 to 4096 [ 72.336765][ T3984] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3985] mkdirat(4, "./bus/file0", 000) = 0 [pid 3985] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... futex resumed>) = 0 [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3983] <... futex resumed>) = 1 [pid 3984] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3985] <... futex resumed>) = 1 [pid 3984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] mkdirat(-1, NULL, 000 [pid 3983] <... futex resumed>) = 0 [pid 3985] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3984] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3983] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... futex resumed>) = 0 [pid 3984] <... futex resumed>) = 0 [pid 3983] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3985] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3985] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3985] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3983] <... futex resumed>) = 1 [pid 3984] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3983] <... futex resumed>) = 0 [pid 3984] mkdirat(-1, NULL, 000 [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3983] <... futex resumed>) = 0 [pid 3984] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3983] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3984] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3984] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3983] <... futex resumed>) = 0 [pid 3984] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3983] exit_group(0 [pid 3985] <... futex resumed>) = ? [pid 3984] <... futex resumed>) = ? [pid 3983] <... exit_group resumed>) = ? [pid 3985] +++ exited with 0 +++ [pid 3984] +++ exited with 0 +++ [pid 3983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3983, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3986 ./strace-static-x86_64: Process 3986 attached [pid 3986] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3986] chdir("./112") = 0 [pid 3986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3986] setpgid(0, 0) = 0 [pid 3986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3986] write(3, "1000", 4) = 4 [pid 3986] close(3) = 0 [pid 3986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3986] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3986] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3987 attached [pid 3987] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3987] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3986] <... clone resumed>, parent_tid=[3987], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3987 [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3987] <... futex resumed>) = 0 [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3987] memfd_create("syzkaller", 0) = 3 [pid 3987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3987] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3987] munmap(0x7f68741c1000, 2097152) = 0 [pid 3987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3987] close(3) = 0 [pid 3987] mkdir("./file2", 0777) = 0 [pid 3987] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3987] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3987] chdir("./file2") = 0 [pid 3987] ioctl(4, LOOP_CLR_FD) = 0 [pid 3987] close(4) = 0 [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3986] <... futex resumed>) = 0 [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3987] <... futex resumed>) = 1 [pid 3987] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3986] <... futex resumed>) = 0 [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3986] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3986] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3986] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3988], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3988 [pid 3986] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 1 [pid 3986] <... futex resumed>) = 0 [pid 3987] mkdirat(4, "./bus", 000 [pid 3986] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3988 attached [pid 3988] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3988] mkdirat(4, "./bus/file0", 000 [pid 3987] <... mkdirat resumed>) = 0 [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3988] <... mkdirat resumed>) = 0 [pid 3987] <... futex resumed>) = 0 [pid 3988] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3988] <... futex resumed>) = 1 [pid 3986] <... futex resumed>) = 0 [pid 3988] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3986] <... futex resumed>) = 1 [pid 3987] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3987] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3986] <... futex resumed>) = 0 [pid 3987] <... futex resumed>) = 1 [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] mkdirat(-1, NULL, 000 [pid 3986] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3988] <... futex resumed>) = 0 [pid 3986] <... futex resumed>) = 1 [pid 3987] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3986] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] mkdirat(-1, NULL, 000 [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3988] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3987] <... futex resumed>) = 0 [pid 3988] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3988] <... futex resumed>) = 1 [pid 3986] <... futex resumed>) = 0 [pid 3988] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3986] <... futex resumed>) = 1 [pid 3987] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3987] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3986] <... futex resumed>) = 0 [pid 3987] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.475793][ T3987] loop0: detected capacity change from 0 to 4096 [ 72.485175][ T3987] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3987] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3986] <... futex resumed>) = 0 [pid 3986] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3986] <... futex resumed>) = 0 [pid 3987] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3986] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3987] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3987] <... futex resumed>) = 0 [pid 3986] exit_group(0 [pid 3988] <... futex resumed>) = ? [pid 3986] <... exit_group resumed>) = ? [pid 3988] +++ exited with 0 +++ [pid 3987] +++ exited with 0 +++ [pid 3986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3986, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3989 ./strace-static-x86_64: Process 3989 attached [pid 3989] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3989] chdir("./113") = 0 [pid 3989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3989] setpgid(0, 0) = 0 [pid 3989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3989] write(3, "1000", 4) = 4 [pid 3989] close(3) = 0 [pid 3989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3989] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3989] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3990], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3990 [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3990 attached [pid 3990] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3990] memfd_create("syzkaller", 0) = 3 [pid 3990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3990] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3990] munmap(0x7f68741c1000, 2097152) = 0 [pid 3990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3990] close(3) = 0 [pid 3990] mkdir("./file2", 0777) = 0 [pid 3990] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3990] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3990] chdir("./file2") = 0 [pid 3990] ioctl(4, LOOP_CLR_FD) = 0 [pid 3990] close(4) = 0 [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3989] <... futex resumed>) = 0 [pid 3990] openat(AT_FDCWD, ".", O_RDONLY [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] <... openat resumed>) = 4 [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3989] <... futex resumed>) = 0 [pid 3990] <... futex resumed>) = 1 [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] mkdirat(4, "./bus", 000 [pid 3989] <... futex resumed>) = 0 [pid 3989] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3989] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3989] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3991], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3991 [pid 3989] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3989] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] <... mkdirat resumed>) = 0 [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3991 attached [pid 3991] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3991] mkdirat(4, "./bus/file0", 000) = 0 [pid 3991] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3989] <... futex resumed>) = 0 [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3990] <... futex resumed>) = 0 [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3989] <... futex resumed>) = 0 [pid 3990] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 72.613009][ T3990] loop0: detected capacity change from 0 to 4096 [ 72.623523][ T3990] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3989] <... futex resumed>) = 0 [pid 3990] mkdirat(-1, NULL, 000 [pid 3989] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3989] <... futex resumed>) = 0 [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3989] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] <... futex resumed>) = 0 [pid 3990] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3991] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3991] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3989] <... futex resumed>) = 0 [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = 0 [pid 3989] <... futex resumed>) = 1 [pid 3990] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3989] <... futex resumed>) = 0 [pid 3990] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3990] mkdirat(-1, NULL, 000 [pid 3989] <... futex resumed>) = 0 [pid 3990] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3990] <... futex resumed>) = 0 [pid 3989] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 3989] <... futex resumed>) = 0 [pid 3990] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3989] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3990] <... futex resumed>) = 0 [pid 3989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3990] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3989] exit_group(0) = ? [pid 3990] <... futex resumed>) = ? [pid 3990] +++ exited with 0 +++ [pid 3991] +++ exited with 0 +++ [pid 3989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3989, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3992 ./strace-static-x86_64: Process 3992 attached [pid 3992] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3992] chdir("./114") = 0 [pid 3992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3992] setpgid(0, 0) = 0 [pid 3992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3992] write(3, "1000", 4) = 4 [pid 3992] close(3) = 0 [pid 3992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3992] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3992] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3993], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3993 [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3993 attached [pid 3993] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3993] memfd_create("syzkaller", 0) = 3 [pid 3993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3993] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3993] munmap(0x7f68741c1000, 2097152) = 0 [pid 3993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3993] close(3) = 0 [pid 3993] mkdir("./file2", 0777) = 0 [pid 3993] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3993] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3993] chdir("./file2") = 0 [pid 3993] ioctl(4, LOOP_CLR_FD) = 0 [pid 3993] close(4) = 0 [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3993] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3992] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3992] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3993] mkdirat(4, "./bus", 000 [pid 3992] <... clone resumed>, parent_tid=[3994], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3994 [pid 3992] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3994 attached [pid 3994] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 3994] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3994] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3994] <... futex resumed>) = 1 [ 72.753356][ T3993] loop0: detected capacity change from 0 to 4096 [ 72.764688][ T3993] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3994] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 3994] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 3992] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3992] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3993] <... mkdirat resumed>) = 0 [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3992] <... clone resumed>, parent_tid=[3995], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 3995 [pid 3994] <... futex resumed>) = 1 [pid 3992] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3994] mkdirat(-1, NULL, 000 [pid 3992] <... futex resumed>) = 0 [pid 3994] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3992] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3994] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3994] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3995 attached [pid 3993] <... futex resumed>) = 0 [pid 3995] set_robust_list(0x7f687439f9e0, 24 [pid 3993] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3995] <... set_robust_list resumed>) = 0 [pid 3995] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 3995] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3993] <... futex resumed>) = 0 [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3995] <... futex resumed>) = 1 [pid 3993] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3995] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3993] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3993] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3992] <... futex resumed>) = 0 [pid 3993] mkdirat(-1, NULL, 000 [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3993] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3993] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3992] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3992] <... futex resumed>) = 0 [pid 3993] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3992] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3993] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3993] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] exit_group(0 [pid 3993] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3995] <... futex resumed>) = ? [pid 3994] <... futex resumed>) = ? [pid 3992] <... exit_group resumed>) = ? [pid 3995] +++ exited with 0 +++ [pid 3994] +++ exited with 0 +++ [pid 3993] +++ exited with 0 +++ [pid 3992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3992, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3996 ./strace-static-x86_64: Process 3996 attached [pid 3996] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3996] chdir("./115") = 0 [pid 3996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3996] setpgid(0, 0) = 0 [pid 3996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3996] write(3, "1000", 4) = 4 [pid 3996] close(3) = 0 [pid 3996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3996] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3996] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3996] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3997 attached , parent_tid=[3997], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 3997 [pid 3996] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3997] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 3996] <... futex resumed>) = 0 [pid 3996] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3997] memfd_create("syzkaller", 0) = 3 [pid 3997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 3997] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 3997] munmap(0x7f68741c1000, 2097152) = 0 [pid 3997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3997] close(3) = 0 [pid 3997] mkdir("./file2", 0777) = 0 [pid 3997] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 3997] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3997] chdir("./file2") = 0 [pid 3997] ioctl(4, LOOP_CLR_FD) = 0 [pid 3997] close(4) = 0 [pid 3997] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3997] openat(AT_FDCWD, ".", O_RDONLY [pid 3996] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] <... openat resumed>) = 4 [pid 3996] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3997] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3996] <... futex resumed>) = 0 [pid 3997] <... futex resumed>) = 1 [pid 3996] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3997] mkdirat(4, "./bus", 000 [pid 3996] <... futex resumed>) = 0 [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3996] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3996] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3998 attached , parent_tid=[3998], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 3998 [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] set_robust_list(0x7f68743c09e0, 24 [pid 3996] <... futex resumed>) = 0 [pid 3998] <... set_robust_list resumed>) = 0 [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3998] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3998] mkdirat(-1, NULL, 000 [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3996] <... futex resumed>) = 0 [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... futex resumed>) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3998] mkdirat(-1, NULL, 000 [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3996] <... futex resumed>) = 0 [pid 3998] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.893875][ T3997] loop0: detected capacity change from 0 to 4096 [ 72.903516][ T3997] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3998] <... futex resumed>) = 0 [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] mkdirat(-1, NULL, 000 [pid 3996] <... futex resumed>) = 0 [pid 3998] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3998] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3996] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] <... futex resumed>) = 0 [pid 3996] <... futex resumed>) = 1 [pid 3998] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3996] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3998] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3998] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3997] <... mkdirat resumed>) = 0 [pid 3997] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3996] exit_group(0 [pid 3998] <... futex resumed>) = ? [pid 3996] <... exit_group resumed>) = ? [pid 3998] +++ exited with 0 +++ [pid 3997] <... futex resumed>) = ? [pid 3997] +++ exited with 0 +++ [pid 3996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3996, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] set_robust_list(0x55555736f5e0, 24) = 0 [pid 3999] chdir("./116") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 3999] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4000], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4000 ./strace-static-x86_64: Process 4000 attached [pid 4000] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4000] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4000] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4000] memfd_create("syzkaller", 0) = 3 [pid 4000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4000] munmap(0x7f68741c1000, 2097152) = 0 [pid 4000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4000] close(3) = 0 [pid 4000] mkdir("./file2", 0777) = 0 [pid 4000] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4000] chdir("./file2") = 0 [pid 4000] ioctl(4, LOOP_CLR_FD) = 0 [pid 4000] close(4) = 0 [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 3999] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4001], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4001 [pid 3999] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 4001 attached [pid 4001] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4001] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 4001] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4001] <... futex resumed>) = 1 [pid 4000] <... mkdirat resumed>) = 0 [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4000] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4001] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4001] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 0 [pid 4000] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.044978][ T4000] loop0: detected capacity change from 0 to 4096 [ 73.053968][ T4000] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4000] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4001] <... futex resumed>) = 1 [pid 4001] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4001] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] <... futex resumed>) = 0 [pid 3999] <... futex resumed>) = 1 [pid 4000] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] <... futex resumed>) = 0 [pid 4000] mkdirat(-1, NULL, 000 [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 3999] <... futex resumed>) = 0 [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 0 [pid 3999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4000] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 3999] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 3999] <... futex resumed>) = 0 [pid 4000] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 0 [pid 3999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4000] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] exit_group(0 [pid 4000] <... futex resumed>) = ? [pid 3999] <... exit_group resumed>) = ? [pid 4000] +++ exited with 0 +++ [pid 4001] <... futex resumed>) = ? [pid 4001] +++ exited with 0 +++ [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4002 ./strace-static-x86_64: Process 4002 attached [pid 4002] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4002] chdir("./117") = 0 [pid 4002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4002] setpgid(0, 0) = 0 [pid 4002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4002] write(3, "1000", 4) = 4 [pid 4002] close(3) = 0 [pid 4002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4002] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4003], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4003 [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4003 attached [pid 4003] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4003] memfd_create("syzkaller", 0) = 3 [pid 4003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4003] munmap(0x7f68741c1000, 2097152) = 0 [pid 4003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4003] close(3) = 0 [pid 4003] mkdir("./file2", 0777) = 0 [pid 4003] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4003] chdir("./file2") = 0 [pid 4003] ioctl(4, LOOP_CLR_FD) = 0 [pid 4003] close(4) = 0 [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... futex resumed>) = 1 [pid 4003] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4002] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4004], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4004 [pid 4003] <... futex resumed>) = 1 [pid 4002] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] mkdirat(4, "./bus", 000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... mkdirat resumed>) = 0 [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4004 attached [pid 4004] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4004] mkdirat(4, "./bus/file0", 000) = 0 [pid 4004] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] <... futex resumed>) = 0 [pid 4002] <... futex resumed>) = 1 [pid 4003] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4004] <... futex resumed>) = 1 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4004] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4002] <... futex resumed>) = 0 [pid 4003] mkdirat(-1, NULL, 000 [pid 4002] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4004] <... futex resumed>) = 0 [pid 4003] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4002] <... futex resumed>) = 1 [pid 4004] mkdirat(-1, NULL, 000 [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4004] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4003] <... futex resumed>) = 0 [pid 4004] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4004] <... futex resumed>) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4004] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] <... futex resumed>) = 0 [pid 4002] <... futex resumed>) = 1 [pid 4003] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4002] <... futex resumed>) = 0 [pid 4003] mkdirat(-1, NULL, 000 [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4002] <... futex resumed>) = 0 [pid 4003] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4002] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4003] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4003] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] exit_group(0 [pid 4004] <... futex resumed>) = ? [pid 4003] <... futex resumed>) = ? [pid 4002] <... exit_group resumed>) = ? [pid 4004] +++ exited with 0 +++ [pid 4003] +++ exited with 0 +++ [pid 4002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4002, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 73.183791][ T4003] loop0: detected capacity change from 0 to 4096 [ 73.193674][ T4003] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4005 ./strace-static-x86_64: Process 4005 attached [pid 4005] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4005] chdir("./118") = 0 [pid 4005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4005] setpgid(0, 0) = 0 [pid 4005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4005] write(3, "1000", 4) = 4 [pid 4005] close(3) = 0 [pid 4005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4005] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4005] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4006], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4006 [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4006 attached [pid 4006] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4006] memfd_create("syzkaller", 0) = 3 [pid 4006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4006] munmap(0x7f68741c1000, 2097152) = 0 [pid 4006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4006] close(3) = 0 [pid 4006] mkdir("./file2", 0777) = 0 [pid 4006] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4006] chdir("./file2") = 0 [pid 4006] ioctl(4, LOOP_CLR_FD) = 0 [pid 4006] close(4) = 0 [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4006] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [ 73.323826][ T4006] loop0: detected capacity change from 0 to 4096 [ 73.334398][ T4006] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4005] <... futex resumed>) = 0 [pid 4006] mkdirat(4, "./bus", 000 [pid 4005] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] <... mkdirat resumed>) = 0 [pid 4005] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4006] <... futex resumed>) = 0 [pid 4005] <... mmap resumed>) = 0x7f68743a0000 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4005] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4007 attached , parent_tid=[4007], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4007 [pid 4005] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4007] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4007] mkdirat(4, "./bus/file0", 000) = 0 [pid 4007] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4006] <... futex resumed>) = 0 [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4007] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4005] <... futex resumed>) = 0 [pid 4006] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4005] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4005] <... futex resumed>) = 0 [pid 4006] <... futex resumed>) = 0 [pid 4005] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4007] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4007] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] <... futex resumed>) = 0 [pid 4005] <... futex resumed>) = 1 [pid 4006] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4005] <... futex resumed>) = 0 [pid 4006] mkdirat(-1, NULL, 000 [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4006] <... futex resumed>) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4005] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4006] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4005] <... futex resumed>) = 0 [pid 4006] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4005] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4006] <... futex resumed>) = 0 [pid 4006] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] exit_group(0 [pid 4007] <... futex resumed>) = ? [pid 4006] <... futex resumed>) = ? [pid 4005] <... exit_group resumed>) = ? [pid 4007] +++ exited with 0 +++ [pid 4006] +++ exited with 0 +++ [pid 4005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4005, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4008 ./strace-static-x86_64: Process 4008 attached [pid 4008] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4008] chdir("./119") = 0 [pid 4008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4008] setpgid(0, 0) = 0 [pid 4008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4008] write(3, "1000", 4) = 4 [pid 4008] close(3) = 0 [pid 4008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4008] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4008] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4009 attached , parent_tid=[4009], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4009 [pid 4009] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4009] <... futex resumed>) = 0 [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4009] memfd_create("syzkaller", 0) = 3 [pid 4009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4009] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4009] munmap(0x7f68741c1000, 2097152) = 0 [pid 4009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4009] close(3) = 0 [pid 4009] mkdir("./file2", 0777) = 0 [pid 4009] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4009] chdir("./file2") = 0 [pid 4009] ioctl(4, LOOP_CLR_FD) = 0 [pid 4009] close(4) = 0 [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] <... futex resumed>) = 0 [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4009] <... futex resumed>) = 0 [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] mkdirat(4, "./bus", 000 [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4009] <... mkdirat resumed>) = 0 [pid 4008] <... mmap resumed>) = 0x7f68743a0000 [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4008] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4009] <... futex resumed>) = 0 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] <... mprotect resumed>) = 0 [pid 4008] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4010], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4010 [pid 4008] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4010 attached [pid 4010] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4010] mkdirat(4, "./bus/file0", 000) = 0 [pid 4010] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4010] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = 0 [pid 4008] <... futex resumed>) = 1 [pid 4009] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4008] <... futex resumed>) = 0 [pid 4009] mkdirat(-1, NULL, 000 [pid 4008] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4010] <... futex resumed>) = 0 [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4008] <... futex resumed>) = 1 [pid 4010] mkdirat(-1, NULL, 000 [pid 4009] <... futex resumed>) = 0 [pid 4008] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4010] <... mkdirat resumed>) = -1 EFAULT (Bad address) [ 73.493360][ T4009] loop0: detected capacity change from 0 to 4096 [ 73.503806][ T4009] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4010] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4010] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = 0 [pid 4008] <... futex resumed>) = 1 [pid 4009] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] mkdirat(-1, NULL, 000 [pid 4008] <... futex resumed>) = 0 [pid 4009] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4008] <... futex resumed>) = 0 [pid 4009] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4008] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4009] <... futex resumed>) = 0 [pid 4009] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] exit_group(0 [pid 4010] <... futex resumed>) = ? [pid 4009] <... futex resumed>) = ? [pid 4008] <... exit_group resumed>) = ? [pid 4010] +++ exited with 0 +++ [pid 4009] +++ exited with 0 +++ [pid 4008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4008, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4011 ./strace-static-x86_64: Process 4011 attached [pid 4011] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4011] chdir("./120") = 0 [pid 4011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4011] setpgid(0, 0) = 0 [pid 4011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4011] write(3, "1000", 4) = 4 [pid 4011] close(3) = 0 [pid 4011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4011] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4011] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4012], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4012 [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4012 attached [pid 4012] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4012] memfd_create("syzkaller", 0) = 3 [pid 4012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4012] munmap(0x7f68741c1000, 2097152) = 0 [pid 4012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4012] close(3) = 0 [pid 4012] mkdir("./file2", 0777) = 0 [pid 4012] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4012] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4012] chdir("./file2") = 0 [pid 4012] ioctl(4, LOOP_CLR_FD) = 0 [pid 4012] close(4) = 0 [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4012] openat(AT_FDCWD, ".", O_RDONLY [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... openat resumed>) = 4 [pid 4011] <... futex resumed>) = 0 [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... futex resumed>) = 0 [pid 4011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4012] mkdirat(4, "./bus", 000 [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] <... mkdirat resumed>) = 0 [pid 4011] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] <... futex resumed>) = 0 [pid 4012] <... futex resumed>) = 0 [pid 4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4012] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] <... mmap resumed>) = 0x7f68743a0000 [pid 4011] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4011] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4013 attached , parent_tid=[4013], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4013 [pid 4011] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4013] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4013] mkdirat(4, "./bus/file0", 000) = 0 [pid 4013] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4013] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4012] <... futex resumed>) = 0 [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] <... futex resumed>) = 0 [pid 4012] <... futex resumed>) = 1 [ 73.628991][ T4012] loop0: detected capacity change from 0 to 4096 [ 73.639283][ T4012] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] mkdirat(-1, NULL, 000 [pid 4011] <... futex resumed>) = 0 [pid 4012] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4011] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4013] <... futex resumed>) = 0 [pid 4011] <... futex resumed>) = 1 [pid 4013] mkdirat(-1, NULL, 000 [pid 4012] <... futex resumed>) = 0 [pid 4013] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4011] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4013] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4013] <... futex resumed>) = 0 [pid 4011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4013] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = 0 [pid 4011] <... futex resumed>) = 1 [pid 4012] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4012] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4011] <... futex resumed>) = 0 [pid 4012] mkdirat(-1, NULL, 000 [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4012] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4011] <... futex resumed>) = 0 [pid 4012] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4011] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4012] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4012] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] exit_group(0 [pid 4013] <... futex resumed>) = ? [pid 4013] +++ exited with 0 +++ [pid 4012] <... futex resumed>) = ? [pid 4011] <... exit_group resumed>) = ? [pid 4012] +++ exited with 0 +++ [pid 4011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4011, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4014 ./strace-static-x86_64: Process 4014 attached [pid 4014] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4014] chdir("./121") = 0 [pid 4014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4014] setpgid(0, 0) = 0 [pid 4014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4014] write(3, "1000", 4) = 4 [pid 4014] close(3) = 0 [pid 4014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4014] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4014] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4015], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4015 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4015 attached [pid 4015] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4015] memfd_create("syzkaller", 0) = 3 [pid 4015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4015] munmap(0x7f68741c1000, 2097152) = 0 [pid 4015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4015] close(3) = 0 [pid 4015] mkdir("./file2", 0777) = 0 [pid 4015] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4015] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4015] chdir("./file2") = 0 [pid 4015] ioctl(4, LOOP_CLR_FD) = 0 [pid 4015] close(4) = 0 [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4015] openat(AT_FDCWD, ".", O_RDONLY [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... openat resumed>) = 4 [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4015] mkdirat(4, "./bus", 000 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4015] <... mkdirat resumed>) = 0 [pid 4014] <... mmap resumed>) = 0x7f68743a0000 [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4015] <... futex resumed>) = 0 [pid 4014] <... mprotect resumed>) = 0 [pid 4014] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4016], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4016 [pid 4014] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4016 attached [pid 4015] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4016] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4016] mkdirat(4, "./bus/file0", 000) = 0 [pid 4016] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4016] <... futex resumed>) = 1 [pid 4016] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4015] <... futex resumed>) = 0 [pid 4015] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4015] mkdirat(-1, NULL, 000 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4015] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4014] <... futex resumed>) = 0 [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4015] <... futex resumed>) = 0 [pid 4014] <... futex resumed>) = 1 [pid 4015] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4014] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4016] <... futex resumed>) = 0 [pid 4016] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4016] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4015] <... futex resumed>) = 0 [pid 4014] <... futex resumed>) = 1 [pid 4015] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4015] mkdirat(-1, NULL, 000 [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4015] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4014] <... futex resumed>) = 0 [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... futex resumed>) = 0 [pid 4014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4016] <... futex resumed>) = 1 [pid 4015] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4014] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4016] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4014] <... futex resumed>) = 0 [pid 4015] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4014] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4015] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4015] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4014] exit_group(0 [pid 4016] <... futex resumed>) = ? [pid 4015] <... futex resumed>) = ? [pid 4014] <... exit_group resumed>) = ? [pid 4016] +++ exited with 0 +++ [pid 4015] +++ exited with 0 +++ [pid 4014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4014, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 73.781646][ T4015] loop0: detected capacity change from 0 to 4096 [ 73.790629][ T4015] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4017 ./strace-static-x86_64: Process 4017 attached [pid 4017] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4017] chdir("./122") = 0 [pid 4017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4017] setpgid(0, 0) = 0 [pid 4017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4017] write(3, "1000", 4) = 4 [pid 4017] close(3) = 0 [pid 4017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4017] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4018 attached , parent_tid=[4018], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4018 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4018] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4018] memfd_create("syzkaller", 0) = 3 [pid 4018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4018] munmap(0x7f68741c1000, 2097152) = 0 [pid 4018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4018] close(3) = 0 [pid 4018] mkdir("./file2", 0777) = 0 [pid 4018] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4018] chdir("./file2") = 0 [pid 4018] ioctl(4, LOOP_CLR_FD) = 0 [pid 4018] close(4) = 0 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 1 [pid 4018] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4017] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4019], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4019 [pid 4017] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 1 [pid 4018] mkdirat(4, "./bus", 000) = 0 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4018] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4019 attached [pid 4019] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4019] mkdirat(4, "./bus/file0", 000) = 0 [pid 4019] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 0 [pid 4018] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4018] mkdirat(-1, NULL, 000 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4017] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4019] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4019] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = 1 [pid 4018] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4018] mkdirat(-1, NULL, 000 [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4018] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4017] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4018] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4017] exit_group(0 [pid 4018] <... futex resumed>) = ? [pid 4017] <... exit_group resumed>) = ? [ 73.924746][ T4018] loop0: detected capacity change from 0 to 4096 [ 73.933440][ T4018] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4018] +++ exited with 0 +++ [pid 4019] +++ exited with 0 +++ [pid 4017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4017, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4020 ./strace-static-x86_64: Process 4020 attached [pid 4020] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4020] chdir("./123") = 0 [pid 4020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4020] setpgid(0, 0) = 0 [pid 4020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4020] write(3, "1000", 4) = 4 [pid 4020] close(3) = 0 [pid 4020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4020] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4021 ./strace-static-x86_64: Process 4021 attached [pid 4021] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4021] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4021] <... futex resumed>) = 0 [pid 4021] memfd_create("syzkaller", 0 [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4021] <... memfd_create resumed>) = 3 [pid 4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4021] munmap(0x7f68741c1000, 2097152) = 0 [pid 4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4021] close(3) = 0 [pid 4021] mkdir("./file2", 0777) = 0 [pid 4021] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4021] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4021] chdir("./file2") = 0 [pid 4021] ioctl(4, LOOP_CLR_FD) = 0 [pid 4021] close(4) = 0 [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4020] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4022 attached , parent_tid=[4022], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4022 [pid 4022] set_robust_list(0x7f68743c09e0, 24 [pid 4020] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... set_robust_list resumed>) = 0 [pid 4020] <... futex resumed>) = 0 [pid 4022] mkdirat(4, "./bus/file0", 000 [pid 4020] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] mkdirat(4, "./bus", 000 [pid 4022] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 4022] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [ 74.074913][ T4021] loop0: detected capacity change from 0 to 4096 [ 74.084580][ T4021] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4022] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4020] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4022] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4022] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4022] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] mkdirat(-1, NULL, 000 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4021] <... mkdirat resumed>) = 0 [pid 4020] <... mmap resumed>) = 0x7f687437f000 [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 4021] <... futex resumed>) = 0 [pid 4021] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4022] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4020] <... mprotect resumed>) = 0 [pid 4022] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4022] <... futex resumed>) = 0 [pid 4022] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] <... clone resumed>, parent_tid=[4023], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 4023 ./strace-static-x86_64: Process 4023 attached [pid 4020] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4023] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 4023] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4023] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = 1 [pid 4021] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4023] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4021] mkdirat(-1, NULL, 000 [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4020] <... futex resumed>) = 0 [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4021] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4020] <... futex resumed>) = 0 [pid 4021] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4020] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4021] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4021] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] exit_group(0 [pid 4022] <... futex resumed>) = ? [pid 4020] <... exit_group resumed>) = ? [pid 4021] <... futex resumed>) = ? [pid 4022] +++ exited with 0 +++ [pid 4023] <... futex resumed>) = ? [pid 4021] +++ exited with 0 +++ [pid 4023] +++ exited with 0 +++ [pid 4020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4020, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4024 ./strace-static-x86_64: Process 4024 attached [pid 4024] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4024] chdir("./124") = 0 [pid 4024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4024] setpgid(0, 0) = 0 [pid 4024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4024] write(3, "1000", 4) = 4 [pid 4024] close(3) = 0 [pid 4024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4024] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4024] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4025 attached , parent_tid=[4025], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4025 [pid 4025] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4025] <... futex resumed>) = 0 [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4025] memfd_create("syzkaller", 0) = 3 [pid 4025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4025] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4025] munmap(0x7f68741c1000, 2097152) = 0 [pid 4025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4025] close(3) = 0 [pid 4025] mkdir("./file2", 0777) = 0 [pid 4025] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4025] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4025] chdir("./file2") = 0 [pid 4025] ioctl(4, LOOP_CLR_FD) = 0 [pid 4025] close(4) = 0 [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4024] <... futex resumed>) = 0 [pid 4025] openat(AT_FDCWD, ".", O_RDONLY [ 74.263781][ T4025] loop0: detected capacity change from 0 to 4096 [ 74.273877][ T4025] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... openat resumed>) = 4 [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] mkdirat(4, "./bus", 000 [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4024] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4025] <... mkdirat resumed>) = 0 [pid 4024] <... mmap resumed>) = 0x7f68743a0000 [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4024] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4025] <... futex resumed>) = 0 [pid 4024] <... mprotect resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4026 attached , parent_tid=[4026], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4026 [pid 4024] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4024] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4026] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4026] mkdirat(4, "./bus/file0", 000) = 0 [pid 4026] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4026] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] <... futex resumed>) = 0 [pid 4024] <... futex resumed>) = 1 [pid 4025] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] mkdirat(-1, NULL, 000 [pid 4024] <... futex resumed>) = 0 [pid 4025] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4024] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4026] <... futex resumed>) = 0 [pid 4024] <... futex resumed>) = 1 [pid 4025] <... futex resumed>) = 0 [pid 4026] mkdirat(-1, NULL, 000 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4026] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4026] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4026] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] <... futex resumed>) = 0 [pid 4024] <... futex resumed>) = 1 [pid 4025] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4024] <... futex resumed>) = 0 [pid 4025] mkdirat(-1, NULL, 000 [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4024] <... futex resumed>) = 0 [pid 4025] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4024] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4025] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4024] <... futex resumed>) = 0 [pid 4025] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] exit_group(0 [pid 4026] <... futex resumed>) = ? [pid 4025] <... futex resumed>) = ? [pid 4024] <... exit_group resumed>) = ? [pid 4026] +++ exited with 0 +++ [pid 4025] +++ exited with 0 +++ [pid 4024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4024, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4027 attached , child_tidptr=0x55555736f5d0) = 4027 [pid 4027] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4027] chdir("./125") = 0 [pid 4027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4027] setpgid(0, 0) = 0 [pid 4027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4027] write(3, "1000", 4) = 4 [pid 4027] close(3) = 0 [pid 4027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4027] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4027] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4028 attached , parent_tid=[4028], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4028 [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4028] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4028] memfd_create("syzkaller", 0) = 3 [pid 4028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4028] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4028] munmap(0x7f68741c1000, 2097152) = 0 [pid 4028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4028] close(3) = 0 [pid 4028] mkdir("./file2", 0777) = 0 [pid 4028] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4028] chdir("./file2") = 0 [pid 4028] ioctl(4, LOOP_CLR_FD) = 0 [pid 4028] close(4) = 0 [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] <... futex resumed>) = 0 [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... futex resumed>) = 0 [pid 4028] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4028] mkdirat(4, "./bus", 000 [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4027] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4028] <... mkdirat resumed>) = 0 [pid 4027] <... mprotect resumed>) = 0 [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4027] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4028] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4029 attached [pid 4027] <... clone resumed>, parent_tid=[4029], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4029 [pid 4029] set_robust_list(0x7f68743c09e0, 24 [pid 4027] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4029] <... set_robust_list resumed>) = 0 [pid 4027] <... futex resumed>) = 0 [pid 4029] mkdirat(4, "./bus/file0", 000 [pid 4027] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4029] <... mkdirat resumed>) = 0 [pid 4029] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4029] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... futex resumed>) = 0 [pid 4027] <... futex resumed>) = 1 [pid 4028] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4027] <... futex resumed>) = 0 [pid 4028] mkdirat(-1, NULL, 000 [pid 4027] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4027] <... futex resumed>) = 1 [pid 4029] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4027] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4029] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4029] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4027] <... futex resumed>) = 0 [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... futex resumed>) = 0 [pid 4027] <... futex resumed>) = 1 [ 74.424436][ T4028] loop0: detected capacity change from 0 to 4096 [ 74.433342][ T4028] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4028] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4029] <... futex resumed>) = 1 [pid 4028] <... futex resumed>) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4029] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4027] <... futex resumed>) = 0 [pid 4028] mkdirat(-1, NULL, 000 [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4027] <... futex resumed>) = 0 [pid 4028] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4027] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4028] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4028] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4027] exit_group(0 [pid 4029] <... futex resumed>) = ? [pid 4028] <... futex resumed>) = ? [pid 4027] <... exit_group resumed>) = ? [pid 4028] +++ exited with 0 +++ [pid 4029] +++ exited with 0 +++ [pid 4027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4027, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4030 ./strace-static-x86_64: Process 4030 attached [pid 4030] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4030] chdir("./126") = 0 [pid 4030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4030] setpgid(0, 0) = 0 [pid 4030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4030] write(3, "1000", 4) = 4 [pid 4030] close(3) = 0 [pid 4030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4030] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4030] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4031 attached [pid 4031] set_robust_list(0x7f687c5e19e0, 24 [pid 4030] <... clone resumed>, parent_tid=[4031], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4031 [pid 4031] <... set_robust_list resumed>) = 0 [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4031] memfd_create("syzkaller", 0) = 3 [pid 4031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4031] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4031] munmap(0x7f68741c1000, 2097152) = 0 [pid 4031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4031] close(3) = 0 [pid 4031] mkdir("./file2", 0777) = 0 [pid 4031] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4031] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4031] chdir("./file2") = 0 [pid 4031] ioctl(4, LOOP_CLR_FD) = 0 [pid 4031] close(4) = 0 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] <... futex resumed>) = 0 [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] <... futex resumed>) = 0 [pid 4031] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4030] <... futex resumed>) = 0 [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4030] <... futex resumed>) = 0 [pid 4031] mkdirat(4, "./bus", 000 [ 74.586367][ T4031] loop0: detected capacity change from 0 to 4096 [ 74.596423][ T4031] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4030] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4031] <... mkdirat resumed>) = 0 [pid 4030] <... mmap resumed>) = 0x7f68743a0000 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4030] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4031] <... futex resumed>) = 0 [pid 4030] <... mprotect resumed>) = 0 [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4032 attached [pid 4032] set_robust_list(0x7f68743c09e0, 24 [pid 4030] <... clone resumed>, parent_tid=[4032], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4032 [pid 4032] <... set_robust_list resumed>) = 0 [pid 4030] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4032] mkdirat(4, "./bus/file0", 000 [pid 4030] <... futex resumed>) = 0 [pid 4030] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4032] <... mkdirat resumed>) = 0 [pid 4032] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4030] <... futex resumed>) = 0 [pid 4032] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] <... futex resumed>) = 0 [pid 4030] <... futex resumed>) = 1 [pid 4031] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4030] <... futex resumed>) = 0 [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4030] <... futex resumed>) = 0 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4030] <... futex resumed>) = 0 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] <... futex resumed>) = 0 [pid 4030] <... futex resumed>) = 1 [pid 4031] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4030] <... futex resumed>) = 0 [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4030] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] <... futex resumed>) = 0 [pid 4030] <... futex resumed>) = 1 [pid 4031] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4030] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4031] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] exit_group(0 [pid 4032] <... futex resumed>) = ? [pid 4031] <... futex resumed>) = ? [pid 4030] <... exit_group resumed>) = ? [pid 4031] +++ exited with 0 +++ [pid 4032] +++ exited with 0 +++ [pid 4030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4030, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4033 ./strace-static-x86_64: Process 4033 attached [pid 4033] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4033] chdir("./127") = 0 [pid 4033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4033] setpgid(0, 0) = 0 [pid 4033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4033] write(3, "1000", 4) = 4 [pid 4033] close(3) = 0 [pid 4033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4033] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4033] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4034], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4034 ./strace-static-x86_64: Process 4034 attached [pid 4034] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4034] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4034] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4034] memfd_create("syzkaller", 0) = 3 [pid 4034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4034] munmap(0x7f68741c1000, 2097152) = 0 [pid 4034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4034] close(3) = 0 [pid 4034] mkdir("./file2", 0777) = 0 [pid 4034] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4034] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4034] chdir("./file2") = 0 [pid 4034] ioctl(4, LOOP_CLR_FD) = 0 [pid 4034] close(4) = 0 [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4034] <... futex resumed>) = 1 [pid 4034] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4033] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4034] mkdirat(4, "./bus", 000 [pid 4033] <... mprotect resumed>) = 0 [pid 4033] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4035], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4035 [pid 4033] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4034] <... mkdirat resumed>) = 0 [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4034] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4035 attached [pid 4035] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4035] mkdirat(4, "./bus/file0", 000) = 0 [pid 4035] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4035] <... futex resumed>) = 1 [pid 4035] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4034] <... futex resumed>) = 0 [pid 4034] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4035] <... futex resumed>) = 0 [pid 4035] mkdirat(-1, NULL, 000 [pid 4034] <... futex resumed>) = 1 [pid 4035] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4034] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4035] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] <... futex resumed>) = 0 [pid 4033] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4035] <... futex resumed>) = 1 [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4035] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4034] <... futex resumed>) = 0 [pid 4035] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4034] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4035] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] <... futex resumed>) = 0 [pid 4035] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4034] <... futex resumed>) = 0 [pid 4033] <... futex resumed>) = 1 [pid 4034] mkdirat(-1, NULL, 000 [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4034] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] <... futex resumed>) = 0 [pid 4034] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4033] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4034] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4033] <... futex resumed>) = 0 [pid 4034] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [ 74.753692][ T4034] loop0: detected capacity change from 0 to 4096 [ 74.763558][ T4034] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4033] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4034] <... futex resumed>) = 0 [pid 4033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4034] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4033] exit_group(0 [pid 4035] <... futex resumed>) = ? [pid 4034] <... futex resumed>) = ? [pid 4033] <... exit_group resumed>) = ? [pid 4035] +++ exited with 0 +++ [pid 4034] +++ exited with 0 +++ [pid 4033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4033, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4036 ./strace-static-x86_64: Process 4036 attached [pid 4036] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4036] chdir("./128") = 0 [pid 4036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4036] setpgid(0, 0) = 0 [pid 4036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4036] write(3, "1000", 4) = 4 [pid 4036] close(3) = 0 [pid 4036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4036] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4036] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4037], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4037 ./strace-static-x86_64: Process 4037 attached [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4037] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4037] memfd_create("syzkaller", 0) = 3 [pid 4037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4037] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4037] munmap(0x7f68741c1000, 2097152) = 0 [pid 4037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4037] close(3) = 0 [pid 4037] mkdir("./file2", 0777) = 0 [pid 4037] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4037] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4037] chdir("./file2") = 0 [pid 4037] ioctl(4, LOOP_CLR_FD) = 0 [pid 4037] close(4) = 0 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4036] <... futex resumed>) = 0 [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] <... futex resumed>) = 1 [pid 4037] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4036] <... futex resumed>) = 0 [ 74.895945][ T4037] loop0: detected capacity change from 0 to 4096 [ 74.906009][ T4037] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4037] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4036] <... futex resumed>) = 0 [pid 4037] mkdirat(4, "./bus", 000 [pid 4036] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4036] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4036] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4038], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4038 [pid 4036] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4036] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4038 attached [pid 4038] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4038] mkdirat(4, "./bus/file0", 000 [pid 4037] <... mkdirat resumed>) = 0 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4038] <... mkdirat resumed>) = 0 [pid 4038] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4036] <... futex resumed>) = 0 [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4037] <... futex resumed>) = 0 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4038] <... futex resumed>) = 1 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4038] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] <... futex resumed>) = 0 [pid 4037] <... futex resumed>) = 1 [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] mkdirat(-1, NULL, 000 [pid 4036] <... futex resumed>) = 0 [pid 4037] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4036] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4036] <... futex resumed>) = 0 [pid 4037] <... futex resumed>) = 0 [pid 4036] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4038] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4038] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4036] <... futex resumed>) = 0 [pid 4038] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = 0 [pid 4036] <... futex resumed>) = 1 [pid 4037] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4036] <... futex resumed>) = 0 [pid 4037] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4037] mkdirat(-1, NULL, 000 [pid 4036] <... futex resumed>) = 0 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4036] <... futex resumed>) = 0 [pid 4037] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4036] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4036] <... futex resumed>) = 0 [pid 4037] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4036] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4037] <... futex resumed>) = 0 [pid 4036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4037] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] exit_group(0 [pid 4038] <... futex resumed>) = ? [pid 4037] <... futex resumed>) = ? [pid 4036] <... exit_group resumed>) = ? [pid 4038] +++ exited with 0 +++ [pid 4037] +++ exited with 0 +++ [pid 4036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4036, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4039 ./strace-static-x86_64: Process 4039 attached [pid 4039] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4039] chdir("./129") = 0 [pid 4039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4039] setpgid(0, 0) = 0 [pid 4039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4039] write(3, "1000", 4) = 4 [pid 4039] close(3) = 0 [pid 4039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4039] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4039] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4040], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4040 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4040 attached [pid 4040] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4040] memfd_create("syzkaller", 0) = 3 [pid 4040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4040] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4040] munmap(0x7f68741c1000, 2097152) = 0 [pid 4040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4040] close(3) = 0 [pid 4040] mkdir("./file2", 0777) = 0 [pid 4040] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4040] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4040] chdir("./file2") = 0 [pid 4040] ioctl(4, LOOP_CLR_FD) = 0 [pid 4040] close(4) = 0 [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... futex resumed>) = 1 [pid 4040] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4039] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4039] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4041], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4041 [pid 4039] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... futex resumed>) = 1 [pid 4040] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 4041 attached [pid 4041] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4041] mkdirat(4, "./bus/file0", 000 [pid 4040] <... mkdirat resumed>) = 0 [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4040] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] <... mkdirat resumed>) = 0 [pid 4041] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... futex resumed>) = 0 [pid 4040] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4039] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... futex resumed>) = 1 [pid 4040] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4040] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] <... futex resumed>) = 1 [pid 4041] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4041] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4040] <... futex resumed>) = 0 [pid 4039] <... futex resumed>) = 1 [pid 4040] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4039] <... futex resumed>) = 0 [pid 4040] mkdirat(-1, NULL, 000 [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4040] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4039] <... futex resumed>) = 0 [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4041] <... futex resumed>) = 1 [pid 4040] <... futex resumed>) = 0 [pid 4039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 75.049839][ T4040] loop0: detected capacity change from 0 to 4096 [ 75.058675][ T4040] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4041] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4040] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4039] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4040] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4039] <... futex resumed>) = 0 [pid 4040] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... futex resumed>) = 0 [pid 4039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4040] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4039] exit_group(0 [pid 4040] <... futex resumed>) = ? [pid 4039] <... exit_group resumed>) = ? [pid 4040] +++ exited with 0 +++ [pid 4041] <... futex resumed>) = ? [pid 4041] +++ exited with 0 +++ [pid 4039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4039, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4042 ./strace-static-x86_64: Process 4042 attached [pid 4042] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4042] chdir("./130") = 0 [pid 4042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4042] setpgid(0, 0) = 0 [pid 4042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4042] write(3, "1000", 4) = 4 [pid 4042] close(3) = 0 [pid 4042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4042] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4042] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4043], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4043 [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4043 attached [pid 4043] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4043] memfd_create("syzkaller", 0) = 3 [pid 4043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4043] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4043] munmap(0x7f68741c1000, 2097152) = 0 [pid 4043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4043] close(3) = 0 [pid 4043] mkdir("./file2", 0777) = 0 [pid 4043] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4043] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4043] chdir("./file2") = 0 [pid 4043] ioctl(4, LOOP_CLR_FD) = 0 [pid 4043] close(4) = 0 [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] openat(AT_FDCWD, ".", O_RDONLY [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... openat resumed>) = 4 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] <... futex resumed>) = 0 [pid 4042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4043] mkdirat(4, "./bus", 000 [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4043] <... mkdirat resumed>) = 0 [pid 4042] <... mmap resumed>) = 0x7f68743a0000 [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4042] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4043] <... futex resumed>) = 0 [pid 4042] <... mprotect resumed>) = 0 [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4044], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4044 [pid 4042] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4044 attached [pid 4044] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4044] mkdirat(4, "./bus/file0", 000) = 0 [pid 4044] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4044] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4043] <... futex resumed>) = 0 [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4042] <... futex resumed>) = 0 [pid 4043] mkdirat(-1, NULL, 000 [pid 4042] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4044] <... futex resumed>) = 0 [pid 4042] <... futex resumed>) = 1 [ 75.188425][ T4043] loop0: detected capacity change from 0 to 4096 [ 75.198923][ T4043] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4044] mkdirat(-1, NULL, 000 [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4044] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4042] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4044] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... futex resumed>) = 0 [pid 4044] <... futex resumed>) = 0 [pid 4042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4044] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4042] <... futex resumed>) = 0 [pid 4043] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4042] <... futex resumed>) = 0 [pid 4043] mkdirat(-1, NULL, 000 [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4042] <... futex resumed>) = 0 [pid 4043] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4042] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4043] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] exit_group(0 [pid 4044] <... futex resumed>) = ? [pid 4043] <... futex resumed>) = ? [pid 4042] <... exit_group resumed>) = ? [pid 4044] +++ exited with 0 +++ [pid 4043] +++ exited with 0 +++ [pid 4042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4042, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4045 ./strace-static-x86_64: Process 4045 attached [pid 4045] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4045] chdir("./131") = 0 [pid 4045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4045] setpgid(0, 0) = 0 [pid 4045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4045] write(3, "1000", 4) = 4 [pid 4045] close(3) = 0 [pid 4045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4045] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4045] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4046 attached , parent_tid=[4046], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4046 [pid 4046] set_robust_list(0x7f687c5e19e0, 24 [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... set_robust_list resumed>) = 0 [pid 4045] <... futex resumed>) = 0 [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4046] memfd_create("syzkaller", 0) = 3 [pid 4046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4046] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4046] munmap(0x7f68741c1000, 2097152) = 0 [pid 4046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4046] close(3) = 0 [pid 4046] mkdir("./file2", 0777) = 0 [pid 4046] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4046] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4046] chdir("./file2") = 0 [pid 4046] ioctl(4, LOOP_CLR_FD) = 0 [pid 4046] close(4) = 0 [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4045] <... futex resumed>) = 0 [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4045] <... futex resumed>) = 0 [pid 4046] openat(AT_FDCWD, ".", O_RDONLY [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] <... openat resumed>) = 4 [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4045] <... futex resumed>) = 0 [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4045] <... futex resumed>) = 0 [pid 4045] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] mkdirat(4, "./bus", 000 [pid 4045] <... futex resumed>) = 0 [pid 4045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4045] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE [pid 4046] <... mkdirat resumed>) = 0 [pid 4045] <... mprotect resumed>) = 0 [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4045] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4046] <... futex resumed>) = 0 [pid 4045] <... clone resumed>, parent_tid=[4047], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4047 [pid 4045] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4047 attached [pid 4047] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4047] mkdirat(4, "./bus/file0", 000) = 0 [pid 4047] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4045] <... futex resumed>) = 0 [pid 4047] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = 0 [pid 4045] <... futex resumed>) = 1 [pid 4046] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4046] mkdirat(-1, NULL, 000 [pid 4045] <... futex resumed>) = 0 [pid 4046] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4045] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4047] <... futex resumed>) = 0 [pid 4046] <... futex resumed>) = 0 [pid 4045] <... futex resumed>) = 1 [pid 4047] mkdirat(-1, NULL, 000 [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4047] <... mkdirat resumed>) = -1 EFAULT (Bad address) [ 75.343256][ T4046] loop0: detected capacity change from 0 to 4096 [ 75.353173][ T4046] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4047] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4045] <... futex resumed>) = 0 [pid 4047] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = 0 [pid 4045] <... futex resumed>) = 1 [pid 4046] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4045] <... futex resumed>) = 0 [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4045] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... futex resumed>) = 0 [pid 4045] <... futex resumed>) = 1 [pid 4046] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4045] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4046] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4045] exit_group(0 [pid 4047] <... futex resumed>) = ? [pid 4046] <... futex resumed>) = ? [pid 4045] <... exit_group resumed>) = ? [pid 4047] +++ exited with 0 +++ [pid 4046] +++ exited with 0 +++ [pid 4045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4045, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4048 ./strace-static-x86_64: Process 4048 attached [pid 4048] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4048] chdir("./132") = 0 [pid 4048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4048] setpgid(0, 0) = 0 [pid 4048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4048] write(3, "1000", 4) = 4 [pid 4048] close(3) = 0 [pid 4048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4048] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4048] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4049], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4049 [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4049 attached [pid 4049] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4049] memfd_create("syzkaller", 0) = 3 [pid 4049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4049] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4049] munmap(0x7f68741c1000, 2097152) = 0 [pid 4049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4049] close(3) = 0 [pid 4049] mkdir("./file2", 0777) = 0 [pid 4049] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4049] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4049] chdir("./file2") = 0 [pid 4049] ioctl(4, LOOP_CLR_FD) = 0 [pid 4049] close(4) = 0 [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] <... futex resumed>) = 0 [pid 4049] <... futex resumed>) = 1 [pid 4049] openat(AT_FDCWD, ".", O_RDONLY [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... openat resumed>) = 4 [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] <... futex resumed>) = 0 [pid 4049] <... futex resumed>) = 1 [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] mkdirat(4, "./bus", 000 [pid 4048] <... futex resumed>) = 0 [pid 4048] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4048] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4048] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4050], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4050 [pid 4048] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4050 attached [pid 4049] <... mkdirat resumed>) = 0 [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4050] set_robust_list(0x7f68743c09e0, 24 [pid 4049] <... futex resumed>) = 0 [pid 4050] <... set_robust_list resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4050] mkdirat(4, "./bus/file0", 000) = 0 [pid 4050] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] <... futex resumed>) = 0 [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... futex resumed>) = 0 [pid 4048] <... futex resumed>) = 1 [pid 4049] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4048] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 75.482614][ T4049] loop0: detected capacity change from 0 to 4096 [ 75.493097][ T4049] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4048] <... futex resumed>) = 0 [pid 4049] mkdirat(-1, NULL, 000 [pid 4048] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4048] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4050] <... futex resumed>) = 1 [pid 4050] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4050] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4048] <... futex resumed>) = 0 [pid 4050] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... futex resumed>) = 0 [pid 4048] <... futex resumed>) = 1 [pid 4049] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4048] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4048] <... futex resumed>) = 0 [pid 4049] mkdirat(-1, NULL, 000 [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4048] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4048] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4048] <... futex resumed>) = 0 [pid 4049] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4048] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4049] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4049] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4048] <... futex resumed>) = 0 [pid 4049] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4048] exit_group(0 [pid 4050] <... futex resumed>) = ? [pid 4049] <... futex resumed>) = ? [pid 4048] <... exit_group resumed>) = ? [pid 4050] +++ exited with 0 +++ [pid 4049] +++ exited with 0 +++ [pid 4048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4048, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4051 ./strace-static-x86_64: Process 4051 attached [pid 4051] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4051] chdir("./133") = 0 [pid 4051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4051] setpgid(0, 0) = 0 [pid 4051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4051] write(3, "1000", 4) = 4 [pid 4051] close(3) = 0 [pid 4051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4051] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4051] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4051] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4052 attached , parent_tid=[4052], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4052 [pid 4051] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4052] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4052] memfd_create("syzkaller", 0) = 3 [pid 4052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4052] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4052] munmap(0x7f68741c1000, 2097152) = 0 [pid 4052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4052] close(3) = 0 [pid 4052] mkdir("./file2", 0777) = 0 [pid 4052] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4052] chdir("./file2") = 0 [pid 4052] ioctl(4, LOOP_CLR_FD) = 0 [pid 4052] close(4) = 0 [pid 4052] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4051] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4052] openat(AT_FDCWD, ".", O_RDONLY [pid 4051] <... futex resumed>) = 0 [pid 4051] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4052] <... openat resumed>) = 4 [pid 4052] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4051] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4051] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4051] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4053 attached , parent_tid=[4053], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4053 [pid 4053] set_robust_list(0x7f68743c09e0, 24 [pid 4051] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... set_robust_list resumed>) = 0 [pid 4051] <... futex resumed>) = 0 [pid 4053] mkdirat(4, "./bus/file0", 000 [pid 4051] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4052] mkdirat(4, "./bus", 000 [pid 4053] <... mkdirat resumed>) = -1 ENOENT (No such file or directory) [pid 4053] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4053] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4051] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4051] <... futex resumed>) = 0 [pid 4053] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4051] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4053] <... futex resumed>) = 0 [pid 4051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4053] mkdirat(-1, NULL, 000 [pid 4051] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687437f000 [pid 4053] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4051] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE [pid 4053] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4051] <... mprotect resumed>) = 0 [ 75.642646][ T4052] loop0: detected capacity change from 0 to 4096 [ 75.652892][ T4052] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4051] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4054 attached , parent_tid=[4054], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 4054 [pid 4051] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4054] set_robust_list(0x7f687439f9e0, 24) = 0 [pid 4054] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4054] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4054] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4051] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... futex resumed>) = 0 [pid 4051] <... futex resumed>) = 1 [pid 4051] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4053] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4053] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4053] mkdirat(-1, NULL, 000 [pid 4051] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4051] <... futex resumed>) = 0 [pid 4052] <... mkdirat resumed>) = 0 [pid 4051] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4053] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4053] <... futex resumed>) = 0 [pid 4052] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4051] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4051] <... futex resumed>) = 0 [pid 4052] <... futex resumed>) = 0 [pid 4051] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4052] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4052] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4052] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4051] exit_group(0 [pid 4054] <... futex resumed>) = ? [pid 4053] <... futex resumed>) = ? [pid 4052] <... futex resumed>) = ? [pid 4051] <... exit_group resumed>) = ? [pid 4054] +++ exited with 0 +++ [pid 4053] +++ exited with 0 +++ [pid 4052] +++ exited with 0 +++ [pid 4051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4051, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4055 ./strace-static-x86_64: Process 4055 attached [pid 4055] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4055] chdir("./134") = 0 [pid 4055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4055] setpgid(0, 0) = 0 [pid 4055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4055] write(3, "1000", 4) = 4 [pid 4055] close(3) = 0 [pid 4055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4055] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4055] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4056 attached , parent_tid=[4056], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4056 [pid 4056] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4056] memfd_create("syzkaller", 0) = 3 [pid 4056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4056] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4056] munmap(0x7f68741c1000, 2097152) = 0 [pid 4056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4056] close(3) = 0 [pid 4056] mkdir("./file2", 0777) = 0 [pid 4056] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4056] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4056] chdir("./file2") = 0 [pid 4056] ioctl(4, LOOP_CLR_FD) = 0 [pid 4056] close(4) = 0 [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4056] openat(AT_FDCWD, ".", O_RDONLY [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... openat resumed>) = 4 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4056] <... futex resumed>) = 0 [pid 4055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4056] mkdirat(4, "./bus", 000 [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4055] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... mkdirat resumed>) = 0 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4056] <... futex resumed>) = 0 [pid 4055] <... mmap resumed>) = 0x7f68743a0000 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4055] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4057], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4057 [pid 4055] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4055] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4057 attached [pid 4057] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4057] mkdirat(4, "./bus/file0", 000) = 0 [pid 4057] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4055] <... futex resumed>) = 1 [pid 4056] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4056] <... renameat2 resumed>) = -1 EFAULT (Bad address) [ 75.775961][ T4056] loop0: detected capacity change from 0 to 4096 [ 75.785773][ T4056] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4055] <... futex resumed>) = 0 [pid 4056] mkdirat(-1, NULL, 000 [pid 4055] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4055] <... futex resumed>) = 1 [pid 4057] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4055] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4057] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4057] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4057] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4055] <... futex resumed>) = 1 [pid 4056] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4056] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4055] <... futex resumed>) = 0 [pid 4056] mkdirat(-1, NULL, 000 [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4056] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4055] <... futex resumed>) = 0 [pid 4056] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4055] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4056] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4056] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4055] <... futex resumed>) = 0 [pid 4056] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] exit_group(0 [pid 4057] <... futex resumed>) = ? [pid 4056] <... futex resumed>) = ? [pid 4055] <... exit_group resumed>) = ? [pid 4057] +++ exited with 0 +++ [pid 4056] +++ exited with 0 +++ [pid 4055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4055, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4058 ./strace-static-x86_64: Process 4058 attached [pid 4058] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4058] chdir("./135") = 0 [pid 4058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4058] setpgid(0, 0) = 0 [pid 4058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4058] write(3, "1000", 4) = 4 [pid 4058] close(3) = 0 [pid 4058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4058] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4058] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4059 attached , parent_tid=[4059], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4059 [pid 4059] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4059] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4059] <... futex resumed>) = 0 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4059] memfd_create("syzkaller", 0) = 3 [pid 4059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4059] munmap(0x7f68741c1000, 2097152) = 0 [pid 4059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4059] close(3) = 0 [pid 4059] mkdir("./file2", 0777) = 0 [pid 4059] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4059] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4059] chdir("./file2") = 0 [pid 4059] ioctl(4, LOOP_CLR_FD) = 0 [pid 4059] close(4) = 0 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] <... futex resumed>) = 0 [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4059] <... futex resumed>) = 1 [pid 4059] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] <... futex resumed>) = 0 [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4058] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4058] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4060], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4060 [pid 4058] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4060 attached [pid 4059] <... futex resumed>) = 1 [pid 4059] mkdirat(4, "./bus", 000 [pid 4060] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4060] mkdirat(4, "./bus/file0", 000 [pid 4059] <... mkdirat resumed>) = 0 [pid 4060] <... mkdirat resumed>) = 0 [pid 4060] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] <... futex resumed>) = 0 [pid 4058] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4060] <... futex resumed>) = 1 [pid 4060] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4060] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4058] <... futex resumed>) = 0 [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4058] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4060] <... futex resumed>) = 1 [pid 4059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4058] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4060] mkdirat(-1, NULL, 000 [pid 4059] mkdirat(-1, NULL, 000 [pid 4060] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4059] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4060] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4060] <... futex resumed>) = 1 [pid 4059] <... futex resumed>) = 0 [ 75.935836][ T4059] loop0: detected capacity change from 0 to 4096 [ 75.945533][ T4059] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4058] <... futex resumed>) = 0 [pid 4060] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4059] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4058] <... futex resumed>) = 0 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4059] <... futex resumed>) = 0 [pid 4058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4059] mkdirat(-1, NULL, 000 [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4058] <... futex resumed>) = 0 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4059] <... futex resumed>) = 0 [pid 4058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4059] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4058] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4058] <... futex resumed>) = 0 [pid 4059] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4058] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4059] <... futex resumed>) = 0 [pid 4058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4059] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4058] exit_group(0 [pid 4060] <... futex resumed>) = ? [pid 4059] <... futex resumed>) = ? [pid 4058] <... exit_group resumed>) = ? [pid 4060] +++ exited with 0 +++ [pid 4059] +++ exited with 0 +++ [pid 4058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4058, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4061 ./strace-static-x86_64: Process 4061 attached [pid 4061] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4061] chdir("./136") = 0 [pid 4061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4061] setpgid(0, 0) = 0 [pid 4061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4061] write(3, "1000", 4) = 4 [pid 4061] close(3) = 0 [pid 4061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4061] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4061] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4062], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4062 ./strace-static-x86_64: Process 4062 attached [pid 4062] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4062] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4062] <... futex resumed>) = 0 [pid 4062] memfd_create("syzkaller", 0) = 3 [pid 4062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4062] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4062] munmap(0x7f68741c1000, 2097152) = 0 [pid 4062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4062] close(3) = 0 [pid 4062] mkdir("./file2", 0777) = 0 [pid 4062] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4062] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4062] chdir("./file2") = 0 [pid 4062] ioctl(4, LOOP_CLR_FD) = 0 [pid 4062] close(4) = 0 [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] <... futex resumed>) = 0 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... futex resumed>) = 1 [pid 4062] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] <... futex resumed>) = 0 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4061] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4061] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4063], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4063 [pid 4061] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... futex resumed>) = 1 [pid 4062] mkdirat(4, "./bus", 000) = 0 [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4062] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4063 attached [pid 4063] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4063] mkdirat(4, "./bus/file0", 000) = 0 [pid 4063] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] <... futex resumed>) = 0 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... futex resumed>) = 0 [pid 4062] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4062] mkdirat(-1, NULL, 000 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4061] <... futex resumed>) = 0 [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] <... futex resumed>) = 0 [pid 4061] <... futex resumed>) = 0 [pid 4062] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4063] <... futex resumed>) = 1 [pid 4063] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4063] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] <... futex resumed>) = 0 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] <... futex resumed>) = 0 [pid 4061] <... futex resumed>) = 1 [pid 4062] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4062] mkdirat(-1, NULL, 000 [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] <... futex resumed>) = 1 [pid 4062] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4061] <... futex resumed>) = 0 [pid 4063] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... futex resumed>) = 0 [pid 4061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4062] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4061] <... futex resumed>) = 0 [pid 4062] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4061] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4062] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4062] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] exit_group(0 [pid 4063] <... futex resumed>) = ? [pid 4062] <... futex resumed>) = ? [pid 4061] <... exit_group resumed>) = ? [pid 4063] +++ exited with 0 +++ [pid 4062] +++ exited with 0 +++ [pid 4061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4061, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 [ 76.086739][ T4062] loop0: detected capacity change from 0 to 4096 [ 76.095638][ T4062] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4064 ./strace-static-x86_64: Process 4064 attached [pid 4064] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4064] chdir("./137") = 0 [pid 4064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4064] setpgid(0, 0) = 0 [pid 4064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4064] write(3, "1000", 4) = 4 [pid 4064] close(3) = 0 [pid 4064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4064] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4064] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4065 attached , parent_tid=[4065], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4065 [pid 4065] set_robust_list(0x7f687c5e19e0, 24 [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] <... set_robust_list resumed>) = 0 [pid 4064] <... futex resumed>) = 0 [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4065] memfd_create("syzkaller", 0) = 3 [pid 4065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4065] munmap(0x7f68741c1000, 2097152) = 0 [pid 4065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4065] close(3) = 0 [pid 4065] mkdir("./file2", 0777) = 0 [pid 4065] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4065] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4065] chdir("./file2") = 0 [pid 4065] ioctl(4, LOOP_CLR_FD) = 0 [pid 4065] close(4) = 0 [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] <... futex resumed>) = 0 [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4064] <... futex resumed>) = 0 [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4064] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4064] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4066], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4066 [pid 4064] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] <... futex resumed>) = 1 [pid 4065] mkdirat(4, "./bus", 000./strace-static-x86_64: Process 4066 attached [pid 4066] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4065] <... mkdirat resumed>) = 0 [pid 4066] mkdirat(4, "./bus/file0", 000 [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4065] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4066] <... mkdirat resumed>) = 0 [pid 4066] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] <... futex resumed>) = 0 [pid 4066] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4065] <... futex resumed>) = 0 [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4064] <... futex resumed>) = 0 [pid 4065] <... futex resumed>) = 1 [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] mkdirat(-1, NULL, 000 [pid 4064] <... futex resumed>) = 0 [pid 4065] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4064] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] <... futex resumed>) = 0 [pid 4065] <... futex resumed>) = 0 [pid 4064] <... futex resumed>) = 1 [pid 4066] mkdirat(-1, NULL, 000 [pid 4064] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4066] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4065] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4066] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] <... futex resumed>) = 0 [pid 4066] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 76.219777][ T4065] loop0: detected capacity change from 0 to 4096 [ 76.228359][ T4065] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] <... futex resumed>) = 0 [pid 4064] <... futex resumed>) = 1 [pid 4065] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] <... futex resumed>) = 0 [pid 4065] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4064] <... futex resumed>) = 0 [pid 4065] mkdirat(-1, NULL, 000 [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4064] <... futex resumed>) = 0 [pid 4065] <... futex resumed>) = 1 [pid 4064] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4064] <... futex resumed>) = 0 [pid 4065] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4064] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4064] exit_group(0 [pid 4066] <... futex resumed>) = ? [pid 4065] <... futex resumed>) = ? [pid 4064] <... exit_group resumed>) = ? [pid 4066] +++ exited with 0 +++ [pid 4065] +++ exited with 0 +++ [pid 4064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4064, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4067 ./strace-static-x86_64: Process 4067 attached [pid 4067] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4067] chdir("./138") = 0 [pid 4067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4067] setpgid(0, 0) = 0 [pid 4067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4067] write(3, "1000", 4) = 4 [pid 4067] close(3) = 0 [pid 4067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4067] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4067] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4068 attached [pid 4068] set_robust_list(0x7f687c5e19e0, 24 [pid 4067] <... clone resumed>, parent_tid=[4068], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4068 [pid 4068] <... set_robust_list resumed>) = 0 [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4068] memfd_create("syzkaller", 0) = 3 [pid 4068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4068] munmap(0x7f68741c1000, 2097152) = 0 [pid 4068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 76.331224][ T14] cfg80211: failed to load regulatory.db [pid 4068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4068] close(3) = 0 [pid 4068] mkdir("./file2", 0777) = 0 [pid 4068] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4068] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4068] chdir("./file2") = 0 [pid 4068] ioctl(4, LOOP_CLR_FD) = 0 [pid 4068] close(4) = 0 [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] <... futex resumed>) = 0 [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4068] <... futex resumed>) = 0 [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4068] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4068] mkdirat(4, "./bus", 000 [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4067] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4067] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4069], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4069 [pid 4067] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4069 attached [pid 4068] <... mkdirat resumed>) = 0 [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4069] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4069] mkdirat(4, "./bus/file0", 000) = 0 [pid 4069] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4067] <... futex resumed>) = 0 [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4069] <... futex resumed>) = 1 [pid 4068] <... futex resumed>) = 0 [pid 4067] <... futex resumed>) = 1 [pid 4069] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4068] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4068] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4067] <... futex resumed>) = 0 [pid 4068] mkdirat(-1, NULL, 000 [pid 4067] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4069] <... futex resumed>) = 0 [pid 4068] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4067] <... futex resumed>) = 1 [pid 4069] mkdirat(-1, NULL, 000 [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4067] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4069] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4068] <... futex resumed>) = 0 [pid 4069] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4069] <... futex resumed>) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4069] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = 0 [pid 4067] <... futex resumed>) = 1 [pid 4068] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4068] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4067] <... futex resumed>) = 0 [pid 4068] mkdirat(-1, NULL, 000 [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4068] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4067] <... futex resumed>) = 0 [pid 4068] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4067] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4068] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4068] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4067] <... futex resumed>) = 0 [pid 4068] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4067] exit_group(0 [pid 4069] <... futex resumed>) = ? [pid 4068] <... futex resumed>) = ? [pid 4067] <... exit_group resumed>) = ? [pid 4069] +++ exited with 0 +++ [pid 4068] +++ exited with 0 +++ [pid 4067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4067, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 [ 76.382660][ T4068] loop0: detected capacity change from 0 to 4096 [ 76.391300][ T4068] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4070 attached , child_tidptr=0x55555736f5d0) = 4070 [pid 4070] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4070] chdir("./139") = 0 [pid 4070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4070] setpgid(0, 0) = 0 [pid 4070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4070] write(3, "1000", 4) = 4 [pid 4070] close(3) = 0 [pid 4070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4070] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4070] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4071 attached , parent_tid=[4071], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4071 [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4071] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4071] memfd_create("syzkaller", 0) = 3 [pid 4071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4071] munmap(0x7f68741c1000, 2097152) = 0 [pid 4071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4071] close(3) = 0 [pid 4071] mkdir("./file2", 0777) = 0 [pid 4071] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4071] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4071] chdir("./file2") = 0 [pid 4071] ioctl(4, LOOP_CLR_FD) = 0 [pid 4071] close(4) = 0 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4070] <... futex resumed>) = 0 [pid 4071] openat(AT_FDCWD, ".", O_RDONLY [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4071] <... openat resumed>) = 4 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4070] <... futex resumed>) = 0 [pid 4071] mkdirat(4, "./bus", 000 [pid 4070] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4070] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4070] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4072 attached , parent_tid=[4072], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4072 [pid 4070] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4070] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] set_robust_list(0x7f68743c09e0, 24 [pid 4071] <... mkdirat resumed>) = 0 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4072] <... set_robust_list resumed>) = 0 [pid 4072] mkdirat(4, "./bus/file0", 000) = 0 [pid 4072] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4070] <... futex resumed>) = 0 [pid 4072] <... futex resumed>) = 1 [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4071] <... futex resumed>) = 0 [pid 4071] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] <... futex resumed>) = 0 [pid 4071] mkdirat(-1, NULL, 000 [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4070] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = 0 [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4070] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4072] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] <... futex resumed>) = 0 [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4071] <... futex resumed>) = 0 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4071] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4070] <... futex resumed>) = 0 [pid 4071] mkdirat(-1, NULL, 000 [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4071] <... futex resumed>) = 0 [pid 4070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4071] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4070] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4070] <... futex resumed>) = 0 [pid 4071] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4070] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4071] <... futex resumed>) = 0 [pid 4070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4071] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4070] exit_group(0 [pid 4072] <... futex resumed>) = ? [pid 4071] <... futex resumed>) = ? [pid 4070] <... exit_group resumed>) = ? [pid 4072] +++ exited with 0 +++ [pid 4071] +++ exited with 0 +++ [pid 4070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4070, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 76.533104][ T4071] loop0: detected capacity change from 0 to 4096 [ 76.542438][ T4071] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) unlink("./139/binderfs") = 0 umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4073 ./strace-static-x86_64: Process 4073 attached [pid 4073] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4073] chdir("./140") = 0 [pid 4073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4073] setpgid(0, 0) = 0 [pid 4073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4073] write(3, "1000", 4) = 4 [pid 4073] close(3) = 0 [pid 4073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4073] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4073] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4074 attached , parent_tid=[4074], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4074 [pid 4074] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4074] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4074] <... futex resumed>) = 0 [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4074] memfd_create("syzkaller", 0) = 3 [pid 4074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4074] munmap(0x7f68741c1000, 2097152) = 0 [pid 4074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4074] close(3) = 0 [pid 4074] mkdir("./file2", 0777) = 0 [pid 4074] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4074] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4074] chdir("./file2") = 0 [pid 4074] ioctl(4, LOOP_CLR_FD) = 0 [pid 4074] close(4) = 0 [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4073] <... futex resumed>) = 0 [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4073] <... futex resumed>) = 0 [pid 4074] mkdirat(4, "./bus", 000 [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4073] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4073] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4073] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4075], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4075 [pid 4073] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4073] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4075 attached [pid 4075] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4075] mkdirat(4, "./bus/file0", 000) = -1 ENOENT (No such file or directory) [pid 4075] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4073] <... futex resumed>) = 0 [pid 4073] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] <... mkdirat resumed>) = 0 [pid 4073] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4075] <... futex resumed>) = 1 [pid 4074] <... futex resumed>) = 0 [pid 4075] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4074] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4075] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4075] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4073] <... futex resumed>) = 0 [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = 0 [pid 4073] <... futex resumed>) = 1 [pid 4074] mkdirat(-1, NULL, 000 [pid 4073] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.672011][ T4074] loop0: detected capacity change from 0 to 4096 [ 76.681492][ T4074] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4074] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4073] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4075] <... futex resumed>) = 1 [pid 4074] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4075] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4075] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4073] <... futex resumed>) = 0 [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = 0 [pid 4073] <... futex resumed>) = 1 [pid 4074] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4073] <... futex resumed>) = 0 [pid 4074] <... futex resumed>) = 1 [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] mkdirat(-1, NULL, 000 [pid 4073] <... futex resumed>) = 0 [pid 4075] <... futex resumed>) = 1 [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4075] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4073] <... futex resumed>) = 0 [pid 4074] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4073] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4073] <... futex resumed>) = 0 [pid 4074] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4073] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4074] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4074] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4073] <... futex resumed>) = 0 [pid 4074] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4073] exit_group(0 [pid 4075] <... futex resumed>) = ? [pid 4074] <... futex resumed>) = ? [pid 4073] <... exit_group resumed>) = ? [pid 4075] +++ exited with 0 +++ [pid 4074] +++ exited with 0 +++ [pid 4073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4073, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4076 ./strace-static-x86_64: Process 4076 attached [pid 4076] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4076] chdir("./141") = 0 [pid 4076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4076] setpgid(0, 0) = 0 [pid 4076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4076] write(3, "1000", 4) = 4 [pid 4076] close(3) = 0 [pid 4076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4076] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4076] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4077], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4077 [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4077 attached [pid 4077] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4077] memfd_create("syzkaller", 0) = 3 [pid 4077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4077] munmap(0x7f68741c1000, 2097152) = 0 [pid 4077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4077] close(3) = 0 [pid 4077] mkdir("./file2", 0777) = 0 [pid 4077] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4077] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4077] chdir("./file2") = 0 [pid 4077] ioctl(4, LOOP_CLR_FD) = 0 [pid 4077] close(4) = 0 [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4076] <... futex resumed>) = 0 [pid 4077] openat(AT_FDCWD, ".", O_RDONLY [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... openat resumed>) = 4 [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4076] <... futex resumed>) = 0 [pid 4077] mkdirat(4, "./bus", 000 [pid 4076] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] <... mkdirat resumed>) = 0 [pid 4076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] <... mmap resumed>) = 0x7f68743a0000 [pid 4076] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4076] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4078 attached , parent_tid=[4078], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4078 [pid 4078] set_robust_list(0x7f68743c09e0, 24 [pid 4076] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4078] <... set_robust_list resumed>) = 0 [pid 4076] <... futex resumed>) = 0 [pid 4076] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4078] mkdirat(4, "./bus/file0", 000) = 0 [pid 4078] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] <... futex resumed>) = 0 [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = 0 [pid 4076] <... futex resumed>) = 1 [pid 4077] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4078] <... futex resumed>) = 1 [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4078] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4077] <... futex resumed>) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4077] mkdirat(-1, NULL, 000 [pid 4076] <... futex resumed>) = 0 [pid 4077] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4076] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] <... futex resumed>) = 1 [pid 4078] <... futex resumed>) = 0 [pid 4077] <... futex resumed>) = 0 [pid 4076] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4078] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4078] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = 0 [pid 4076] <... futex resumed>) = 1 [pid 4077] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4078] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4077] <... futex resumed>) = 0 [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] mkdirat(-1, NULL, 000 [pid 4076] <... futex resumed>) = 0 [pid 4077] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... futex resumed>) = 0 [pid 4076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4076] <... futex resumed>) = 0 [pid 4077] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4076] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4077] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] exit_group(0 [pid 4078] <... futex resumed>) = ? [pid 4077] <... futex resumed>) = ? [pid 4076] <... exit_group resumed>) = ? [ 76.821398][ T4077] loop0: detected capacity change from 0 to 4096 [ 76.832191][ T4077] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4078] +++ exited with 0 +++ [pid 4077] +++ exited with 0 +++ [pid 4076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4076, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4079 ./strace-static-x86_64: Process 4079 attached [pid 4079] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4079] chdir("./142") = 0 [pid 4079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4079] setpgid(0, 0) = 0 [pid 4079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4079] write(3, "1000", 4) = 4 [pid 4079] close(3) = 0 [pid 4079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4079] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4079] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4080 attached , parent_tid=[4080], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4080 [pid 4080] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4080] <... futex resumed>) = 0 [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4080] memfd_create("syzkaller", 0) = 3 [pid 4080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4080] munmap(0x7f68741c1000, 2097152) = 0 [pid 4080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4080] close(3) = 0 [pid 4080] mkdir("./file2", 0777) = 0 [pid 4080] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4080] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4080] chdir("./file2") = 0 [pid 4080] ioctl(4, LOOP_CLR_FD) = 0 [pid 4080] close(4) = 0 [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4079] <... futex resumed>) = 0 [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... futex resumed>) = 1 [pid 4080] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4079] <... futex resumed>) = 0 [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4079] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4079] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4079] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4081], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4081 [pid 4079] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4079] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... futex resumed>) = 1 [pid 4080] mkdirat(4, "./bus", 000) = 0 [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4081 attached [pid 4081] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4081] mkdirat(4, "./bus/file0", 000) = 0 [pid 4081] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4079] <... futex resumed>) = 0 [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4079] <... futex resumed>) = 1 [pid 4080] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4079] <... futex resumed>) = 0 [pid 4080] mkdirat(-1, NULL, 000 [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4079] <... futex resumed>) = 0 [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4079] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4079] <... futex resumed>) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4079] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4081] <... futex resumed>) = 1 [pid 4081] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4081] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4079] <... futex resumed>) = 0 [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4079] <... futex resumed>) = 1 [pid 4080] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4079] <... futex resumed>) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] <... futex resumed>) = 1 [pid 4080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4079] <... futex resumed>) = 0 [pid 4081] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4080] mkdirat(-1, NULL, 000 [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4079] <... futex resumed>) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4079] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4079] <... futex resumed>) = 0 [pid 4080] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4079] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4080] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4080] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4079] <... futex resumed>) = 0 [pid 4080] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 76.960114][ T4080] loop0: detected capacity change from 0 to 4096 [ 76.970823][ T4080] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4079] exit_group(0 [pid 4081] <... futex resumed>) = ? [pid 4080] <... futex resumed>) = ? [pid 4079] <... exit_group resumed>) = ? [pid 4081] +++ exited with 0 +++ [pid 4080] +++ exited with 0 +++ [pid 4079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4079, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4082 attached , child_tidptr=0x55555736f5d0) = 4082 [pid 4082] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4082] chdir("./143") = 0 [pid 4082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4082] setpgid(0, 0) = 0 [pid 4082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4082] write(3, "1000", 4) = 4 [pid 4082] close(3) = 0 [pid 4082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4082] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4082] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4083 attached , parent_tid=[4083], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4083 [pid 4083] set_robust_list(0x7f687c5e19e0, 24 [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... set_robust_list resumed>) = 0 [pid 4082] <... futex resumed>) = 0 [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4083] memfd_create("syzkaller", 0) = 3 [pid 4083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4083] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4083] munmap(0x7f68741c1000, 2097152) = 0 [pid 4083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4083] close(3) = 0 [pid 4083] mkdir("./file2", 0777) = 0 [pid 4083] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4083] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4083] chdir("./file2") = 0 [pid 4083] ioctl(4, LOOP_CLR_FD) = 0 [pid 4083] close(4) = 0 [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] <... futex resumed>) = 0 [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... futex resumed>) = 0 [pid 4083] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4082] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [pid 4082] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4082] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4083] mkdirat(4, "./bus", 000 [pid 4082] <... clone resumed>, parent_tid=[4084], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4084 [pid 4082] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4082] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... mkdirat resumed>) = 0 [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.103913][ T4083] loop0: detected capacity change from 0 to 4096 [ 77.113788][ T4083] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4084 attached [pid 4084] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4084] mkdirat(4, "./bus/file0", 000) = 0 [pid 4084] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4084] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... futex resumed>) = 0 [pid 4082] <... futex resumed>) = 1 [pid 4083] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4083] mkdirat(-1, NULL, 000 [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4082] <... futex resumed>) = 0 [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... futex resumed>) = 0 [pid 4084] <... futex resumed>) = 0 [pid 4082] <... futex resumed>) = 1 [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4084] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4084] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4084] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... futex resumed>) = 0 [pid 4082] <... futex resumed>) = 1 [pid 4083] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4082] <... futex resumed>) = 0 [pid 4083] mkdirat(-1, NULL, 000 [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4082] <... futex resumed>) = 0 [pid 4083] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4082] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4083] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4083] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4082] <... futex resumed>) = 0 [pid 4083] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4082] exit_group(0 [pid 4084] <... futex resumed>) = ? [pid 4083] <... futex resumed>) = ? [pid 4082] <... exit_group resumed>) = ? [pid 4084] +++ exited with 0 +++ [pid 4083] +++ exited with 0 +++ [pid 4082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4082, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4085 ./strace-static-x86_64: Process 4085 attached [pid 4085] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4085] chdir("./144") = 0 [pid 4085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4085] setpgid(0, 0) = 0 [pid 4085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4085] write(3, "1000", 4) = 4 [pid 4085] close(3) = 0 [pid 4085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4085] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4086 attached , parent_tid=[4086], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4086 [pid 4086] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4086] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4086] memfd_create("syzkaller", 0) = 3 [pid 4086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4086] munmap(0x7f68741c1000, 2097152) = 0 [pid 4086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4086] close(3) = 0 [pid 4086] mkdir("./file2", 0777) = 0 [pid 4086] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4086] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4086] chdir("./file2") = 0 [pid 4086] ioctl(4, LOOP_CLR_FD) = 0 [pid 4086] close(4) = 0 [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4086] <... futex resumed>) = 1 [pid 4085] <... mmap resumed>) = 0x7f68743a0000 [pid 4086] mkdirat(4, "./bus", 000 [pid 4085] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4087 attached [ 77.248023][ T4086] loop0: detected capacity change from 0 to 4096 [ 77.257666][ T4086] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4087] set_robust_list(0x7f68743c09e0, 24 [pid 4085] <... clone resumed>, parent_tid=[4087], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4087 [pid 4087] <... set_robust_list resumed>) = 0 [pid 4086] <... mkdirat resumed>) = 0 [pid 4085] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] mkdirat(4, "./bus/file0", 000 [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4087] <... mkdirat resumed>) = 0 [pid 4087] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4087] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 0 [pid 4086] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] mkdirat(-1, NULL, 000 [pid 4085] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... futex resumed>) = 0 [pid 4086] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4085] <... futex resumed>) = 1 [pid 4087] mkdirat(-1, NULL, 000 [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4086] <... futex resumed>) = 0 [pid 4085] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4087] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4087] <... futex resumed>) = 0 [pid 4085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4087] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] <... futex resumed>) = 0 [pid 4085] <... futex resumed>) = 1 [pid 4086] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4085] <... futex resumed>) = 0 [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4085] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] <... futex resumed>) = 0 [pid 4085] <... futex resumed>) = 1 [pid 4086] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4085] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4086] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] exit_group(0 [pid 4087] <... futex resumed>) = ? [pid 4086] <... futex resumed>) = ? [pid 4085] <... exit_group resumed>) = ? [pid 4087] +++ exited with 0 +++ [pid 4086] +++ exited with 0 +++ [pid 4085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4085, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4088 ./strace-static-x86_64: Process 4088 attached [pid 4088] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4088] chdir("./145") = 0 [pid 4088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4088] setpgid(0, 0) = 0 [pid 4088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4088] write(3, "1000", 4) = 4 [pid 4088] close(3) = 0 [pid 4088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4088] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4088] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4089 attached , parent_tid=[4089], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4089 [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4089] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4089] memfd_create("syzkaller", 0) = 3 [pid 4089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4089] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4089] munmap(0x7f68741c1000, 2097152) = 0 [pid 4089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4089] close(3) = 0 [pid 4089] mkdir("./file2", 0777) = 0 [pid 4089] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4089] chdir("./file2") = 0 [pid 4089] ioctl(4, LOOP_CLR_FD) = 0 [pid 4089] close(4) = 0 [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] <... futex resumed>) = 0 [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4088] <... futex resumed>) = 1 [pid 4089] openat(AT_FDCWD, ".", O_RDONLY [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4089] <... openat resumed>) = 4 [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] mkdirat(4, "./bus", 000 [pid 4088] <... futex resumed>) = 0 [pid 4089] <... mkdirat resumed>) = 0 [pid 4088] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4088] <... futex resumed>) = 0 [pid 4088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4089] <... futex resumed>) = 0 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] <... mmap resumed>) = 0x7f68743a0000 [pid 4088] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4088] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4090 attached , parent_tid=[4090], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4090 [pid 4090] set_robust_list(0x7f68743c09e0, 24 [pid 4088] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4090] <... set_robust_list resumed>) = 0 [pid 4088] <... futex resumed>) = 0 [pid 4088] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4090] mkdirat(4, "./bus/file0", 000) = 0 [pid 4090] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4090] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4088] <... futex resumed>) = 1 [pid 4089] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4089] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4088] <... futex resumed>) = 0 [pid 4089] mkdirat(-1, NULL, 000 [pid 4088] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4090] <... futex resumed>) = 0 [pid 4089] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4088] <... futex resumed>) = 1 [ 77.396189][ T4089] loop0: detected capacity change from 0 to 4096 [ 77.406123][ T4089] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4090] mkdirat(-1, NULL, 000 [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4088] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4090] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4089] <... futex resumed>) = 0 [pid 4090] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4090] <... futex resumed>) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4090] futex(0x7f687c6d97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4088] <... futex resumed>) = 1 [pid 4089] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4089] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4088] <... futex resumed>) = 0 [pid 4089] mkdirat(-1, NULL, 000 [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4089] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4088] <... futex resumed>) = 0 [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4088] <... futex resumed>) = 0 [pid 4089] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE) = -1 EFAULT (Bad address) [pid 4088] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4089] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4089] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] exit_group(0 [pid 4090] <... futex resumed>) = ? [pid 4089] <... futex resumed>) = ? [pid 4088] <... exit_group resumed>) = ? [pid 4090] +++ exited with 0 +++ [pid 4089] +++ exited with 0 +++ [pid 4088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4088, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557370620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557378660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557378660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file2") = 0 getdents64(3, 0x555557370620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555736f5d0) = 4091 ./strace-static-x86_64: Process 4091 attached [pid 4091] set_robust_list(0x55555736f5e0, 24) = 0 [pid 4091] chdir("./146") = 0 [pid 4091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4091] setpgid(0, 0) = 0 [pid 4091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4091] write(3, "1000", 4) = 4 [pid 4091] close(3) = 0 [pid 4091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f687c5c1000 [pid 4091] mprotect(0x7f687c5c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4091] clone(child_stack=0x7f687c5e13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4092], tls=0x7f687c5e1700, child_tidptr=0x7f687c5e19d0) = 4092 ./strace-static-x86_64: Process 4092 attached [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4092] set_robust_list(0x7f687c5e19e0, 24) = 0 [pid 4092] memfd_create("syzkaller", 0) = 3 [pid 4092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68741c1000 [pid 4092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 4092] munmap(0x7f68741c1000, 2097152) = 0 [pid 4092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4092] close(3) = 0 [pid 4092] mkdir("./file2", 0777) = 0 [pid 4092] mount("/dev/loop0", "./file2", "ntfs3", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION, "") = 0 [pid 4092] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4092] chdir("./file2") = 0 [pid 4092] ioctl(4, LOOP_CLR_FD) = 0 [pid 4092] close(4) = 0 [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f687c6d97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] mkdirat(4, "./bus", 000 [pid 4091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68743a0000 [ 77.543829][ T4092] loop0: detected capacity change from 0 to 4096 [ 77.554457][ T4092] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 4091] mprotect(0x7f68743a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4091] clone(child_stack=0x7f68743c03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4093], tls=0x7f68743c0700, child_tidptr=0x7f68743c09d0) = 4093 [pid 4091] futex(0x7f687c6d97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4093 attached [pid 4093] set_robust_list(0x7f68743c09e0, 24) = 0 [pid 4093] mkdirat(4, "./bus/file0", 000 [pid 4092] <... mkdirat resumed>) = 0 [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4091] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4091] futex(0x7f687c6d97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 77.610183][ T4093] ------------[ cut here ]------------ [ 77.616196][ T4093] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff888072216a70, owner = 0x0, curr 0xffff888078ce57c0, list empty [ 77.635258][ T4093] WARNING: CPU: 0 PID: 4093 at kernel/locking/rwsem.c:1361 up_write+0x4f9/0x580 [ 77.644609][ T4093] Modules linked in: [ 77.648676][ T4093] CPU: 0 PID: 4093 Comm: syz-executor196 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0 [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... futex resumed>) = 0 [pid 4092] renameat2(-1, NULL, 4, NULL, RENAME_WHITEOUT) = -1 EFAULT (Bad address) [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4091] <... futex resumed>) = 0 [pid 4092] mkdirat(-1, NULL, 000 [pid 4091] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4091] <... futex resumed>) = 0 [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4092] <... futex resumed>) = 0 [pid 4091] <... mmap resumed>) = 0x7f687437f000 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] mprotect(0x7f6874380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4091] clone(child_stack=0x7f687439f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4094], tls=0x7f687439f700, child_tidptr=0x7f687439f9d0) = 4094 [pid 4091] futex(0x7f687c6d97c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f687c6d97cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4094 attached [pid 4094] set_robust_list(0x7f687439f9e0, 24) = 0 [ 77.659992][ T4093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 77.670205][ T4093] RIP: 0010:up_write+0x4f9/0x580 [ 77.675289][ T4093] Code: c7 c0 a3 ed 8a 48 c7 c6 60 a6 ed 8a 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 31 c0 53 e8 ab 7c e8 ff 48 83 c4 08 <0f> 0b e9 6b fd ff ff 48 c7 c1 18 2a 76 8e 80 e1 07 80 c1 03 38 c1 [ 77.695221][ T4093] RSP: 0018:ffffc900043ffd40 EFLAGS: 00010292 [ 77.701825][ T4093] RAX: 7c48dcb6c422ab00 RBX: ffffffff8aeda4a0 RCX: ffff888078ce57c0 [pid 4094] mkdirat(-1, NULL, 000) = -1 EFAULT (Bad address) [pid 4094] futex(0x7f687c6d97cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4094] futex(0x7f687c6d97c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... futex resumed>) = 0 [pid 4091] <... futex resumed>) = 1 [pid 4092] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4091] <... futex resumed>) = 0 [pid 4092] mkdirat(-1, NULL, 000 [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... mkdirat resumed>) = -1 EFAULT (Bad address) [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] futex(0x7f687c6d97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4091] <... futex resumed>) = 0 [pid 4092] renameat2(-1, NULL, -1, NULL, RENAME_EXCHANGE [pid 4091] futex(0x7f687c6d97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... renameat2 resumed>) = -1 EFAULT (Bad address) [pid 4092] futex(0x7f687c6d97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4091] <... futex resumed>) = 0 [ 77.709933][ T4093] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 77.717971][ T4093] RBP: ffffc900043ffe10 R08: ffffffff816e5c7d R09: fffff5200087ff21 [ 77.726043][ T4093] R10: fffff5200087ff21 R11: 1ffff9200087ff20 R12: 0000000000000000 [ 77.734110][ T4093] R13: ffff888072216a70 R14: 1ffff9200087ffb0 R15: dffffc0000000000 [ 77.742163][ T4093] FS: 00007f68743c0700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 77.751177][ T4093] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.757768][ T4093] CR2: 0000000000000000 CR3: 0000000026c1b000 CR4: 00000000003506f0 [ 77.765787][ T4093] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.773877][ T4093] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.781968][ T4093] Call Trace: [ 77.785262][ T4093] [ 77.788214][ T4093] ? __up_read+0x690/0x690 [ 77.792861][ T4093] ? do_raw_spin_unlock+0x134/0x8a0 [ 77.798094][ T4093] do_mkdirat+0x2de/0x550 [ 77.802501][ T4093] ? __check_object_size+0x15a/0x210 [ 77.807820][ T4093] ? vfs_mkdir+0x590/0x590 [ 77.812349][ T4093] ? getname_flags+0x1ea/0x4e0 [ 77.817134][ T4093] __x64_sys_mkdirat+0x85/0x90 [ 77.821943][ T4093] do_syscall_64+0x3d/0xb0 [ 77.826386][ T4093] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.832360][ T4093] RIP: 0033:0x7f687c635589 [ 77.836789][ T4093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 4092] futex(0x7f687c6d97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4091] exit_group(0 [pid 4094] <... futex resumed>) = ? [pid 4092] <... futex resumed>) = ? [pid 4091] <... exit_group resumed>) = ? [pid 4094] +++ exited with 0 +++ [pid 4092] +++ exited with 0 +++ [ 77.856475][ T4093] RSP: 002b:00007f68743c02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 77.864948][ T4093] RAX: ffffffffffffffda RBX: 00007f687c6d97b0 RCX: 00007f687c635589 [ 77.873023][ T4093] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 77.881043][ T4093] RBP: 00007f687c6d97bc R08: 00007f68743c0700 R09: 0000000000000000 [ 77.889099][ T4093] R10: 00007f68743c0700 R11: 0000000000000246 R12: 00007f687c6a6258 [ 77.897395][ T4093] R13: 0032656c69662f2e R14: 69662f7375622f2e R15: 00007f687c6d97b8 [ 77.905582][ T4093] [ 77.908599][ T4093] Kernel panic - not syncing: panic_on_warn set ... [ 77.915261][ T4093] CPU: 0 PID: 4093 Comm: syz-executor196 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0 [ 77.925839][ T4093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 77.935893][ T4093] Call Trace: [ 77.939161][ T4093] [ 77.942091][ T4093] dump_stack_lvl+0x1b1/0x28e [ 77.946825][ T4093] ? nf_tcp_handle_invalid+0x62e/0x62e [ 77.952280][ T4093] ? panic+0x710/0x710 [ 77.956347][ T4093] ? vscnprintf+0x59/0x80 [ 77.960670][ T4093] ? up_write+0x4f0/0x580 [ 77.964988][ T4093] panic+0x2d6/0x710 [ 77.968961][ T4093] ? __warn+0x131/0x220 [ 77.973108][ T4093] ? memcpy_page_flushcache+0xfc/0xfc [ 77.978476][ T4093] ? up_write+0x4f9/0x580 [ 77.982803][ T4093] __warn+0x1fa/0x220 [ 77.986774][ T4093] ? up_write+0x4f9/0x580 [ 77.991092][ T4093] report_bug+0x1b3/0x2d0 [ 77.995420][ T4093] handle_bug+0x3d/0x70 [ 77.999567][ T4093] exc_invalid_op+0x16/0x40 [ 78.004071][ T4093] asm_exc_invalid_op+0x16/0x20 [ 78.008928][ T4093] RIP: 0010:up_write+0x4f9/0x580 [ 78.013950][ T4093] Code: c7 c0 a3 ed 8a 48 c7 c6 60 a6 ed 8a 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 31 c0 53 e8 ab 7c e8 ff 48 83 c4 08 <0f> 0b e9 6b fd ff ff 48 c7 c1 18 2a 76 8e 80 e1 07 80 c1 03 38 c1 [ 78.034178][ T4093] RSP: 0018:ffffc900043ffd40 EFLAGS: 00010292 [ 78.040237][ T4093] RAX: 7c48dcb6c422ab00 RBX: ffffffff8aeda4a0 RCX: ffff888078ce57c0 [ 78.048208][ T4093] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 78.056172][ T4093] RBP: ffffc900043ffe10 R08: ffffffff816e5c7d R09: fffff5200087ff21 [ 78.064139][ T4093] R10: fffff5200087ff21 R11: 1ffff9200087ff20 R12: 0000000000000000 [ 78.072119][ T4093] R13: ffff888072216a70 R14: 1ffff9200087ffb0 R15: dffffc0000000000 [ 78.080100][ T4093] ? __wake_up_klogd+0xcd/0x100 [ 78.084955][ T4093] ? __up_read+0x690/0x690 [ 78.089778][ T4093] ? do_raw_spin_unlock+0x134/0x8a0 [ 78.094976][ T4093] do_mkdirat+0x2de/0x550 [ 78.099304][ T4093] ? __check_object_size+0x15a/0x210 [ 78.104587][ T4093] ? vfs_mkdir+0x590/0x590 [ 78.109015][ T4093] ? getname_flags+0x1ea/0x4e0 [ 78.113778][ T4093] __x64_sys_mkdirat+0x85/0x90 [ 78.118537][ T4093] do_syscall_64+0x3d/0xb0 [ 78.122958][ T4093] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.128865][ T4093] RIP: 0033:0x7f687c635589 [ 78.133270][ T4093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.153740][ T4093] RSP: 002b:00007f68743c02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 78.162144][ T4093] RAX: ffffffffffffffda RBX: 00007f687c6d97b0 RCX: 00007f687c635589 [ 78.170111][ T4093] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 78.178083][ T4093] RBP: 00007f687c6d97bc R08: 00007f68743c0700 R09: 0000000000000000 [ 78.186091][ T4093] R10: 00007f68743c0700 R11: 0000000000000246 R12: 00007f687c6a6258 [ 78.194169][ T4093] R13: 0032656c69662f2e R14: 69662f7375622f2e R15: 00007f687c6d97b8 [ 78.202142][ T4093] [ 78.205378][ T4093] Kernel Offset: disabled [ 78.209758][ T4093] Rebooting in 86400 seconds..