./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2013680412 <...> Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts. execve("./syz-executor2013680412", ["./syz-executor2013680412"], 0x7ffd6f223370 /* 10 vars */) = 0 brk(NULL) = 0x555556a34000 brk(0x555556a34d40) = 0x555556a34d40 arch_prctl(ARCH_SET_FS, 0x555556a343c0) = 0 set_tid_address(0x555556a34690) = 5036 set_robust_list(0x555556a346a0, 24) = 0 rseq(0x555556a34ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2013680412", 4096) = 28 getrandom("\x35\x15\x42\x4f\x5f\x18\x38\xb6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556a34d40 brk(0x555556a55d40) = 0x555556a55d40 brk(0x555556a56000) = 0x555556a56000 mprotect(0x7f09580b8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.qD25UE", 0700) = 0 chmod("./syzkaller.qD25UE", 0777) = 0 chdir("./syzkaller.qD25UE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5037 ./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x555556a346a0, 24) = 0 [pid 5037] chdir("./0") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5037] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5039 attached => {parent_tid=[5039]}, 88) = 5039 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5037] <... futex resumed>) = 0 [pid 5039] <... rseq resumed>) = 0 [pid 5039] set_robust_list(0x7f0957fd49a0, 24 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5039] <... set_robust_list resumed>) = 0 [pid 5037] <... mmap resumed>) = 0x7f0957f93000 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] memfd_create("syzkaller", 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5040]}, 88) = 5040 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5040 attached [pid 5040] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5040] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5040] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... memfd_create resumed>) = 4 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] <... futex resumed>) = 1 [pid 5040] memfd_create("syzkaller", 0 [pid 5039] <... mmap resumed>) = 0x7f094fb93000 [pid 5037] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] <... memfd_create resumed>) = 5 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5040] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5039] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5040] <... write resumed>) = 2097152 [pid 5040] munmap(0x7f0947793000, 2097152) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5039] <... write resumed>) = 2097152 [pid 5040] ioctl(6, LOOP_SET_FD, 5 [ 59.285472][ T5039] syz-executor201[5039]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 59.295968][ T27] audit: type=1800 audit(1695716745.782:2): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5039] munmap(0x7f094fb93000, 2097152) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5039] ioctl(7, LOOP_SET_FD, 4 [pid 5040] <... ioctl resumed>) = 0 [pid 5039] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5039] ioctl(7, LOOP_CLR_FD) = 0 [pid 5040] close(5) = 0 [pid 5040] mkdir("./file2", 0777) = 0 [pid 5039] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5039] close(7) = 0 [pid 5040] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5039] close(4) = 0 [pid 5039] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... mount resumed>) = 0 [pid 5040] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5040] chdir("./file2") = 0 [pid 5040] ioctl(6, LOOP_CLR_FD) = 0 [pid 5040] close(6) = 0 [pid 5040] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5039] lchown("./file2", 0, 0 [pid 5037] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = 1 [ 59.358886][ T5040] loop0: detected capacity change from 0 to 4096 [ 59.375569][ T5040] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5040] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... lchown resumed>) = 0 [pid 5039] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5039] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] exit_group(0 [pid 5040] <... futex resumed>) = ? [pid 5037] <... exit_group resumed>) = ? [pid 5039] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 [ 59.431921][ T5039] ntfs3: loop0: ino=0, attr_set_size [ 59.437984][ T5039] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5041 attached , child_tidptr=0x555556a34690) = 5041 [pid 5041] set_robust_list(0x555556a346a0, 24) = 0 [pid 5041] chdir("./1") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5041] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5042 attached [pid 5042] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5042] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5042] memfd_create("syzkaller", 0 [pid 5041] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5041] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5042] <... memfd_create resumed>) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5041] <... mprotect resumed>) = 0 [pid 5042] <... mmap resumed>) = 0x7f094fb93000 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5043 attached [pid 5043] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5043] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... clone3 resumed> => {parent_tid=[5043]}, 88) = 5043 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5041] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5043] <... open resumed>) = 4 [pid 5042] <... write resumed>) = 2097152 [pid 5043] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] munmap(0x7f094fb93000, 2097152 [pid 5043] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5043] memfd_create("syzkaller", 0 [pid 5041] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] <... memfd_create resumed>) = 5 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5042] <... munmap resumed>) = 0 [pid 5043] <... mmap resumed>) = 0x7f0947993000 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5042] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file2", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5043] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5042] <... mount resumed>) = 0 [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file2") = 0 [pid 5042] ioctl(6, LOOP_CLR_FD) = 0 [pid 5042] close(6) = 0 [pid 5042] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... write resumed>) = 2097152 [ 59.546211][ T27] audit: type=1800 audit(1695716746.022:3): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.571399][ T5042] loop0: detected capacity change from 0 to 4096 [ 59.582951][ T5042] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5043] munmap(0x7f0947993000, 2097152) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5043] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5043] ioctl(6, LOOP_CLR_FD) = 0 [pid 5043] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5043] close(6) = 0 [pid 5043] close(5) = 0 [pid 5043] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5042] lchown("./file2", 0, 0 [pid 5041] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... lchown resumed>) = 0 [pid 5042] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] <... futex resumed>) = 0 [pid 5042] write(-1, NULL, 0 [pid 5041] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5042] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = 0 [pid 5041] exit_group(0 [pid 5043] <... futex resumed>) = ? [pid 5042] <... futex resumed>) = ? [pid 5041] <... exit_group resumed>) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 [ 59.652874][ T5042] ntfs3: loop0: ino=0, attr_set_size [ 59.658184][ T5042] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x555556a346a0, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5044 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5044] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5045] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... clone3 resumed> => {parent_tid=[5045]}, 88) = 5045 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5045] memfd_create("syzkaller", 0 [pid 5044] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5045] <... memfd_create resumed>) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5044] <... mmap resumed>) = 0x7f0957f93000 [pid 5045] <... mmap resumed>) = 0x7f094fb93000 [pid 5044] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5046 attached [pid 5045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5046] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5044] <... clone3 resumed> => {parent_tid=[5046]}, 88) = 5046 [pid 5046] set_robust_list(0x7f0957fb39a0, 24 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5046] <... set_robust_list resumed>) = 0 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5044] <... futex resumed>) = 0 [pid 5046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5044] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... open resumed>) = 4 [pid 5045] <... write resumed>) = 2097152 [pid 5045] munmap(0x7f094fb93000, 2097152 [pid 5046] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... munmap resumed>) = 0 [pid 5046] <... futex resumed>) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5046] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5044] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5046] memfd_create("syzkaller", 0 [pid 5044] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5046] <... memfd_create resumed>) = 5 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947993000 [pid 5045] <... openat resumed>) = 6 [pid 5045] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file2", 0777 [pid 5046] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5045] <... mkdir resumed>) = 0 [ 59.767336][ T27] audit: type=1800 audit(1695716746.242:4): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 59.803328][ T5045] loop0: detected capacity change from 0 to 4096 [pid 5045] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5046] <... write resumed>) = 2097152 [pid 5046] munmap(0x7f0947993000, 2097152) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5046] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5046] ioctl(3, LOOP_CLR_FD) = 0 [pid 5046] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5046] close(3) = 0 [pid 5045] <... mount resumed>) = 0 [pid 5046] close(5 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(6, LOOP_CLR_FD) = 0 [pid 5045] close(6) = 0 [pid 5045] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... close resumed>) = 0 [pid 5046] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] lchown("./file2", 0, 0 [pid 5046] <... futex resumed>) = 1 [pid 5044] <... futex resumed>) = 1 [ 59.816621][ T5045] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5046] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... lchown resumed>) = 0 [pid 5045] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5044] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] write(-1, NULL, 0 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5044] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5045] <... futex resumed>) = 0 [pid 5044] exit_group(0 [pid 5046] <... futex resumed>) = ? [pid 5044] <... exit_group resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5047 ./strace-static-x86_64: Process 5047 attached [ 59.863123][ T5045] ntfs3: loop0: ino=0, attr_set_size [ 59.868892][ T5045] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5047] set_robust_list(0x555556a346a0, 24) = 0 [pid 5047] chdir("./3") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5047] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] memfd_create("syzkaller", 0 [pid 5047] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5048] <... memfd_create resumed>) = 3 [pid 5047] <... mmap resumed>) = 0x7f0957f93000 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5047] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5048] <... mmap resumed>) = 0x7f094fb93000 [pid 5047] <... mprotect resumed>) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5049]}, 88) = 5049 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5049 attached [pid 5048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5049] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5049] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5048] <... write resumed>) = 2097152 [pid 5049] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] munmap(0x7f094fb93000, 2097152 [pid 5049] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5049] memfd_create("syzkaller", 0 [pid 5047] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5049] <... memfd_create resumed>) = 5 [pid 5048] <... munmap resumed>) = 0 [pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947993000 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 59.963495][ T27] audit: type=1800 audit(1695716746.442:5): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5048] ioctl(6, LOOP_SET_FD, 3 [pid 5049] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5048] <... ioctl resumed>) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file2", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5049] <... write resumed>) = 2097152 [pid 5049] munmap(0x7f0947993000, 2097152) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5049] ioctl(3, LOOP_CLR_FD) = 0 [pid 5049] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5049] close(3) = 0 [pid 5049] close(5 [pid 5048] <... mount resumed>) = 0 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file2") = 0 [pid 5048] ioctl(6, LOOP_CLR_FD) = 0 [pid 5048] close(6) = 0 [pid 5048] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... close resumed>) = 0 [ 60.004407][ T5048] loop0: detected capacity change from 0 to 4096 [ 60.015403][ T5048] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5049] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5048] lchown("./file2", 0, 0 [pid 5047] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 1 [pid 5049] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... lchown resumed>) = 0 [pid 5048] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... futex resumed>) = 1 [pid 5048] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5048] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] exit_group(0) = ? [pid 5049] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5048] <... futex resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.069914][ T5048] ntfs3: loop0: ino=0, attr_set_size [ 60.075889][ T5048] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555556a346a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5050 [pid 5050] chdir("./4") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5050] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5051 attached [pid 5051] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5051] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5051] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5051] memfd_create("syzkaller", 0) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5050] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5050] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5052 attached [pid 5052] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5050] <... clone3 resumed> => {parent_tid=[5052]}, 88) = 5052 [pid 5052] <... rseq resumed>) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] set_robust_list(0x7f094fbb39a0, 24 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5050] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] <... futex resumed>) = 0 [pid 5052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5050] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... open resumed>) = 4 [pid 5051] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5052] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5052] memfd_create("syzkaller", 0 [pid 5050] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5052] <... memfd_create resumed>) = 5 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5051] <... write resumed>) = 2097152 [pid 5051] munmap(0x7f094fbb4000, 2097152 [pid 5052] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5051] <... munmap resumed>) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 60.195722][ T27] audit: type=1800 audit(1695716746.672:6): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5051] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file2", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5052] <... write resumed>) = 2097152 [pid 5052] munmap(0x7f0947793000, 2097152) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5052] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5052] ioctl(3, LOOP_CLR_FD) = 0 [pid 5052] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5052] close(3) = 0 [pid 5052] close(5 [pid 5051] <... mount resumed>) = 0 [pid 5051] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./file2") = 0 [pid 5051] ioctl(6, LOOP_CLR_FD) = 0 [pid 5051] close(6) = 0 [pid 5051] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... close resumed>) = 0 [pid 5052] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5050] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.246295][ T5051] loop0: detected capacity change from 0 to 4096 [ 60.256048][ T5051] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5051] lchown("./file2", 0, 0) = 0 [pid 5051] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5051] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = 0 [pid 5050] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5051] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ [pid 5050] <... exit_group resumed>) = ? [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 60.304491][ T5051] ntfs3: loop0: ino=0, attr_set_size [ 60.309816][ T5051] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x555556a346a0, 24) = 0 [pid 5053] chdir("./5") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5053] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5054 attached => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5054] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5054] <... rseq resumed>) = 0 [pid 5053] <... mmap resumed>) = 0x7f0957f93000 [pid 5054] set_robust_list(0x7f0957fd49a0, 24 [pid 5053] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5054] <... set_robust_list resumed>) = 0 [pid 5053] <... mprotect resumed>) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5055 attached [pid 5055] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5053] <... clone3 resumed> => {parent_tid=[5055]}, 88) = 5055 [pid 5055] <... rseq resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] set_robust_list(0x7f0957fb39a0, 24 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5053] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5053] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] memfd_create("syzkaller", 0 [pid 5055] <... open resumed>) = 3 [pid 5054] <... memfd_create resumed>) = 4 [pid 5055] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] memfd_create("syzkaller", 0) = 5 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5053] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] <... mmap resumed>) = 0x7f0947793000 [ 60.390781][ T27] audit: type=1800 audit(1695716746.862:7): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5055] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5054] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5055] <... write resumed>) = 2097152 [pid 5055] munmap(0x7f094fb93000, 2097152) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5055] ioctl(6, LOOP_SET_FD, 5 [pid 5054] <... write resumed>) = 2097152 [pid 5054] munmap(0x7f0947793000, 2097152 [pid 5055] <... ioctl resumed>) = 0 [pid 5055] close(5) = 0 [pid 5055] mkdir("./file2", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5054] <... munmap resumed>) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5054] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5054] ioctl(5, LOOP_CLR_FD) = 0 [pid 5054] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5054] close(5) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... mount resumed>) = 0 [pid 5055] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5055] chdir("./file2") = 0 [pid 5055] ioctl(6, LOOP_CLR_FD) = 0 [ 60.460374][ T5055] loop0: detected capacity change from 0 to 4096 [ 60.471682][ T5055] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5055] close(6) = 0 [pid 5055] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5054] lchown("./file2", 0, 0 [pid 5053] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... lchown resumed>) = 0 [pid 5054] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5053] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] write(-1, NULL, 0 [pid 5053] <... futex resumed>) = 0 [pid 5054] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5053] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5053] exit_group(0 [pid 5054] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 60.527938][ T5054] ntfs3: loop0: ino=0, attr_set_size [ 60.533433][ T5054] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x555556a346a0, 24) = 0 [pid 5056] chdir("./6") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5056 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5056] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5057]}, 88) = 5057 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5056] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 5057 attached [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5057] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 ./strace-static-x86_64: Process 5058 attached [pid 5057] set_robust_list(0x7f0957fd49a0, 24 [pid 5058] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5058] <... rseq resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] <... clone3 resumed> => {parent_tid=[5058]}, 88) = 5058 [pid 5058] set_robust_list(0x7f0957fb39a0, 24 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] <... set_robust_list resumed>) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] memfd_create("syzkaller", 0 [pid 5058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5057] <... memfd_create resumed>) = 4 [pid 5058] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... mmap resumed>) = 0x7f094fb93000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 0 [pid 5058] memfd_create("syzkaller", 0) = 5 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5057] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5058] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5057] <... write resumed>) = 2097153 [ 60.615044][ T27] audit: type=1800 audit(1695716747.092:8): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5057] munmap(0x7f094fb93000, 2097153) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5057] ioctl(6, LOOP_SET_FD, 4 [pid 5058] <... write resumed>) = 2097152 [pid 5058] munmap(0x7f0947793000, 2097152 [pid 5057] <... ioctl resumed>) = 0 [pid 5057] close(4) = 0 [pid 5057] mkdir("./file2", 0777 [pid 5058] <... munmap resumed>) = 0 [pid 5057] <... mkdir resumed>) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5057] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5058] <... openat resumed>) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5058] ioctl(4, LOOP_CLR_FD) = 0 [pid 5058] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5058] close(4) = 0 [pid 5058] close(5 [pid 5057] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5057] ioctl(6, LOOP_CLR_FD [pid 5058] <... close resumed>) = 0 [pid 5058] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5058] lchown("./file2", 0, 0 [pid 5056] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... lchown resumed>) = 0 [pid 5058] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5056] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5058] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [ 60.681067][ T5057] loop0: detected capacity change from 0 to 4096 [ 60.693187][ T5057] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 60.709757][ T5057] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5058] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... ioctl resumed>) = 0 [pid 5057] close(6) = 0 [pid 5057] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] exit_group(0 [pid 5057] <... futex resumed>) = ? [pid 5056] <... exit_group resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5058] <... futex resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 [ 60.764632][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x555556a346a0, 24) = 0 [pid 5059] chdir("./7") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5059] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5059] <... clone3 resumed> => {parent_tid=[5060]}, 88) = 5060 [pid 5060] set_robust_list(0x7f0957fd49a0, 24 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... set_robust_list resumed>) = 0 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5060] memfd_create("syzkaller", 0 [pid 5059] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] <... memfd_create resumed>) = 3 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5059] <... mmap resumed>) = 0x7f0957f93000 [pid 5059] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5060] <... mmap resumed>) = 0x7f094fb93000 [pid 5059] <... mprotect resumed>) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5061 attached => {parent_tid=[5061]}, 88) = 5061 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] <... rseq resumed>) = 0 [pid 5061] set_robust_list(0x7f0957fb39a0, 24 [pid 5059] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... set_robust_list resumed>) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5061] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5061] <... futex resumed>) = 1 [pid 5061] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... write resumed>) = 2097152 [pid 5060] munmap(0x7f094fb93000, 2097152 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5061] memfd_create("syzkaller", 0 [pid 5059] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] <... memfd_create resumed>) = 5 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5060] <... munmap resumed>) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5061] <... mmap resumed>) = 0x7f0947993000 [pid 5060] <... openat resumed>) = 6 [pid 5060] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file2", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5061] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5060] <... mount resumed>) = 0 [pid 5060] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file2") = 0 [pid 5060] ioctl(6, LOOP_CLR_FD) = 0 [pid 5060] close(6) = 0 [pid 5060] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... write resumed>) = 2097152 [pid 5061] munmap(0x7f0947993000, 2097152) = 0 [ 60.877664][ T27] audit: type=1800 audit(1695716747.352:9): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 60.904095][ T5060] loop0: detected capacity change from 0 to 4096 [ 60.913628][ T5060] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5061] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5061] ioctl(6, LOOP_CLR_FD) = 0 [pid 5061] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5061] close(6) = 0 [pid 5061] close(5) = 0 [pid 5061] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 0 [pid 5060] lchown("./file2", 0, 0 [pid 5061] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... lchown resumed>) = 0 [pid 5060] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] write(-1, NULL, 0 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5059] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5059] exit_group(0 [pid 5060] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 60.976285][ T5060] ntfs3: loop0: ino=0, attr_set_size [ 60.982032][ T5060] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x555556a34690) = 5062 [pid 5062] set_robust_list(0x555556a346a0, 24) = 0 [pid 5062] chdir("./8") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5062] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5063 attached => {parent_tid=[5063]}, 88) = 5063 [pid 5063] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5062] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] <... rseq resumed>) = 0 [pid 5063] set_robust_list(0x7f0957fd49a0, 24 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5064]}, 88) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5063] memfd_create("syzkaller", 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5063] <... memfd_create resumed>) = 3 [pid 5064] <... rseq resumed>) = 0 [pid 5064] set_robust_list(0x7f0957fb39a0, 24 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] <... mmap resumed>) = 0x7f094fb93000 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5064] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5064] <... futex resumed>) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5064] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5064] memfd_create("syzkaller", 0) = 5 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5062] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... write resumed>) = 2097153 [pid 5063] munmap(0x7f094fb93000, 2097153) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 61.064336][ T27] audit: type=1800 audit(1695716747.542:10): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5063] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file2", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5064] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5063] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5063] ioctl(6, LOOP_CLR_FD [pid 5064] <... write resumed>) = 2097152 [pid 5064] munmap(0x7f0947793000, 2097152) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5064] close(3) = 0 [pid 5064] close(5) = 0 [pid 5064] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5064] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5064] lchown("./file2", 0, 0 [pid 5062] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... lchown resumed>) = 0 [pid 5064] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5064] <... futex resumed>) = 1 [pid 5062] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] write(-1, NULL, 0 [pid 5062] <... futex resumed>) = 0 [pid 5064] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 61.109473][ T5063] loop0: detected capacity change from 0 to 4096 [ 61.122015][ T5063] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 61.138105][ T5063] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(6) = 0 [pid 5063] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] exit_group(0 [pid 5064] <... futex resumed>) = ? [pid 5062] <... exit_group resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x555556a34690) = 5065 [pid 5065] set_robust_list(0x555556a346a0, 24) = 0 [ 61.201392][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5065] chdir("./9") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5065] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5066 attached => {parent_tid=[5066]}, 88) = 5066 [pid 5066] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... rseq resumed>) = 0 [pid 5066] set_robust_list(0x7f0957fd49a0, 24 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5066] memfd_create("syzkaller", 0 [pid 5065] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5065] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5066] <... memfd_create resumed>) = 3 [pid 5065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 ./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5067] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5066] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5065] <... futex resumed>) = 1 [pid 5065] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... write resumed>) = 2097152 [pid 5067] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] munmap(0x7f094fb93000, 2097152 [pid 5067] <... futex resumed>) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] memfd_create("syzkaller", 0 [pid 5066] <... munmap resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5066] ioctl(6, LOOP_SET_FD, 3 [pid 5067] <... memfd_create resumed>) = 5 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5067] <... mmap resumed>) = 0x7f0947993000 [pid 5066] <... close resumed>) = 0 [pid 5066] mkdir("./file2", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file2", "ntfs3", 0, "") = 0 [pid 5066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file2") = 0 [pid 5066] ioctl(6, LOOP_CLR_FD) = 0 [pid 5066] close(6) = 0 [pid 5066] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.293493][ T27] audit: type=1800 audit(1695716747.772:11): pid=5067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 61.319443][ T5066] loop0: detected capacity change from 0 to 4096 [ 61.332916][ T5066] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5067] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5067] munmap(0x7f0947993000, 2097152) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5067] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5067] ioctl(6, LOOP_CLR_FD) = 0 [pid 5067] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5067] close(6) = 0 [pid 5067] close(5) = 0 [pid 5067] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5065] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] lchown("./file2", 0, 0 [pid 5067] <... futex resumed>) = 1 [pid 5067] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... lchown resumed>) = 0 [pid 5066] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5065] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] write(-1, NULL, 0 [pid 5065] <... futex resumed>) = 0 [pid 5066] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.416310][ T5066] ntfs3: loop0: ino=0, attr_set_size [ 61.421717][ T5066] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x555556a346a0, 24) = 0 [pid 5068] chdir("./10") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5068] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5069 attached [pid 5069] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5069] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] memfd_create("syzkaller", 0 [pid 5068] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] <... memfd_create resumed>) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5068] <... mmap resumed>) = 0x7f094fb93000 [pid 5068] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5070 attached => {parent_tid=[5070]}, 88) = 5070 [pid 5070] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f094fbb39a0, 24 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5068] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5070] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... write resumed>) = 2097152 [pid 5070] <... futex resumed>) = 1 [pid 5069] munmap(0x7f094fbb4000, 2097152 [pid 5070] memfd_create("syzkaller", 0) = 5 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... munmap resumed>) = 0 [pid 5070] <... mmap resumed>) = 0x7f0947793000 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5069] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file2", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5070] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5069] <... mount resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file2") = 0 [pid 5069] ioctl(6, LOOP_CLR_FD) = 0 [pid 5069] close(6) = 0 [pid 5069] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... write resumed>) = 2097152 [ 61.541052][ T5069] loop0: detected capacity change from 0 to 4096 [ 61.552982][ T5069] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5070] munmap(0x7f0947793000, 2097152) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5070] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5070] ioctl(6, LOOP_CLR_FD) = 0 [pid 5070] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5070] close(6) = 0 [pid 5070] close(5) = 0 [pid 5070] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5068] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] lchown("./file2", 0, 0) = 0 [pid 5069] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] write(-1, NULL, 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] <... futex resumed>) = 0 [pid 5068] exit_group(0 [pid 5070] <... futex resumed>) = ? [pid 5068] <... exit_group resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 61.622019][ T5069] ntfs3: loop0: ino=0, attr_set_size [ 61.627406][ T5069] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x555556a34690) = 5071 [pid 5071] set_robust_list(0x555556a346a0, 24) = 0 [pid 5071] chdir("./11") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5071] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5072]}, 88) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5071] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5072] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5071] <... mprotect resumed>) = 0 [pid 5072] <... rseq resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5072] set_robust_list(0x7f0957fd49a0, 24 [pid 5071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5073 attached [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5071] <... clone3 resumed> => {parent_tid=[5073]}, 88) = 5073 [pid 5073] <... rseq resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] set_robust_list(0x7f0957fb39a0, 24 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] <... futex resumed>) = 0 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] <... open resumed>) = 3 [pid 5073] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5073] memfd_create("syzkaller", 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... memfd_create resumed>) = 5 [pid 5072] <... memfd_create resumed>) = 4 [pid 5071] <... futex resumed>) = 0 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... mmap resumed>) = 0x7f094fb93000 [pid 5072] <... mmap resumed>) = 0x7f0947793000 [pid 5072] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5073] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5072] <... write resumed>) = 2097152 [pid 5072] munmap(0x7f0947793000, 2097152 [pid 5073] <... write resumed>) = 2097152 [pid 5073] munmap(0x7f094fb93000, 2097152 [pid 5072] <... munmap resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5072] ioctl(6, LOOP_SET_FD, 4 [pid 5073] <... munmap resumed>) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5073] ioctl(7, LOOP_SET_FD, 5 [pid 5072] <... ioctl resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5073] ioctl(7, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] mkdir("./file2", 0777) = 0 [pid 5073] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5073] close(7) = 0 [pid 5072] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5073] close(5) = 0 [pid 5073] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] lchown("./file2", 0, 0) = 0 [pid 5073] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 1 [pid 5071] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5073] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 1 [pid 5071] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... mount resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5072] chdir("./file2") = 0 [pid 5072] ioctl(6, LOOP_CLR_FD) = 0 [pid 5072] close(6) = 0 [pid 5072] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] exit_group(0 [pid 5073] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5071] <... exit_group resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 61.774469][ T5072] loop0: detected capacity change from 0 to 4096 [ 61.793833][ T5072] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555556a346a0, 24) = 0 [pid 5074] chdir("./12") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5074] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5074] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] <... rseq resumed>) = 0 [pid 5075] set_robust_list(0x7f0957fd49a0, 24 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5075] <... memfd_create resumed>) = 3 [pid 5074] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5074] <... mprotect resumed>) = 0 [pid 5075] <... mmap resumed>) = 0x7f094fb93000 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5076]}, 88) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] set_robust_list(0x7f0957fb39a0, 24 [pid 5074] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5076] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5076] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] memfd_create("syzkaller", 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] <... memfd_create resumed>) = 5 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5075] <... write resumed>) = 2097152 [pid 5075] munmap(0x7f094fb93000, 2097152 [pid 5076] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5075] <... munmap resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5075] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file2", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5076] <... write resumed>) = 2097152 [pid 5076] munmap(0x7f0947793000, 2097152) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5076] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5076] ioctl(3, LOOP_CLR_FD) = 0 [pid 5076] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5076] close(3) = 0 [pid 5076] close(5 [pid 5075] <... mount resumed>) = 0 [pid 5076] <... close resumed>) = 0 [pid 5076] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5076] <... futex resumed>) = 1 [pid 5076] lchown("./file2", 0, 0 [pid 5075] <... openat resumed>) = 3 [pid 5075] chdir("./file2") = 0 [pid 5075] ioctl(6, LOOP_CLR_FD) = 0 [pid 5075] close(6) = 0 [pid 5075] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... lchown resumed>) = 0 [pid 5076] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5074] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5074] <... exit_group resumed>) = ? [pid 5075] <... futex resumed>) = ? [ 61.955115][ T5075] loop0: detected capacity change from 0 to 4096 [ 61.966765][ T5075] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x555556a34690) = 5077 [pid 5077] set_robust_list(0x555556a346a0, 24) = 0 [pid 5077] chdir("./13") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [ 62.023086][ T2835] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 62.030185][ T2835] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5077] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5078 attached [pid 5078] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5078] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] memfd_create("syzkaller", 0 [pid 5077] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... memfd_create resumed>) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5078] <... mmap resumed>) = 0x7f094fb93000 [pid 5077] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5079]}, 88) = 5079 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5079] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] memfd_create("syzkaller", 0 [pid 5078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5077] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] <... memfd_create resumed>) = 5 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5079] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5078] <... write resumed>) = 2097152 [pid 5078] munmap(0x7f094fb93000, 2097152) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5078] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file2", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5079] <... write resumed>) = 2097152 [pid 5079] munmap(0x7f0947793000, 2097152) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5079] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5079] ioctl(3, LOOP_CLR_FD) = 0 [pid 5079] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5079] close(3) = 0 [pid 5079] close(5) = 0 [pid 5079] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5077] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] lchown("./file2", 0, 0 [pid 5077] <... futex resumed>) = 0 [pid 5079] <... lchown resumed>) = 0 [pid 5077] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5077] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] write(-1, NULL, 0 [pid 5077] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5079] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... mount resumed>) = 0 [pid 5078] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file2") = 0 [pid 5078] ioctl(6, LOOP_CLR_FD) = 0 [pid 5078] close(6) = 0 [pid 5078] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ [ 62.142673][ T5078] loop0: detected capacity change from 0 to 4096 [ 62.153413][ T5078] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x555556a346a0, 24) = 0 [pid 5080] chdir("./14") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5080] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5081]}, 88) = 5081 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5081 attached [pid 5081] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5080] <... mmap resumed>) = 0x7f0957f93000 [pid 5080] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5081] <... rseq resumed>) = 0 [pid 5080] <... mprotect resumed>) = 0 [pid 5081] set_robust_list(0x7f0957fd49a0, 24 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5082 attached [pid 5081] <... set_robust_list resumed>) = 0 [pid 5082] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5082] <... rseq resumed>) = 0 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] memfd_create("syzkaller", 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] <... memfd_create resumed>) = 3 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... mmap resumed>) = 0x7f094fb93000 [pid 5082] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5082] memfd_create("syzkaller", 0 [pid 5080] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... memfd_create resumed>) = 5 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5082] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5081] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5082] <... write resumed>) = 2097152 [pid 5081] munmap(0x7f094fb93000, 2097152 [pid 5082] munmap(0x7f0947793000, 2097152) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5081] <... munmap resumed>) = 0 [pid 5082] <... openat resumed>) = 6 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5082] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5081] <... openat resumed>) = 7 [pid 5082] close(5 [pid 5081] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5082] <... close resumed>) = 0 [pid 5081] ioctl(7, LOOP_CLR_FD [pid 5082] mkdir("./file2", 0777 [pid 5081] <... ioctl resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 5082] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5081] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5081] close(7) = 0 [pid 5081] close(3) = 0 [pid 5081] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... mount resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file2") = 0 [pid 5082] ioctl(6, LOOP_CLR_FD) = 0 [ 62.343321][ T5082] loop0: detected capacity change from 0 to 4096 [ 62.353438][ T5082] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5082] close(6) = 0 [pid 5082] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5082] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5081] lchown("./file2", 0, 0 [pid 5080] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... lchown resumed>) = 0 [pid 5081] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5081] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5081] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 62.415615][ T5081] ntfs3: loop0: ino=0, attr_set_size [ 62.421172][ T5081] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555556a34690) = 5083 [pid 5083] set_robust_list(0x555556a346a0, 24) = 0 [pid 5083] chdir("./15") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5083] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5083] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... rseq resumed>) = 0 [pid 5084] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] memfd_create("syzkaller", 0 [pid 5083] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... memfd_create resumed>) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5083] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5085 attached => {parent_tid=[5085]}, 88) = 5085 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5085] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5084] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5085] memfd_create("syzkaller", 0 [pid 5083] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... memfd_create resumed>) = 5 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5084] <... write resumed>) = 2097152 [pid 5084] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5084] ioctl(6, LOOP_SET_FD, 3 [pid 5085] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5084] <... ioctl resumed>) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file2", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5085] <... write resumed>) = 2097152 [pid 5085] munmap(0x7f0947793000, 2097152) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5085] ioctl(3, LOOP_CLR_FD) = 0 [pid 5085] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5085] close(3) = 0 [pid 5085] close(5 [pid 5084] <... mount resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file2") = 0 [pid 5084] ioctl(6, LOOP_CLR_FD) = 0 [pid 5084] close(6) = 0 [pid 5084] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... close resumed>) = 0 [ 62.555337][ T5084] loop0: detected capacity change from 0 to 4096 [ 62.566443][ T5084] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5085] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] lchown("./file2", 0, 0 [pid 5083] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... lchown resumed>) = 0 [pid 5084] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5084] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] exit_group(0) = ? [pid 5085] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 62.620436][ T5084] ntfs3: loop0: ino=0, attr_set_size [ 62.626489][ T5084] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555556a346a0, 24) = 0 [pid 5086] chdir("./16") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5086] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5087 attached => {parent_tid=[5087]}, 88) = 5087 [pid 5087] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] set_robust_list(0x7f0957fd49a0, 24 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5087] memfd_create("syzkaller", 0 [pid 5086] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] <... memfd_create resumed>) = 3 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5087] <... mmap resumed>) = 0x7f094fb93000 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] set_robust_list(0x7f0957fb39a0, 24 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5086] <... futex resumed>) = 0 [pid 5088] <... open resumed>) = 4 [pid 5086] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] memfd_create("syzkaller", 0) = 5 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5087] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5088] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5087] <... write resumed>) = 2097153 [pid 5087] munmap(0x7f094fb93000, 2097153) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5087] ioctl(6, LOOP_SET_FD, 3 [pid 5088] <... write resumed>) = 2097152 [pid 5088] munmap(0x7f0947793000, 2097152 [pid 5087] <... ioctl resumed>) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file2", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5088] <... munmap resumed>) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5088] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5088] ioctl(3, LOOP_CLR_FD) = 0 [pid 5088] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5088] close(3) = 0 [pid 5088] close(5) = 0 [pid 5088] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5086] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] lchown("./file2", 0, 0) = 0 [pid 5088] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5088] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] write(-1, NULL, 0 [pid 5086] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5088] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5087] ioctl(6, LOOP_CLR_FD) = 0 [pid 5087] close(6) = 0 [pid 5087] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5086] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 62.753441][ T5087] loop0: detected capacity change from 0 to 4096 [ 62.763329][ T5087] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 62.792860][ T5087] ntfs3: loop0: failed to replay log file. Can't mount rw! rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x555556a34690) = 5089 [pid 5089] set_robust_list(0x555556a346a0, 24) = 0 [pid 5089] chdir("./17") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5089] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5090 attached => {parent_tid=[5090]}, 88) = 5090 [pid 5090] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... rseq resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] set_robust_list(0x7f0957fd49a0, 24 [pid 5089] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] memfd_create("syzkaller", 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5089] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5091]}, 88) = 5091 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... memfd_create resumed>) = 3 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] <... mmap resumed>) = 0x7f094fb93000 [pid 5089] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5091] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] memfd_create("syzkaller", 0) = 5 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5091] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5090] <... write resumed>) = 2097152 [pid 5090] munmap(0x7f094fb93000, 2097152) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5090] ioctl(6, LOOP_SET_FD, 3 [pid 5091] <... write resumed>) = 2097152 [pid 5091] munmap(0x7f0947793000, 2097152) = 0 [pid 5090] <... ioctl resumed>) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5091] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5090] close(3 [pid 5091] ioctl(7, LOOP_CLR_FD [pid 5090] <... close resumed>) = 0 [pid 5090] mkdir("./file2", 0777 [pid 5091] <... ioctl resumed>) = 0 [pid 5090] <... mkdir resumed>) = 0 [pid 5090] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5091] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5091] close(7) = 0 [pid 5091] close(5) = 0 [pid 5091] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] lchown("./file2", 0, 0) = 0 [pid 5089] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5091] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5089] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... mount resumed>) = 0 [pid 5090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file2") = 0 [pid 5090] ioctl(6, LOOP_CLR_FD) = 0 [pid 5090] close(6) = 0 [pid 5090] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] exit_group(0 [pid 5090] <... futex resumed>) = 0 [pid 5089] <... exit_group resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = ? [ 62.919859][ T5090] loop0: detected capacity change from 0 to 4096 [ 62.937968][ T5090] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5091] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555556a346a0, 24) = 0 [pid 5092] chdir("./18") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5092] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5093] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5092] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5093] memfd_create("syzkaller", 0 [pid 5092] <... mprotect resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5093] <... memfd_create resumed>) = 3 [pid 5092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5093] <... mmap resumed>) = 0x7f094fb93000 ./strace-static-x86_64: Process 5094 attached [pid 5092] <... clone3 resumed> => {parent_tid=[5094]}, 88) = 5094 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5092] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] <... rseq resumed>) = 0 [pid 5092] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5094] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5094] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5094] memfd_create("syzkaller", 0 [pid 5092] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... memfd_create resumed>) = 5 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5093] <... write resumed>) = 2097152 [pid 5093] munmap(0x7f094fb93000, 2097152) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5093] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file2", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5094] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f0947793000, 2097152) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5094] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5094] ioctl(3, LOOP_CLR_FD) = 0 [pid 5094] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5094] close(3) = 0 [pid 5094] close(5) = 0 [pid 5094] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] lchown("./file2", 0, 0) = 0 [pid 5094] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [ 63.127682][ T5093] loop0: detected capacity change from 0 to 4096 [ 63.137143][ T5093] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5094] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... mount resumed>) = 0 [pid 5093] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file2") = 0 [pid 5093] ioctl(6, LOOP_CLR_FD) = 0 [pid 5093] close(6) = 0 [pid 5093] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] exit_group(0 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... exit_group resumed>) = ? [pid 5094] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555556a346a0, 24) = 0 [pid 5095] chdir("./19") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5095] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] memfd_create("syzkaller", 0 [pid 5095] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... memfd_create resumed>) = 3 [pid 5095] <... futex resumed>) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5095] <... mmap resumed>) = 0x7f0957f93000 [pid 5096] <... mmap resumed>) = 0x7f094fb93000 [pid 5095] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5097 attached => {parent_tid=[5097]}, 88) = 5097 [pid 5097] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5097] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] memfd_create("syzkaller", 0) = 5 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5097] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5096] <... write resumed>) = 2097152 [pid 5096] munmap(0x7f094fb93000, 2097152) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5096] ioctl(6, LOOP_SET_FD, 3 [pid 5097] <... write resumed>) = 2097152 [pid 5096] <... ioctl resumed>) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file2", 0777 [pid 5097] munmap(0x7f0947793000, 2097152 [pid 5096] <... mkdir resumed>) = 0 [pid 5096] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5097] <... munmap resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5097] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5097] ioctl(3, LOOP_CLR_FD) = 0 [pid 5097] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5097] close(3) = 0 [pid 5097] close(5) = 0 [pid 5097] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5097] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5097] lchown("./file2", 0, 0) = 0 [pid 5095] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5095] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] write(-1, NULL, 0 [pid 5095] <... futex resumed>) = 0 [pid 5097] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5095] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [ 63.345121][ T5096] loop0: detected capacity change from 0 to 4096 [ 63.353981][ T5096] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5097] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... mount resumed>) = 0 [pid 5096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file2") = 0 [pid 5096] ioctl(6, LOOP_CLR_FD) = 0 [pid 5096] close(6) = 0 [pid 5096] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555556a346a0, 24) = 0 [pid 5098] chdir("./20") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5098 [pid 5098] <... openat resumed>) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5098] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5099 attached [pid 5099] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5098] <... clone3 resumed> => {parent_tid=[5099]}, 88) = 5099 [pid 5099] <... rseq resumed>) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] set_robust_list(0x7f0957fd49a0, 24 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] <... futex resumed>) = 0 [pid 5099] memfd_create("syzkaller", 0 [pid 5098] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5098] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5099] <... memfd_create resumed>) = 3 [pid 5098] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5100]}, 88) = 5100 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] <... mmap resumed>) = 0x7f094fb93000 ./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5100] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5100] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5098] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5100] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5098] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 5 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5099] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5100] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5099] munmap(0x7f094fb93000, 2097152) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5099] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5100] <... write resumed>) = 2097152 [pid 5099] close(3 [pid 5100] munmap(0x7f0947793000, 2097152 [pid 5099] <... close resumed>) = 0 [pid 5100] <... munmap resumed>) = 0 [pid 5099] mkdir("./file2", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5100] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5100] ioctl(3, LOOP_CLR_FD) = 0 [pid 5100] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5100] close(3) = 0 [pid 5100] close(5) = 0 [pid 5100] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] lchown("./file2", 0, 0) = 0 [pid 5100] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5100] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5100] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... mount resumed>) = 0 [pid 5099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file2") = 0 [pid 5099] ioctl(6, LOOP_CLR_FD) = 0 [pid 5099] close(6) = 0 [pid 5099] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.543666][ T5099] loop0: detected capacity change from 0 to 4096 [ 63.559086][ T5099] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5099] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5100] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555556a346a0, 24) = 0 [pid 5101] chdir("./21") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5101] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5102 attached [pid 5102] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5102] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... clone3 resumed> => {parent_tid=[5102]}, 88) = 5102 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5102] memfd_create("syzkaller", 0 [pid 5101] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... memfd_create resumed>) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5101] <... futex resumed>) = 0 [pid 5102] <... mmap resumed>) = 0x7f094fbb4000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5101] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5101] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5103] <... rseq resumed>) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] set_robust_list(0x7f094fbb39a0, 24 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5101] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... futex resumed>) = 0 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5103] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] memfd_create("syzkaller", 0 [pid 5101] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] <... memfd_create resumed>) = 5 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5103] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5102] <... write resumed>) = 2097152 [pid 5102] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5102] ioctl(6, LOOP_SET_FD, 3 [pid 5103] <... write resumed>) = 2097152 [pid 5103] munmap(0x7f0947793000, 2097152 [pid 5102] <... ioctl resumed>) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file2", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5103] <... munmap resumed>) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5103] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5103] ioctl(3, LOOP_CLR_FD) = 0 [pid 5103] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5103] close(3) = 0 [pid 5103] close(5) = 0 [pid 5103] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5103] lchown("./file2", 0, 0) = 0 [pid 5103] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5101] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5103] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... mount resumed>) = 0 [pid 5102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file2") = 0 [ 63.739119][ T5102] loop0: detected capacity change from 0 to 4096 [ 63.751179][ T5102] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5102] ioctl(6, LOOP_CLR_FD) = 0 [pid 5102] close(6) = 0 [pid 5102] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x555556a346a0, 24) = 0 [pid 5104] chdir("./22") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5104 [pid 5104] <... openat resumed>) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5104] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5105]}, 88) = 5105 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5105 attached [pid 5105] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5105] <... rseq resumed>) = 0 [pid 5105] set_robust_list(0x7f0957fd49a0, 24 [pid 5104] <... mmap resumed>) = 0x7f0957f93000 [pid 5105] <... set_robust_list resumed>) = 0 [pid 5104] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] <... mprotect resumed>) = 0 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5106 attached [pid 5106] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5104] <... clone3 resumed> => {parent_tid=[5106]}, 88) = 5106 [pid 5106] <... rseq resumed>) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] set_robust_list(0x7f0957fb39a0, 24 [pid 5105] memfd_create("syzkaller", 0 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5104] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 4 [pid 5105] <... memfd_create resumed>) = 3 [pid 5106] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] memfd_create("syzkaller", 0) = 5 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5105] <... mmap resumed>) = 0x7f094fb93000 [pid 5105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5106] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5105] <... write resumed>) = 2097152 [pid 5105] munmap(0x7f094fb93000, 2097152 [pid 5106] <... write resumed>) = 2097152 [pid 5106] munmap(0x7f0947793000, 2097152 [pid 5105] <... munmap resumed>) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5105] ioctl(6, LOOP_SET_FD, 3 [pid 5106] <... munmap resumed>) = 0 [pid 5105] <... ioctl resumed>) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file2", 0777 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5105] <... mkdir resumed>) = 0 [pid 5105] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5106] <... openat resumed>) = 3 [pid 5106] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5106] ioctl(3, LOOP_CLR_FD) = 0 [pid 5106] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5106] close(3) = 0 [pid 5106] close(5) = 0 [pid 5106] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] lchown("./file2", 0, 0) = 0 [pid 5106] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5104] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5104] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5106] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... mount resumed>) = 0 [pid 5105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file2") = 0 [pid 5105] ioctl(6, LOOP_CLR_FD) = 0 [pid 5105] close(6) = 0 [pid 5105] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] exit_group(0 [pid 5105] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5106] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.942586][ T5105] loop0: detected capacity change from 0 to 4096 [ 63.951924][ T5105] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x555556a34690) = 5107 [pid 5107] set_robust_list(0x555556a346a0, 24) = 0 [pid 5107] chdir("./23") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5107] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5107] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... rseq resumed>) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] set_robust_list(0x7f0957fd49a0, 24 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] <... futex resumed>) = 0 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] memfd_create("syzkaller", 0 [pid 5107] <... futex resumed>) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5107] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5108] <... memfd_create resumed>) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5109 attached ) = 0x7f094fb93000 [pid 5109] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5107] <... clone3 resumed> => {parent_tid=[5109]}, 88) = 5109 [pid 5109] <... rseq resumed>) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5107] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5107] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5109] memfd_create("syzkaller", 0 [pid 5107] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] <... memfd_create resumed>) = 5 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5109] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5108] <... write resumed>) = 2097152 [pid 5108] munmap(0x7f094fb93000, 2097152) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5108] ioctl(6, LOOP_SET_FD, 3 [pid 5109] <... write resumed>) = 2097152 [pid 5109] munmap(0x7f0947793000, 2097152 [pid 5108] <... ioctl resumed>) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file2", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5109] <... munmap resumed>) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5109] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5109] ioctl(3, LOOP_CLR_FD) = 0 [pid 5109] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5109] close(3) = 0 [pid 5109] close(5) = 0 [pid 5109] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5109] lchown("./file2", 0, 0 [pid 5107] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... lchown resumed>) = 0 [pid 5109] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... futex resumed>) = 0 [pid 5107] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] write(-1, NULL, 0 [pid 5107] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5109] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5109] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... mount resumed>) = 0 [pid 5108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file2") = 0 [pid 5108] ioctl(6, LOOP_CLR_FD) = 0 [pid 5108] close(6) = 0 [ 64.109292][ T5108] loop0: detected capacity change from 0 to 4096 [ 64.120172][ T5108] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5108] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5107] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555556a34690) = 5110 [pid 5110] set_robust_list(0x555556a346a0, 24) = 0 [pid 5110] chdir("./24") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5110] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5111] <... rseq resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5110] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... mmap resumed>) = 0x7f094fbb4000 [pid 5110] <... futex resumed>) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5110] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5112 attached [pid 5112] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5110] <... clone3 resumed> => {parent_tid=[5112]}, 88) = 5112 [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f094fbb39a0, 24 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... set_robust_list resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5112] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5112] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] memfd_create("syzkaller", 0) = 5 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5112] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5111] <... write resumed>) = 2097152 [pid 5111] munmap(0x7f094fbb4000, 2097152 [pid 5112] <... write resumed>) = 2097152 [pid 5112] munmap(0x7f0947793000, 2097152 [pid 5111] <... munmap resumed>) = 0 [pid 5112] <... munmap resumed>) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5111] <... openat resumed>) = 6 [pid 5111] ioctl(6, LOOP_SET_FD, 3 [pid 5112] <... openat resumed>) = 7 [pid 5112] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5111] <... ioctl resumed>) = 0 [pid 5112] ioctl(7, LOOP_CLR_FD [pid 5111] close(3 [pid 5112] <... ioctl resumed>) = 0 [pid 5111] <... close resumed>) = 0 [pid 5111] mkdir("./file2", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5112] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5112] close(7) = 0 [pid 5112] close(5) = 0 [pid 5112] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] lchown("./file2", 0, 0) = 0 [pid 5112] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5112] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [ 64.301361][ T5111] loop0: detected capacity change from 0 to 4096 [ 64.311655][ T5111] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5112] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... mount resumed>) = 0 [pid 5111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file2") = 0 [pid 5111] ioctl(6, LOOP_CLR_FD) = 0 [pid 5111] close(6) = 0 [pid 5111] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x555556a34690) = 5113 [pid 5113] set_robust_list(0x555556a346a0, 24) = 0 [pid 5113] chdir("./25") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5113] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5113] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5114] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5115 attached [pid 5115] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5113] <... clone3 resumed> => {parent_tid=[5115]}, 88) = 5115 [pid 5115] <... rseq resumed>) = 0 [pid 5115] set_robust_list(0x7f0957fb39a0, 24 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] <... set_robust_list resumed>) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5114] <... memfd_create resumed>) = 3 [pid 5113] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... open resumed>) = 4 [pid 5115] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] memfd_create("syzkaller", 0) = 5 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5115] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5115] <... write resumed>) = 2097152 [pid 5115] munmap(0x7f094fb93000, 2097152) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 64.445943][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 64.445957][ T27] audit: type=1800 audit(1695716750.922:27): pid=5115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5115] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5115] close(5) = 0 [pid 5115] mkdir("./file2", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f0947793000, 2097152 [pid 5115] <... mount resumed>) = 0 [pid 5115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5114] <... munmap resumed>) = 0 [pid 5115] <... openat resumed>) = 5 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5115] chdir("./file2") = 0 [pid 5114] <... openat resumed>) = 7 [pid 5115] ioctl(6, LOOP_CLR_FD) = 0 [pid 5114] ioctl(7, LOOP_SET_FD, 3 [pid 5115] close(6 [pid 5114] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5115] <... close resumed>) = 0 [pid 5114] ioctl(7, LOOP_CLR_FD [pid 5115] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... ioctl resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] lchown("./file2", 0, 0 [ 64.501842][ T5115] loop0: detected capacity change from 0 to 4096 [ 64.512372][ T5115] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5113] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] ioctl(7, LOOP_SET_FD, 3 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... lchown resumed>) = 0 [pid 5115] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5115] write(-1, NULL, 0 [pid 5113] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5114] close(7) = 0 [pid 5114] close(3) = 0 [pid 5114] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0 [pid 5115] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.553540][ T5115] ntfs3: loop0: ino=0, attr_set_size [ 64.559547][ T5115] ntfs3: loop0: Mark volume as dirty due to NTFS errors newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555556a346a0, 24) = 0 [pid 5116] chdir("./26") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5116] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5117 attached [pid 5117] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5116] <... clone3 resumed> => {parent_tid=[5117]}, 88) = 5117 [pid 5117] <... rseq resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] set_robust_list(0x7f0957fd49a0, 24 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] <... futex resumed>) = 0 [pid 5117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5116] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5117] memfd_create("syzkaller", 0 [pid 5116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5117] <... memfd_create resumed>) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5118 attached => {parent_tid=[5118]}, 88) = 5118 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5118] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5118] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5116] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... open resumed>) = 4 [pid 5117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5118] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5118] memfd_create("syzkaller", 0 [pid 5116] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] <... memfd_create resumed>) = 5 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5117] <... write resumed>) = 2097153 [pid 5117] munmap(0x7f094fb93000, 2097153 [pid 5118] <... mmap resumed>) = 0x7f0947793000 [pid 5117] <... munmap resumed>) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5117] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file2", 0777) = 0 [ 64.684907][ T27] audit: type=1800 audit(1695716751.162:28): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 64.722529][ T5117] loop0: detected capacity change from 0 to 4096 [pid 5117] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5118] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5117] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5117] ioctl(6, LOOP_CLR_FD [pid 5118] <... write resumed>) = 2097152 [pid 5118] munmap(0x7f0947793000, 2097152) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5118] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5118] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5118] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5118] close(3) = 0 [pid 5118] close(5) = 0 [ 64.733884][ T5117] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 64.751713][ T5117] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5118] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] lchown("./file2", 0, 0 [pid 5116] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... lchown resumed>) = 0 [pid 5118] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5118] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... ioctl resumed>) = 0 [pid 5117] close(6) = 0 [pid 5117] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x555556a34690) = 5119 [pid 5119] set_robust_list(0x555556a346a0, 24) = 0 [pid 5119] chdir("./27") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5119] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5120 attached => {parent_tid=[5120]}, 88) = 5120 [pid 5120] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] set_robust_list(0x7f0957fd49a0, 24 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... futex resumed>) = 0 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5119] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 64.803995][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5121]}, 88) = 5121 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] <... memfd_create resumed>) = 3 [pid 5119] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 ./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5121] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... write resumed>) = 2097152 [pid 5119] <... futex resumed>) = 1 [pid 5121] memfd_create("syzkaller", 0 [pid 5120] munmap(0x7f094fb93000, 2097152 [pid 5119] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... memfd_create resumed>) = 5 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5120] <... munmap resumed>) = 0 [ 64.873632][ T27] audit: type=1800 audit(1695716751.352:29): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5120] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5121] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5120] <... mount resumed>) = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] ioctl(6, LOOP_CLR_FD) = 0 [pid 5120] close(6) = 0 [pid 5120] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... write resumed>) = 2097152 [pid 5121] munmap(0x7f0947793000, 2097152) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5121] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5121] ioctl(6, LOOP_CLR_FD) = 0 [pid 5121] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5121] close(6) = 0 [pid 5121] close(5) = 0 [ 64.919681][ T5120] loop0: detected capacity change from 0 to 4096 [ 64.932520][ T5120] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5121] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] lchown("./file2", 0, 0 [pid 5119] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... lchown resumed>) = 0 [pid 5120] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] write(-1, NULL, 0 [pid 5119] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0 [pid 5121] <... futex resumed>) = ? [pid 5120] <... futex resumed>) = ? [pid 5119] <... exit_group resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 64.982635][ T5120] ntfs3: loop0: ino=0, attr_set_size [ 64.988140][ T5120] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x555556a34690) = 5122 [pid 5122] set_robust_list(0x555556a346a0, 24) = 0 [pid 5122] chdir("./28") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5122] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5123 attached => {parent_tid=[5123]}, 88) = 5123 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5122] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5123] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5122] <... mprotect resumed>) = 0 [pid 5123] <... rseq resumed>) = 0 [pid 5123] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5124 attached [pid 5122] <... clone3 resumed> => {parent_tid=[5124]}, 88) = 5124 [pid 5124] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... rseq resumed>) = 0 [pid 5124] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5124] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5123] memfd_create("syzkaller", 0 [pid 5124] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] memfd_create("syzkaller", 0) = 4 [pid 5122] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5123] <... memfd_create resumed>) = 5 [pid 5124] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5124] <... write resumed>) = 2097152 [pid 5124] munmap(0x7f094fb93000, 2097152 [pid 5123] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5124] <... munmap resumed>) = 0 [ 65.076993][ T27] audit: type=1800 audit(1695716751.552:30): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5124] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./file2", 0777) = 0 [pid 5124] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5123] <... write resumed>) = 2097152 [pid 5123] munmap(0x7f0947793000, 2097152) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5123] close(4) = 0 [pid 5123] close(5) = 0 [pid 5123] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... mount resumed>) = 0 [pid 5124] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5124] chdir("./file2") = 0 [pid 5124] ioctl(6, LOOP_CLR_FD) = 0 [ 65.129222][ T5124] loop0: detected capacity change from 0 to 4096 [ 65.140517][ T5124] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5124] close(6) = 0 [pid 5124] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] lchown("./file2", 0, 0 [pid 5122] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... lchown resumed>) = 0 [pid 5123] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5123] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] exit_group(0) = ? [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 [ 65.192349][ T5123] ntfs3: loop0: ino=0, attr_set_size [ 65.197727][ T5123] ntfs3: loop0: Mark volume as dirty due to NTFS errors getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x555556a34690) = 5125 [pid 5125] set_robust_list(0x555556a346a0, 24) = 0 [pid 5125] chdir("./29") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5125] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5126 attached [pid 5126] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5126] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] <... clone3 resumed> => {parent_tid=[5126]}, 88) = 5126 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] memfd_create("syzkaller", 0 [pid 5125] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5126] <... memfd_create resumed>) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5125] <... mmap resumed>) = 0x7f094fb93000 [pid 5125] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0} [pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5125] <... clone3 resumed> => {parent_tid=[5127]}, 88) = 5127 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5127 attached [pid 5127] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5127] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5127] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... write resumed>) = 2097152 [pid 5125] <... futex resumed>) = 0 [pid 5127] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] munmap(0x7f094fbb4000, 2097152 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... munmap resumed>) = 0 [pid 5125] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] memfd_create("syzkaller", 0) = 5 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5126] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5127] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5126] <... mount resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] ioctl(6, LOOP_CLR_FD) = 0 [pid 5126] close(6) = 0 [pid 5127] <... write resumed>) = 2097152 [pid 5127] munmap(0x7f0947793000, 2097152 [pid 5126] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... munmap resumed>) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5127] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 65.314377][ T27] audit: type=1800 audit(1695716751.792:31): pid=5127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 65.338143][ T5126] loop0: detected capacity change from 0 to 4096 [ 65.350389][ T5126] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5127] ioctl(6, LOOP_CLR_FD) = 0 [pid 5127] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5127] close(6) = 0 [pid 5127] close(5) = 0 [pid 5127] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5125] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] lchown("./file2", 0, 0 [pid 5125] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... lchown resumed>) = 0 [pid 5126] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] exit_group(0) = ? [pid 5126] <... futex resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x555556a346a0, 24) = 0 [ 65.411949][ T5126] ntfs3: loop0: ino=0, attr_set_size [ 65.417463][ T5126] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5128] chdir("./30" [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5128 [pid 5128] <... chdir resumed>) = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5128] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5129 attached => {parent_tid=[5129]}, 88) = 5129 [pid 5129] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... rseq resumed>) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] set_robust_list(0x7f0957fd49a0, 24 [pid 5128] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... set_robust_list resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... futex resumed>) = 0 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] <... mmap resumed>) = 0x7f0957f93000 [pid 5129] <... memfd_create resumed>) = 3 [pid 5128] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5128] <... mprotect resumed>) = 0 [pid 5129] <... mmap resumed>) = 0x7f094fb93000 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5130] <... rseq resumed>) = 0 [pid 5128] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] set_robust_list(0x7f0957fb39a0, 24 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] <... set_robust_list resumed>) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5130] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5128] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... open resumed>) = 4 [pid 5129] <... write resumed>) = 2097152 [pid 5129] munmap(0x7f094fb93000, 2097152 [pid 5130] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... munmap resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5130] memfd_create("syzkaller", 0 [pid 5128] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... memfd_create resumed>) = 5 [pid 5128] <... futex resumed>) = 0 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5128] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] <... mmap resumed>) = 0x7f0947993000 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5129] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file2", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5130] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5129] <... mount resumed>) = 0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file2") = 0 [pid 5129] ioctl(6, LOOP_CLR_FD) = 0 [pid 5129] close(6) = 0 [pid 5129] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... write resumed>) = 2097152 [pid 5130] munmap(0x7f0947993000, 2097152) = 0 [ 65.498455][ T27] audit: type=1800 audit(1695716751.972:32): pid=5130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 65.523886][ T5129] loop0: detected capacity change from 0 to 4096 [ 65.536642][ T5129] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5130] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5130] ioctl(6, LOOP_CLR_FD) = 0 [pid 5130] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5130] close(6) = 0 [pid 5130] close(5) = 0 [pid 5130] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5130] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] lchown("./file2", 0, 0) = 0 [pid 5129] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] write(-1, NULL, 0 [pid 5128] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5129] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5130] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 65.595083][ T5129] ntfs3: loop0: ino=0, attr_set_size [ 65.600498][ T5129] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x555556a34690) = 5131 [pid 5131] set_robust_list(0x555556a346a0, 24) = 0 [pid 5131] chdir("./31") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5131] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5132 attached [pid 5132] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5132] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] memfd_create("syzkaller", 0 [pid 5131] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5132] <... memfd_create resumed>) = 3 [pid 5131] <... mmap resumed>) = 0x7f0957f93000 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5131] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5133]}, 88) = 5133 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5133 attached [pid 5133] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5133] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5133] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5133] memfd_create("syzkaller", 0 [pid 5131] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] <... memfd_create resumed>) = 5 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5133] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5132] munmap(0x7f094fb93000, 2097152 [pid 5133] <... write resumed>) = 2097152 [pid 5133] munmap(0x7f0947793000, 2097152 [pid 5132] <... munmap resumed>) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 65.718192][ T27] audit: type=1800 audit(1695716752.192:33): pid=5133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5132] ioctl(6, LOOP_SET_FD, 3 [pid 5133] <... munmap resumed>) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5133] ioctl(7, LOOP_SET_FD, 5 [pid 5132] <... ioctl resumed>) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file2", 0777 [pid 5133] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5133] ioctl(7, LOOP_CLR_FD) = 0 [pid 5132] <... mkdir resumed>) = 0 [pid 5132] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5133] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5133] close(7) = 0 [pid 5133] close(5) = 0 [pid 5133] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5131] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] lchown("./file2", 0, 0) = 0 [pid 5133] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5133] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... mount resumed>) = 0 [pid 5132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file2") = 0 [pid 5132] ioctl(6, LOOP_CLR_FD) = 0 [pid 5132] close(6) = 0 [pid 5132] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 65.769054][ T5132] loop0: detected capacity change from 0 to 4096 [ 65.780550][ T5132] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5131] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555556a346a0, 24) = 0 [pid 5134] chdir("./32") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5134] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] <... rseq resumed>) = 0 [pid 5135] set_robust_list(0x7f0957fd49a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5134] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5135] memfd_create("syzkaller", 0 [pid 5134] <... mprotect resumed>) = 0 [pid 5135] <... memfd_create resumed>) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5135] <... mmap resumed>) = 0x7f094fb93000 [pid 5134] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5136] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f0957fb39a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5136] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5134] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... open resumed>) = 4 [pid 5136] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] memfd_create("syzkaller", 0) = 5 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5136] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5136] <... write resumed>) = 2097152 [pid 5136] munmap(0x7f0947793000, 2097152 [pid 5135] <... write resumed>) = 2097152 [pid 5135] munmap(0x7f094fb93000, 2097152 [pid 5136] <... munmap resumed>) = 0 [ 65.922010][ T27] audit: type=1800 audit(1695716752.392:34): pid=5136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5136] ioctl(6, LOOP_SET_FD, 5 [pid 5135] <... munmap resumed>) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5135] ioctl(7, LOOP_SET_FD, 3 [pid 5136] <... ioctl resumed>) = 0 [pid 5135] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5135] ioctl(7, LOOP_CLR_FD) = 0 [pid 5136] close(5) = 0 [pid 5136] mkdir("./file2", 0777 [pid 5135] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5135] close(7) = 0 [pid 5136] <... mkdir resumed>) = 0 [pid 5135] close(3 [pid 5136] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5135] <... close resumed>) = 0 [pid 5135] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... mount resumed>) = 0 [pid 5136] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file2") = 0 [pid 5136] ioctl(6, LOOP_CLR_FD) = 0 [pid 5136] close(6) = 0 [pid 5136] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [ 65.978545][ T5136] loop0: detected capacity change from 0 to 4096 [ 65.993312][ T5136] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5135] lchown("./file2", 0, 0) = 0 [pid 5135] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] write(-1, NULL, 0 [pid 5134] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5135] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5136] <... futex resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 [ 66.028326][ T5135] ntfs3: loop0: ino=0, attr_set_size [ 66.034266][ T5135] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x555556a346a0, 24) = 0 [pid 5137] chdir("./33") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5137] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5138 attached [pid 5138] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5138] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... clone3 resumed> => {parent_tid=[5138]}, 88) = 5138 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] memfd_create("syzkaller", 0 [pid 5137] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... memfd_create resumed>) = 3 [pid 5137] <... futex resumed>) = 0 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5137] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5139] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5139] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5137] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5139] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5137] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... write resumed>) = 2097152 [pid 5139] <... futex resumed>) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] munmap(0x7f094fbb4000, 2097152 [pid 5137] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... munmap resumed>) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] memfd_create("syzkaller", 0) = 5 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5138] <... openat resumed>) = 6 [pid 5138] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file2", 0777 [pid 5139] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5138] <... mkdir resumed>) = 0 [ 66.128507][ T27] audit: type=1800 audit(1695716752.602:35): pid=5139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 66.163646][ T5138] loop0: detected capacity change from 0 to 4096 [pid 5138] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5139] <... write resumed>) = 2097152 [pid 5139] munmap(0x7f0947793000, 2097152) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5139] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5139] ioctl(3, LOOP_CLR_FD [pid 5138] <... mount resumed>) = 0 [pid 5139] <... ioctl resumed>) = 0 [pid 5138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 7 [pid 5138] chdir("./file2") = 0 [pid 5138] ioctl(6, LOOP_CLR_FD [pid 5139] ioctl(3, LOOP_SET_FD, 5 [pid 5138] <... ioctl resumed>) = 0 [pid 5139] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5139] close(3 [pid 5138] close(6 [pid 5139] <... close resumed>) = 0 [pid 5139] close(5 [pid 5138] <... close resumed>) = 0 [pid 5139] <... close resumed>) = 0 [pid 5139] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5139] lchown("./file2", 0, 0 [pid 5138] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.178462][ T5138] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5138] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... lchown resumed>) = 0 [pid 5139] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5137] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5138] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] exit_group(0) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 [ 66.228392][ T5139] ntfs3: loop0: ino=0, attr_set_size [ 66.235027][ T5139] ntfs3: loop0: Mark volume as dirty due to NTFS errors getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555556a346a0, 24) = 0 [pid 5140] chdir("./34") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5140] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5141 attached => {parent_tid=[5141]}, 88) = 5141 [pid 5141] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5141] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5140] <... mmap resumed>) = 0x7f0957f93000 [pid 5141] <... mmap resumed>) = 0x7f094fb93000 [pid 5140] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5142 attached => {parent_tid=[5142]}, 88) = 5142 [pid 5142] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] <... rseq resumed>) = 0 [pid 5140] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5142] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5142] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5142] memfd_create("syzkaller", 0) = 5 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5140] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5141] <... write resumed>) = 2097152 [pid 5141] munmap(0x7f094fb93000, 2097152) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 66.343387][ T27] audit: type=1800 audit(1695716752.822:36): pid=5142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5141] ioctl(6, LOOP_SET_FD, 3 [pid 5142] <... write resumed>) = 2097152 [pid 5142] munmap(0x7f0947793000, 2097152 [pid 5141] <... ioctl resumed>) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5142] <... munmap resumed>) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5142] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5142] ioctl(3, LOOP_CLR_FD) = 0 [pid 5142] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5142] close(3) = 0 [pid 5142] close(5) = 0 [pid 5142] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] lchown("./file2", 0, 0) = 0 [pid 5142] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5142] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5142] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... mount resumed>) = 0 [ 66.387065][ T5141] loop0: detected capacity change from 0 to 4096 [ 66.398641][ T5141] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(6, LOOP_CLR_FD) = 0 [pid 5141] close(6) = 0 [pid 5141] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] exit_group(0 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = ? [pid 5141] <... futex resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ [pid 5140] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x555556a346a0, 24) = 0 [pid 5143] chdir("./35") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5143] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5143 ./strace-static-x86_64: Process 5144 attached [pid 5144] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5143] <... clone3 resumed> => {parent_tid=[5144]}, 88) = 5144 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] <... rseq resumed>) = 0 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] set_robust_list(0x7f0957fd49a0, 24 [pid 5143] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] memfd_create("syzkaller", 0 [pid 5143] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... memfd_create resumed>) = 3 [pid 5143] <... futex resumed>) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5143] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5143] <... mprotect resumed>) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] <... mmap resumed>) = 0x7f094fb93000 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5145] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5145] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] memfd_create("syzkaller", 0) = 5 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5144] <... write resumed>) = 2097152 [pid 5144] munmap(0x7f094fb93000, 2097152 [pid 5145] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5144] <... munmap resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5144] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file2", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5145] <... write resumed>) = 2097152 [pid 5145] munmap(0x7f0947793000, 2097152) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5145] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5145] ioctl(3, LOOP_CLR_FD) = 0 [pid 5145] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5145] close(3) = 0 [pid 5145] close(5 [pid 5144] <... mount resumed>) = 0 [pid 5144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file2") = 0 [pid 5144] ioctl(6, LOOP_CLR_FD) = 0 [pid 5144] close(6) = 0 [pid 5144] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... close resumed>) = 0 [pid 5145] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5143] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.574173][ T5144] loop0: detected capacity change from 0 to 4096 [ 66.585959][ T5144] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5144] lchown("./file2", 0, 0) = 0 [pid 5144] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5143] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5144] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x555556a34690) = 5146 [pid 5146] set_robust_list(0x555556a346a0, 24) = 0 [pid 5146] chdir("./36") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [ 66.634917][ T5144] ntfs3: loop0: ino=0, attr_set_size [ 66.640276][ T5144] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5146] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5147 attached => {parent_tid=[5147]}, 88) = 5147 [pid 5147] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... rseq resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5146] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] <... futex resumed>) = 0 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] <... futex resumed>) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5146] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5148]}, 88) = 5148 [pid 5147] <... memfd_create resumed>) = 3 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... mmap resumed>) = 0x7f094fb93000 [pid 5146] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5148 attached [pid 5147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5148] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5148] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5148] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] memfd_create("syzkaller", 0) = 5 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5147] <... write resumed>) = 2097152 [pid 5147] munmap(0x7f094fb93000, 2097152) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5148] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5147] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file2", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5148] <... write resumed>) = 2097152 [pid 5148] munmap(0x7f0947793000, 2097152) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5148] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5148] ioctl(3, LOOP_CLR_FD) = 0 [pid 5148] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5148] close(3) = 0 [pid 5148] close(5) = 0 [pid 5148] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] lchown("./file2", 0, 0 [pid 5146] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... lchown resumed>) = 0 [pid 5148] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] write(-1, NULL, 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5146] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... mount resumed>) = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file2") = 0 [ 66.752448][ T5147] loop0: detected capacity change from 0 to 4096 [ 66.764208][ T5147] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5147] ioctl(6, LOOP_CLR_FD) = 0 [pid 5147] close(6) = 0 [pid 5147] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5146] <... exit_group resumed>) = ? [pid 5147] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x555556a34690) = 5149 [pid 5149] set_robust_list(0x555556a346a0, 24) = 0 [pid 5149] chdir("./37") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5149] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] <... rseq resumed>) = 0 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] set_robust_list(0x7f0957fd49a0, 24 [pid 5149] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] <... mmap resumed>) = 0x7f0957f93000 [pid 5149] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] memfd_create("syzkaller", 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] set_robust_list(0x7f0957fb39a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... futex resumed>) = 0 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5151] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... memfd_create resumed>) = 4 [pid 5151] <... futex resumed>) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5151] memfd_create("syzkaller", 0 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] <... memfd_create resumed>) = 5 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5150] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5151] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5150] <... write resumed>) = 2097152 [pid 5151] munmap(0x7f0947793000, 2097152 [pid 5150] munmap(0x7f094fb93000, 2097152 [pid 5151] <... munmap resumed>) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5150] <... munmap resumed>) = 0 [pid 5151] <... openat resumed>) = 6 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5151] ioctl(6, LOOP_SET_FD, 5 [pid 5150] <... openat resumed>) = 7 [pid 5151] <... ioctl resumed>) = 0 [pid 5150] ioctl(7, LOOP_SET_FD, 4 [pid 5151] close(5 [pid 5150] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5151] <... close resumed>) = 0 [pid 5150] ioctl(7, LOOP_CLR_FD [pid 5151] mkdir("./file2", 0777 [pid 5150] <... ioctl resumed>) = 0 [pid 5151] <... mkdir resumed>) = 0 [pid 5151] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5150] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5150] close(7) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.948863][ T5151] loop0: detected capacity change from 0 to 4096 [ 66.959947][ T5151] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5150] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... mount resumed>) = 0 [pid 5151] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5151] chdir("./file2") = 0 [pid 5151] ioctl(6, LOOP_CLR_FD) = 0 [pid 5151] close(6) = 0 [pid 5151] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5149] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] lchown("./file2", 0, 0) = 0 [pid 5150] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] write(-1, NULL, 0 [pid 5149] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5149] <... exit_group resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 67.030174][ T5150] ntfs3: loop0: ino=0, attr_set_size [ 67.035914][ T5150] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x555556a346a0, 24) = 0 [pid 5152] chdir("./38") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5152] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5153 attached => {parent_tid=[5153]}, 88) = 5153 [pid 5153] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5153] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5153] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5153] memfd_create("syzkaller", 0 [pid 5152] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... memfd_create resumed>) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5152] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5154 attached => {parent_tid=[5154]}, 88) = 5154 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5154] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5154] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5154] memfd_create("syzkaller", 0 [pid 5152] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] <... memfd_create resumed>) = 5 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5154] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5153] <... write resumed>) = 2097152 [pid 5153] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5153] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file2", 0777 [pid 5154] <... write resumed>) = 2097152 [pid 5153] <... mkdir resumed>) = 0 [pid 5154] munmap(0x7f0947793000, 2097152 [pid 5153] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5154] <... munmap resumed>) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5154] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5154] ioctl(3, LOOP_CLR_FD) = 0 [pid 5154] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5154] close(3) = 0 [pid 5154] close(5) = 0 [pid 5154] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] lchown("./file2", 0, 0) = 0 [pid 5154] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [ 67.168315][ T5153] loop0: detected capacity change from 0 to 4096 [ 67.181047][ T5153] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5154] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... mount resumed>) = 0 [pid 5153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file2") = 0 [pid 5153] ioctl(6, LOOP_CLR_FD) = 0 [pid 5153] close(6) = 0 [pid 5153] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5153] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555556a34690) = 5155 [pid 5155] set_robust_list(0x555556a346a0, 24) = 0 [pid 5155] chdir("./39") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5155] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5156 attached => {parent_tid=[5156]}, 88) = 5156 [pid 5156] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... rseq resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] set_robust_list(0x7f0957fd49a0, 24 [pid 5155] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... set_robust_list resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5155] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] memfd_create("syzkaller", 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5156] <... memfd_create resumed>) = 3 [pid 5155] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5156] <... mmap resumed>) = 0x7f094fb93000 ./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5155] <... clone3 resumed> => {parent_tid=[5157]}, 88) = 5157 [pid 5157] <... rseq resumed>) = 0 [pid 5157] set_robust_list(0x7f0957fb39a0, 24 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] <... set_robust_list resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5157] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5155] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... open resumed>) = 4 [pid 5157] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 1 [pid 5157] memfd_create("syzkaller", 0) = 5 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5157] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5156] <... write resumed>) = 2097152 [pid 5156] munmap(0x7f094fb93000, 2097152 [pid 5157] <... write resumed>) = 2097152 [pid 5157] munmap(0x7f0947793000, 2097152 [pid 5156] <... munmap resumed>) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5156] ioctl(6, LOOP_SET_FD, 3 [pid 5157] <... munmap resumed>) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5156] <... ioctl resumed>) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file2", 0777 [pid 5157] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5157] ioctl(7, LOOP_CLR_FD) = 0 [pid 5156] <... mkdir resumed>) = 0 [pid 5156] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5157] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5157] close(7) = 0 [pid 5157] close(5) = 0 [pid 5157] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 0 [pid 5157] lchown("./file2", 0, 0) = 0 [pid 5157] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 1 [pid 5157] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5157] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5157] <... futex resumed>) = 1 [ 67.356546][ T5156] loop0: detected capacity change from 0 to 4096 [ 67.368537][ T5156] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5157] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... mount resumed>) = 0 [pid 5156] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file2") = 0 [pid 5156] ioctl(6, LOOP_CLR_FD) = 0 [pid 5156] close(6) = 0 [pid 5156] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] <... exit_group resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5157] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x555556a346a0, 24) = 0 [pid 5158] chdir("./40") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5158] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5159]}, 88) = 5159 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5158] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5159 attached => {parent_tid=[5160]}, 88) = 5160 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5159] set_robust_list(0x7f0957fd49a0, 24./strace-static-x86_64: Process 5160 attached [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5158] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... rseq resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5160] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5160] <... open resumed>) = 3 [pid 5160] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] memfd_create("syzkaller", 0 [pid 5159] memfd_create("syzkaller", 0 [pid 5160] <... memfd_create resumed>) = 4 [pid 5159] <... memfd_create resumed>) = 5 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5159] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5160] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5159] <... write resumed>) = 2097152 [pid 5159] munmap(0x7f0947793000, 2097152) = 0 [pid 5160] <... write resumed>) = 2097152 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5160] munmap(0x7f094fb93000, 2097152 [pid 5159] <... openat resumed>) = 6 [pid 5159] ioctl(6, LOOP_SET_FD, 5 [pid 5160] <... munmap resumed>) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5160] ioctl(7, LOOP_SET_FD, 4 [pid 5159] <... ioctl resumed>) = 0 [pid 5160] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5160] ioctl(7, LOOP_CLR_FD) = 0 [pid 5159] close(5) = 0 [pid 5159] mkdir("./file2", 0777 [pid 5160] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5160] close(7 [pid 5159] <... mkdir resumed>) = 0 [pid 5160] <... close resumed>) = 0 [pid 5160] close(4 [pid 5159] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5160] <... close resumed>) = 0 [pid 5160] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] lchown("./file2", 0, 0) = 0 [pid 5160] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5160] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5160] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] <... mount resumed>) = 0 [pid 5159] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5159] chdir("./file2") = 0 [pid 5159] ioctl(6, LOOP_CLR_FD) = 0 [pid 5159] close(6) = 0 [pid 5159] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 67.571946][ T5159] loop0: detected capacity change from 0 to 4096 [ 67.594758][ T5159] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x555556a346a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5161 [pid 5161] chdir("./41") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5161] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5162 attached [pid 5162] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5162] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... clone3 resumed> => {parent_tid=[5162]}, 88) = 5162 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5161] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] memfd_create("syzkaller", 0 [pid 5161] <... futex resumed>) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5162] <... memfd_create resumed>) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5161] <... mmap resumed>) = 0x7f094fb93000 [pid 5161] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5163 attached [pid 5163] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5163] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... clone3 resumed> => {parent_tid=[5163]}, 88) = 5163 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5163] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5161] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... open resumed>) = 4 [pid 5163] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5163] memfd_create("syzkaller", 0 [pid 5161] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5163] <... memfd_create resumed>) = 5 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5162] munmap(0x7f094fbb4000, 2097152 [pid 5163] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5162] <... munmap resumed>) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5162] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file2", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5163] <... write resumed>) = 2097152 [pid 5163] munmap(0x7f0947793000, 2097152) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5163] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5163] ioctl(3, LOOP_CLR_FD) = 0 [pid 5163] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5163] close(3) = 0 [pid 5163] close(5) = 0 [pid 5163] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 0 [pid 5163] lchown("./file2", 0, 0) = 0 [pid 5163] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5163] write(-1, NULL, 0 [pid 5161] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5161] <... futex resumed>) = 0 [pid 5163] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... mount resumed>) = 0 [ 67.768629][ T5162] loop0: detected capacity change from 0 to 4096 [ 67.785273][ T5162] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5162] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file2") = 0 [pid 5162] ioctl(6, LOOP_CLR_FD) = 0 [pid 5162] close(6) = 0 [pid 5162] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5163] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ [pid 5161] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555556a34690) = 5164 [pid 5164] set_robust_list(0x555556a346a0, 24) = 0 [pid 5164] chdir("./42") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5164] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5165 attached => {parent_tid=[5165]}, 88) = 5165 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5165] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5164] <... mmap resumed>) = 0x7f0957f93000 [pid 5165] <... rseq resumed>) = 0 [pid 5165] set_robust_list(0x7f0957fd49a0, 24 [pid 5164] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5165] <... set_robust_list resumed>) = 0 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... mprotect resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5165] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5166 attached [pid 5166] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5166] set_robust_list(0x7f0957fb39a0, 24 [pid 5164] <... clone3 resumed> => {parent_tid=[5166]}, 88) = 5166 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5166] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5164] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... memfd_create resumed>) = 4 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5166] <... open resumed>) = 3 [pid 5165] <... mmap resumed>) = 0x7f094fb93000 [pid 5166] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] memfd_create("syzkaller", 0) = 5 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5166] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5165] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5166] <... write resumed>) = 2097152 [pid 5166] munmap(0x7f0947793000, 2097152) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5166] ioctl(6, LOOP_SET_FD, 5 [pid 5165] <... write resumed>) = 2097152 [pid 5165] munmap(0x7f094fb93000, 2097152 [pid 5166] <... ioctl resumed>) = 0 [pid 5166] close(5) = 0 [pid 5166] mkdir("./file2", 0777 [pid 5165] <... munmap resumed>) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5166] <... mkdir resumed>) = 0 [pid 5165] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5166] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5165] ioctl(5, LOOP_CLR_FD) = 0 [pid 5165] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5165] close(5) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... mount resumed>) = 0 [pid 5166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5166] chdir("./file2") = 0 [pid 5166] ioctl(6, LOOP_CLR_FD) = 0 [pid 5166] close(6) = 0 [ 67.976519][ T5166] loop0: detected capacity change from 0 to 4096 [ 67.989212][ T5166] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5166] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5166] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5165] lchown("./file2", 0, 0 [pid 5164] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... lchown resumed>) = 0 [pid 5165] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] write(-1, NULL, 0 [pid 5164] <... futex resumed>) = 0 [pid 5165] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5164] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0 [pid 5166] <... futex resumed>) = ? [pid 5165] <... futex resumed>) = ? [pid 5164] <... exit_group resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 [ 68.043525][ T5165] ntfs3: loop0: ino=0, attr_set_size [ 68.052650][ T5165] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x555556a346a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5167 [pid 5167] <... set_robust_list resumed>) = 0 [pid 5167] chdir("./43") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5167] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5168 attached => {parent_tid=[5168]}, 88) = 5168 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5167] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5168] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 ./strace-static-x86_64: Process 5169 attached [pid 5168] set_robust_list(0x7f0957fd49a0, 24 [pid 5169] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5169] <... rseq resumed>) = 0 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] set_robust_list(0x7f0957fb39a0, 24 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] <... clone3 resumed> => {parent_tid=[5169]}, 88) = 5169 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0 [pid 5169] <... set_robust_list resumed>) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] <... memfd_create resumed>) = 3 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5169] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5168] <... mmap resumed>) = 0x7f094fb93000 [pid 5169] <... open resumed>) = 4 [pid 5169] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5169] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5169] memfd_create("syzkaller", 0 [pid 5167] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] <... memfd_create resumed>) = 5 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5169] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5168] <... write resumed>) = 2097153 [pid 5168] munmap(0x7f094fb93000, 2097153) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5168] ioctl(6, LOOP_SET_FD, 3 [pid 5169] <... write resumed>) = 2097152 [pid 5169] munmap(0x7f0947793000, 2097152 [pid 5168] <... ioctl resumed>) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file2", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5169] <... munmap resumed>) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5169] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5169] ioctl(3, LOOP_CLR_FD) = 0 [pid 5169] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5169] close(3) = 0 [pid 5169] close(5) = 0 [pid 5168] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5168] ioctl(6, LOOP_CLR_FD [pid 5169] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... futex resumed>) = 0 [pid 5168] <... ioctl resumed>) = 0 [pid 5168] close(6 [pid 5167] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... close resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] lchown("./file2", 0, 0) = 0 [pid 5169] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5168] write(-1, NULL, 0 [pid 5167] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5168] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] <... futex resumed>) = 0 [pid 5167] exit_group(0 [pid 5169] <... futex resumed>) = ? [pid 5167] <... exit_group resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 [ 68.188613][ T5168] loop0: detected capacity change from 0 to 4096 [ 68.198228][ T5168] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 68.213253][ T5168] ntfs3: loop0: failed to replay log file. Can't mount rw! mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555556a346a0, 24) = 0 [pid 5170] chdir("./44") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5170] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5170] <... clone3 resumed> => {parent_tid=[5171]}, 88) = 5171 [pid 5171] <... rseq resumed>) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] set_robust_list(0x7f0957fd49a0, 24 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5171] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] <... futex resumed>) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5171] memfd_create("syzkaller", 0 [pid 5170] <... mmap resumed>) = 0x7f0957f93000 [pid 5170] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5171] <... memfd_create resumed>) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5170] <... mprotect resumed>) = 0 [pid 5171] <... mmap resumed>) = 0x7f094fb93000 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5172 attached [pid 5172] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5170] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] <... rseq resumed>) = 0 [pid 5172] set_robust_list(0x7f0957fb39a0, 24 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5170] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... futex resumed>) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5172] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5172] memfd_create("syzkaller", 0) = 5 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5172] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5171] <... write resumed>) = 2097152 [pid 5171] munmap(0x7f094fb93000, 2097152) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5171] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file2", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5172] <... write resumed>) = 2097152 [pid 5172] munmap(0x7f0947793000, 2097152) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5172] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5172] ioctl(3, LOOP_CLR_FD) = 0 [pid 5172] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5172] close(3) = 0 [pid 5172] close(5) = 0 [pid 5172] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5172] lchown("./file2", 0, 0 [pid 5171] <... mount resumed>) = 0 [pid 5170] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5172] <... lchown resumed>) = 0 [pid 5171] <... openat resumed>) = 3 [pid 5171] chdir("./file2") = 0 [pid 5171] ioctl(6, LOOP_CLR_FD) = 0 [ 68.350912][ T5171] loop0: detected capacity change from 0 to 4096 [ 68.359799][ T5171] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5171] close(6) = 0 [pid 5171] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5171] write(-1, NULL, 0 [pid 5170] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5171] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555556a346a0, 24) = 0 [pid 5173] chdir("./45") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.425573][ T2824] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 68.432744][ T2824] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5173] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5174 attached => {parent_tid=[5174]}, 88) = 5174 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5174] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5173] <... mmap resumed>) = 0x7f0957f93000 [pid 5174] <... rseq resumed>) = 0 [pid 5174] set_robust_list(0x7f0957fd49a0, 24 [pid 5173] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5174] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] <... mprotect resumed>) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5173] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] <... rseq resumed>) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5173] <... futex resumed>) = 0 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5173] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... open resumed>) = 3 [pid 5174] <... memfd_create resumed>) = 4 [pid 5175] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5173] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] memfd_create("syzkaller", 0 [pid 5174] <... mmap resumed>) = 0x7f094fb93000 [pid 5175] <... memfd_create resumed>) = 5 [pid 5173] <... futex resumed>) = 0 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5173] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] <... mmap resumed>) = 0x7f0947793000 [pid 5174] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5175] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5175] munmap(0x7f0947793000, 2097152 [pid 5174] <... write resumed>) = 2097152 [pid 5174] munmap(0x7f094fb93000, 2097152 [pid 5175] <... munmap resumed>) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5175] ioctl(6, LOOP_SET_FD, 5 [pid 5174] <... munmap resumed>) = 0 [pid 5175] <... ioctl resumed>) = 0 [pid 5175] close(5) = 0 [pid 5175] mkdir("./file2", 0777) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5175] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5174] <... openat resumed>) = 5 [pid 5174] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5174] ioctl(5, LOOP_CLR_FD) = 0 [pid 5174] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5174] close(5) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... mount resumed>) = 0 [pid 5175] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5175] chdir("./file2") = 0 [pid 5175] ioctl(6, LOOP_CLR_FD) = 0 [pid 5175] close(6) = 0 [pid 5175] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5173] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5173] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 68.543036][ T5175] loop0: detected capacity change from 0 to 4096 [ 68.552440][ T5175] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5174] lchown("./file2", 0, 0) = 0 [pid 5174] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5174] write(-1, NULL, 0 [pid 5173] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5174] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] exit_group(0 [pid 5174] <... futex resumed>) = ? [pid 5175] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5173] <... exit_group resumed>) = ? [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 [ 68.599025][ T5174] ntfs3: loop0: ino=0, attr_set_size [ 68.604690][ T5174] ntfs3: loop0: Mark volume as dirty due to NTFS errors getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x555556a346a0, 24) = 0 [pid 5176] chdir("./46") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5176] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5177 attached => {parent_tid=[5177]}, 88) = 5177 [pid 5177] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] <... rseq resumed>) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] set_robust_list(0x7f0957fd49a0, 24 [pid 5176] <... mmap resumed>) = 0x7f0957f93000 [pid 5176] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5177] <... set_robust_list resumed>) = 0 [pid 5176] <... mprotect resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5178 attached [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5178] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5176] <... clone3 resumed> => {parent_tid=[5178]}, 88) = 5178 [pid 5178] <... rseq resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5178] set_robust_list(0x7f0957fb39a0, 24 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5176] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] <... futex resumed>) = 0 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] <... open resumed>) = 3 [pid 5178] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5177] memfd_create("syzkaller", 0 [pid 5176] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] <... memfd_create resumed>) = 4 [pid 5177] <... memfd_create resumed>) = 5 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5178] <... mmap resumed>) = 0x7f094fb93000 [pid 5177] <... mmap resumed>) = 0x7f0947793000 [pid 5178] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5177] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5178] <... write resumed>) = 2097152 [pid 5178] munmap(0x7f094fb93000, 2097152) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5178] ioctl(6, LOOP_SET_FD, 4 [pid 5177] <... write resumed>) = 2097152 [pid 5178] <... ioctl resumed>) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./file2", 0777 [pid 5177] munmap(0x7f0947793000, 2097152 [pid 5178] <... mkdir resumed>) = 0 [pid 5178] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5177] <... munmap resumed>) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5177] close(4) = 0 [pid 5177] close(5) = 0 [pid 5177] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... mount resumed>) = 0 [pid 5178] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5178] chdir("./file2") = 0 [pid 5178] ioctl(6, LOOP_CLR_FD) = 0 [pid 5178] close(6) = 0 [ 68.751261][ T5178] loop0: detected capacity change from 0 to 4096 [ 68.761104][ T5178] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5178] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] lchown("./file2", 0, 0) = 0 [pid 5177] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5177] <... futex resumed>) = 1 [pid 5176] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] write(-1, NULL, 0 [pid 5176] <... futex resumed>) = 0 [pid 5177] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] <... futex resumed>) = ? [pid 5176] <... exit_group resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 68.816303][ T5177] ntfs3: loop0: ino=0, attr_set_size [ 68.821668][ T5177] ntfs3: loop0: Mark volume as dirty due to NTFS errors rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x555556a34690) = 5179 [pid 5179] set_robust_list(0x555556a346a0, 24) = 0 [pid 5179] chdir("./47") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5179] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5180]}, 88) = 5180 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5179] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5180 attached [pid 5180] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5179] <... mmap resumed>) = 0x7f0957f93000 [pid 5180] set_robust_list(0x7f0957fd49a0, 24 [pid 5179] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5180] <... set_robust_list resumed>) = 0 [pid 5179] <... mprotect resumed>) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5181]}, 88) = 5181 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5181 attached [pid 5180] memfd_create("syzkaller", 0 [pid 5179] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] <... memfd_create resumed>) = 3 [pid 5181] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5181] <... rseq resumed>) = 0 [pid 5179] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] set_robust_list(0x7f0957fb39a0, 24 [pid 5180] <... mmap resumed>) = 0x7f094fb93000 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5181] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5181] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5181] memfd_create("syzkaller", 0 [pid 5179] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] <... memfd_create resumed>) = 5 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5180] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5181] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5180] <... write resumed>) = 2097153 [pid 5181] <... write resumed>) = 2097152 [pid 5181] munmap(0x7f0947793000, 2097152 [pid 5180] munmap(0x7f094fb93000, 2097153 [pid 5181] <... munmap resumed>) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5180] <... munmap resumed>) = 0 [pid 5181] <... openat resumed>) = 6 [pid 5181] ioctl(6, LOOP_SET_FD, 5 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5180] ioctl(7, LOOP_SET_FD, 3 [pid 5181] <... ioctl resumed>) = 0 [pid 5181] close(5 [pid 5180] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5181] <... close resumed>) = 0 [pid 5181] mkdir("./file2", 0777 [pid 5180] ioctl(7, LOOP_CLR_FD [pid 5181] <... mkdir resumed>) = 0 [pid 5180] <... ioctl resumed>) = 0 [pid 5181] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5180] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5180] close(7) = 0 [pid 5180] close(3) = 0 [pid 5180] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... mount resumed>) = 0 [pid 5181] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file2") = 0 [pid 5181] ioctl(6, LOOP_CLR_FD) = 0 [pid 5181] close(6) = 0 [pid 5181] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5181] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] lchown("./file2", 0, 0 [ 68.959421][ T5181] loop0: detected capacity change from 0 to 4096 [ 68.968489][ T5181] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5179] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... lchown resumed>) = 0 [pid 5180] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] write(-1, NULL, 0 [pid 5179] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5180] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0 [pid 5181] <... futex resumed>) = ? [pid 5180] <... futex resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached , child_tidptr=0x555556a34690) = 5182 [pid 5182] set_robust_list(0x555556a346a0, 24) = 0 [pid 5182] chdir("./48") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5182] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 69.017116][ T5180] ntfs3: loop0: ino=0, attr_set_size [ 69.022796][ T5180] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5183]}, 88) = 5183 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5182] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5184 attached ./strace-static-x86_64: Process 5183 attached [pid 5184] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] set_robust_list(0x7f0957fb39a0, 24 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5182] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5182] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... rseq resumed>) = 0 [pid 5183] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] <... open resumed>) = 3 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5183] memfd_create("syzkaller", 0 [pid 5182] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... memfd_create resumed>) = 4 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5183] <... memfd_create resumed>) = 5 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5184] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5184] munmap(0x7f094fb93000, 2097152 [pid 5183] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5184] <... munmap resumed>) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5184] ioctl(6, LOOP_SET_FD, 4 [pid 5183] <... write resumed>) = 2097152 [pid 5183] munmap(0x7f0947793000, 2097152 [pid 5184] <... ioctl resumed>) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file2", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5183] <... munmap resumed>) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5183] close(4) = 0 [pid 5183] close(5) = 0 [pid 5183] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... mount resumed>) = 0 [pid 5184] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5184] chdir("./file2") = 0 [pid 5184] ioctl(6, LOOP_CLR_FD) = 0 [pid 5184] close(6) = 0 [pid 5184] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5184] <... futex resumed>) = 1 [pid 5183] lchown("./file2", 0, 0 [pid 5182] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.135587][ T5184] loop0: detected capacity change from 0 to 4096 [ 69.145276][ T5184] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5184] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... lchown resumed>) = 0 [pid 5183] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5183] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] exit_group(0 [pid 5183] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... futex resumed>) = ? [pid 5183] <... futex resumed>) = ? [pid 5182] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 69.205076][ T5183] ntfs3: loop0: ino=0, attr_set_size [ 69.210839][ T5183] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x555556a346a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5185 [pid 5185] <... set_robust_list resumed>) = 0 [pid 5185] chdir("./49") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5185] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5186]}, 88) = 5186 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5185] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5186 attached ) = 0 [pid 5186] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5186] set_robust_list(0x7f0957fd49a0, 24 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5185] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rseq resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] set_robust_list(0x7f0957fb39a0, 24 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5185] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] <... futex resumed>) = 0 [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5187] <... open resumed>) = 3 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5187] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5187] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5187] memfd_create("syzkaller", 0 [pid 5186] memfd_create("syzkaller", 0 [pid 5185] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5187] <... memfd_create resumed>) = 4 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5186] <... memfd_create resumed>) = 5 [pid 5187] <... mmap resumed>) = 0x7f094fb93000 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5186] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5187] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5187] munmap(0x7f094fb93000, 2097152 [pid 5186] <... write resumed>) = 2097152 [pid 5186] munmap(0x7f0947793000, 2097152 [pid 5187] <... munmap resumed>) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5187] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5187] close(4) = 0 [pid 5187] mkdir("./file2", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5186] <... munmap resumed>) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5186] close(4) = 0 [pid 5186] close(5) = 0 [pid 5186] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] <... mount resumed>) = 0 [ 69.337002][ T5187] loop0: detected capacity change from 0 to 4096 [ 69.345876][ T5187] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5187] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5187] chdir("./file2") = 0 [pid 5187] ioctl(6, LOOP_CLR_FD) = 0 [pid 5187] close(6) = 0 [pid 5187] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] lchown("./file2", 0, 0 [pid 5187] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 1 [pid 5185] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... lchown resumed>) = 0 [pid 5186] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5186] write(-1, NULL, 0 [pid 5185] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5186] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 0 [pid 5185] exit_group(0 [pid 5187] <... futex resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] <... futex resumed>) = ? [pid 5185] <... exit_group resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 69.416875][ T5186] ntfs3: loop0: ino=0, attr_set_size [ 69.423240][ T5186] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555556a346a0, 24) = 0 [pid 5188] chdir("./50") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5188] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5189 attached [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5188 [pid 5188] <... clone3 resumed> => {parent_tid=[5189]}, 88) = 5189 [pid 5189] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] set_robust_list(0x7f0957fd49a0, 24 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] memfd_create("syzkaller", 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5188] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] <... memfd_create resumed>) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5189] <... mmap resumed>) = 0x7f094fb93000 [pid 5188] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5190 attached [pid 5190] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5188] <... clone3 resumed> => {parent_tid=[5190]}, 88) = 5190 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5190] <... rseq resumed>) = 0 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] set_robust_list(0x7f0957fb39a0, 24 [pid 5188] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... set_robust_list resumed>) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5189] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5189] munmap(0x7f094fb93000, 2097152 [pid 5190] <... open resumed>) = 4 [pid 5190] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] memfd_create("syzkaller", 0 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] <... memfd_create resumed>) = 5 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] <... munmap resumed>) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5190] <... mmap resumed>) = 0x7f0947993000 [pid 5189] <... openat resumed>) = 6 [pid 5189] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file2", 0777) = 0 [ 69.505807][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 69.505819][ T27] audit: type=1800 audit(1695716755.982:52): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 69.538118][ T5189] loop0: detected capacity change from 0 to 4096 [pid 5189] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5190] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5189] <... mount resumed>) = 0 [pid 5189] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file2") = 0 [pid 5189] ioctl(6, LOOP_CLR_FD) = 0 [pid 5189] close(6) = 0 [pid 5189] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... write resumed>) = 2097152 [pid 5190] munmap(0x7f0947993000, 2097152) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 69.548031][ T5189] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5190] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5190] ioctl(6, LOOP_CLR_FD) = 0 [pid 5190] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5190] close(6) = 0 [pid 5190] close(5) = 0 [pid 5190] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5190] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] lchown("./file2", 0, 0 [pid 5188] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... lchown resumed>) = 0 [pid 5189] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5189] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] exit_group(0) = ? [pid 5190] <... futex resumed>) = ? [pid 5189] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 [ 69.615862][ T5189] ntfs3: loop0: ino=0, attr_set_size [ 69.621303][ T5189] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555556a346a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5191 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5191] chdir("./51") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5191] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5191] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5192 attached => {parent_tid=[5192]}, 88) = 5192 [pid 5192] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5192] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5191] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5191] <... futex resumed>) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5191] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0} => {parent_tid=[5193]}, 88) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... open resumed>) = 4 [pid 5192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5193] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... write resumed>) = 2097152 [pid 5193] <... futex resumed>) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5193] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5191] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] memfd_create("syzkaller", 0 [pid 5192] munmap(0x7f094fbb4000, 2097152 [pid 5193] <... memfd_create resumed>) = 5 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5192] <... munmap resumed>) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5193] <... mmap resumed>) = 0x7f0947793000 [pid 5192] <... openat resumed>) = 6 [pid 5192] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file2", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5193] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5192] <... mount resumed>) = 0 [pid 5192] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file2") = 0 [pid 5192] ioctl(6, LOOP_CLR_FD) = 0 [pid 5192] close(6) = 0 [pid 5192] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... write resumed>) = 2097152 [pid 5193] munmap(0x7f0947793000, 2097152) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5193] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5193] ioctl(6, LOOP_CLR_FD) = 0 [ 69.711610][ T27] audit: type=1800 audit(1695716756.182:53): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 69.740950][ T5192] loop0: detected capacity change from 0 to 4096 [ 69.751819][ T5192] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5193] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5193] close(6) = 0 [pid 5193] close(5) = 0 [pid 5193] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 0 [pid 5192] lchown("./file2", 0, 0 [pid 5193] <... futex resumed>) = 1 [pid 5193] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... lchown resumed>) = 0 [pid 5192] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5192] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5191] exit_group(0 [pid 5192] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = ? [pid 5192] <... futex resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x555556a346a0, 24) = 0 [pid 5194] chdir("./52") = 0 [ 69.803770][ T5192] ntfs3: loop0: ino=0, attr_set_size [ 69.809303][ T5192] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5194] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5195]}, 88) = 5195 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5194] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5196 attached [pid 5196] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5194] <... clone3 resumed> => {parent_tid=[5196]}, 88) = 5196 [pid 5196] set_robust_list(0x7f0957fb39a0, 24 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5196] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] <... futex resumed>) = 0 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000./strace-static-x86_64: Process 5195 attached ) = 3 [pid 5195] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5195] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5195] memfd_create("syzkaller", 0) = 4 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5196] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5196] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5196] memfd_create("syzkaller", 0 [pid 5194] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5196] <... memfd_create resumed>) = 5 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5195] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 69.887129][ T27] audit: type=1800 audit(1695716756.362:54): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5196] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5195] <... write resumed>) = 2097152 [pid 5196] munmap(0x7f0947793000, 2097152) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5196] ioctl(6, LOOP_SET_FD, 5 [pid 5195] munmap(0x7f094fb93000, 2097152 [pid 5196] <... ioctl resumed>) = 0 [pid 5196] close(5) = 0 [pid 5196] mkdir("./file2", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5195] <... munmap resumed>) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5195] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5195] ioctl(5, LOOP_CLR_FD) = 0 [pid 5195] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5195] close(5) = 0 [pid 5195] close(4 [pid 5196] <... mount resumed>) = 0 [pid 5196] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5196] chdir("./file2") = 0 [pid 5196] ioctl(6, LOOP_CLR_FD) = 0 [pid 5196] close(6) = 0 [pid 5196] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5196] lchown("./file2", 0, 0 [ 69.969849][ T5196] loop0: detected capacity change from 0 to 4096 [ 69.983253][ T5196] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5194] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... close resumed>) = 0 [pid 5195] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] <... lchown resumed>) = 0 [pid 5195] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5194] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] write(-1, NULL, 0 [pid 5194] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5195] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0) = ? [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5196] <... futex resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 [ 70.017522][ T5196] ntfs3: loop0: ino=0, attr_set_size [ 70.031889][ T5196] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached , child_tidptr=0x555556a34690) = 5197 [pid 5197] set_robust_list(0x555556a346a0, 24) = 0 [pid 5197] chdir("./53") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5197] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5198 attached [pid 5198] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5197] <... clone3 resumed> => {parent_tid=[5198]}, 88) = 5198 [pid 5198] <... rseq resumed>) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] set_robust_list(0x7f0957fd49a0, 24 [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] <... futex resumed>) = 0 [pid 5198] memfd_create("syzkaller", 0 [pid 5197] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] <... memfd_create resumed>) = 3 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5197] <... mmap resumed>) = 0x7f0957f93000 [pid 5198] <... mmap resumed>) = 0x7f094fb93000 [pid 5197] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5199 attached => {parent_tid=[5199]}, 88) = 5199 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5199] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5198] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5199] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5199] memfd_create("syzkaller", 0 [pid 5197] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] <... write resumed>) = 2097152 [pid 5197] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... memfd_create resumed>) = 5 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5198] munmap(0x7f094fb93000, 2097152) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5198] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file2", 0777) = 0 [ 70.142461][ T27] audit: type=1800 audit(1695716756.612:55): pid=5199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 70.177416][ T5198] loop0: detected capacity change from 0 to 4096 [pid 5198] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5199] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5199] munmap(0x7f0947793000, 2097152) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5199] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5199] ioctl(3, LOOP_CLR_FD) = 0 [pid 5199] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5199] close(3) = 0 [pid 5198] <... mount resumed>) = 0 [pid 5199] close(5 [pid 5198] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file2") = 0 [pid 5198] ioctl(6, LOOP_CLR_FD) = 0 [pid 5198] close(6) = 0 [pid 5198] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... close resumed>) = 0 [pid 5199] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [ 70.189942][ T5198] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5197] <... futex resumed>) = 1 [pid 5198] lchown("./file2", 0, 0 [pid 5197] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... lchown resumed>) = 0 [pid 5198] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5198] write(-1, NULL, 0 [pid 5197] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5198] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... futex resumed>) = 0 [pid 5197] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5198] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ [pid 5197] <... exit_group resumed>) = ? [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached , child_tidptr=0x555556a34690) = 5200 [ 70.250924][ T5198] ntfs3: loop0: ino=0, attr_set_size [ 70.256520][ T5198] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5200] set_robust_list(0x555556a346a0, 24) = 0 [pid 5200] chdir("./54") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5200] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5200] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5201 attached => {parent_tid=[5201]}, 88) = 5201 [pid 5201] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5201] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5201] memfd_create("syzkaller", 0 [pid 5200] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... memfd_create resumed>) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5200] <... futex resumed>) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5200] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5202 attached [pid 5202] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5202] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... clone3 resumed> => {parent_tid=[5202]}, 88) = 5202 [pid 5201] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5200] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... write resumed>) = 2097152 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5201] munmap(0x7f094fbb4000, 2097152 [pid 5202] memfd_create("syzkaller", 0) = 5 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5201] <... munmap resumed>) = 0 [pid 5202] <... mmap resumed>) = 0x7f0947793000 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5201] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file2", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5202] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5201] <... mount resumed>) = 0 [pid 5201] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file2") = 0 [pid 5201] ioctl(6, LOOP_CLR_FD) = 0 [pid 5201] close(6) = 0 [pid 5201] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... write resumed>) = 2097152 [pid 5202] munmap(0x7f0947793000, 2097152) = 0 [ 70.350900][ T27] audit: type=1800 audit(1695716756.822:56): pid=5202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 70.376085][ T5201] loop0: detected capacity change from 0 to 4096 [ 70.389172][ T5201] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5202] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5202] ioctl(6, LOOP_CLR_FD) = 0 [pid 5202] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5202] close(6) = 0 [pid 5202] close(5) = 0 [pid 5202] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5201] lchown("./file2", 0, 0 [pid 5200] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... lchown resumed>) = 0 [pid 5201] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5201] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] write(-1, NULL, 0 [pid 5200] <... futex resumed>) = 0 [pid 5201] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5200] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] exit_group(0 [pid 5201] <... futex resumed>) = ? [pid 5200] <... exit_group resumed>) = ? [pid 5202] <... futex resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 70.453143][ T5201] ntfs3: loop0: ino=0, attr_set_size [ 70.458543][ T5201] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5203 ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x555556a346a0, 24) = 0 [pid 5203] chdir("./55") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5203] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5204 attached [pid 5204] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5203] <... clone3 resumed> => {parent_tid=[5204]}, 88) = 5204 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] <... rseq resumed>) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] set_robust_list(0x7f0957fd49a0, 24 [pid 5203] <... futex resumed>) = 0 [pid 5204] <... set_robust_list resumed>) = 0 [pid 5203] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] <... futex resumed>) = 0 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5203] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5204] memfd_create("syzkaller", 0 [pid 5203] <... clone3 resumed> => {parent_tid=[5205]}, 88) = 5205 [pid 5205] set_robust_list(0x7f0957fb39a0, 24 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] <... set_robust_list resumed>) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5203] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 4 [pid 5204] <... memfd_create resumed>) = 3 [pid 5205] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] memfd_create("syzkaller", 0) = 5 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5205] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 70.540789][ T27] audit: type=1800 audit(1695716757.012:57): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 70.578548][ T5205] loop0: detected capacity change from 0 to 4096 [pid 5205] munmap(0x7f094fb93000, 2097152) = 0 [pid 5204] <... mmap resumed>) = 0x7f0947993000 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5205] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5205] close(5) = 0 [pid 5205] mkdir("./file2", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5204] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5205] <... mount resumed>) = 0 [pid 5205] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 5 [pid 5205] chdir("./file2") = 0 [pid 5205] ioctl(6, LOOP_CLR_FD) = 0 [pid 5205] close(6) = 0 [pid 5205] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] lchown("./file2", 0, 0 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... write resumed>) = 2097152 [pid 5204] munmap(0x7f0947993000, 2097152 [pid 5205] <... lchown resumed>) = 0 [pid 5205] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 1 [pid 5205] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5205] <... futex resumed>) = 1 [pid 5205] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... munmap resumed>) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5204] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5204] ioctl(6, LOOP_CLR_FD) = 0 [pid 5204] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5204] close(6) = 0 [pid 5204] close(3) = 0 [pid 5204] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] exit_group(0 [pid 5205] <... futex resumed>) = ? [pid 5204] <... futex resumed>) = ? [ 70.588568][ T5205] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 70.625097][ T5205] ntfs3: loop0: ino=0, attr_set_size [ 70.630795][ T5205] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5203] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached , child_tidptr=0x555556a34690) = 5206 [pid 5206] set_robust_list(0x555556a346a0, 24) = 0 [pid 5206] chdir("./56") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5206] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5206] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5207]}, 88) = 5207 ./strace-static-x86_64: Process 5207 attached [pid 5206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5206] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... rseq resumed>) = 0 [pid 5206] <... futex resumed>) = 0 [pid 5207] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5206] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] <... futex resumed>) = 0 [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5206] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5207] memfd_create("syzkaller", 0 [pid 5206] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5208 attached [pid 5207] <... memfd_create resumed>) = 3 [pid 5206] <... clone3 resumed> => {parent_tid=[5208]}, 88) = 5208 [pid 5208] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5206] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... rseq resumed>) = 0 [pid 5208] set_robust_list(0x7f0957fb39a0, 24 [pid 5207] <... mmap resumed>) = 0x7f094fb93000 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5208] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5206] <... futex resumed>) = 0 [pid 5208] memfd_create("syzkaller", 0 [pid 5206] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] <... memfd_create resumed>) = 5 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5208] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5207] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5208] <... write resumed>) = 2097152 [pid 5208] munmap(0x7f0947793000, 2097152) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 70.749899][ T27] audit: type=1800 audit(1695716757.222:58): pid=5208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5208] ioctl(6, LOOP_SET_FD, 5 [pid 5207] <... write resumed>) = 2097152 [pid 5207] munmap(0x7f094fb93000, 2097152 [pid 5208] <... ioctl resumed>) = 0 [pid 5208] close(5) = 0 [pid 5208] mkdir("./file2", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5207] <... munmap resumed>) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5207] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5207] ioctl(5, LOOP_CLR_FD) = 0 [pid 5207] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5207] close(5) = 0 [pid 5207] close(3 [pid 5208] <... mount resumed>) = 0 [pid 5207] <... close resumed>) = 0 [pid 5208] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] chdir("./file2") = 0 [pid 5208] ioctl(6, LOOP_CLR_FD) = 0 [pid 5208] close(6) = 0 [pid 5208] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5208] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5207] lchown("./file2", 0, 0 [ 70.805643][ T5208] loop0: detected capacity change from 0 to 4096 [ 70.817159][ T5208] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5206] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... lchown resumed>) = 0 [pid 5207] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... futex resumed>) = 0 [pid 5207] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5207] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... futex resumed>) = 0 [pid 5206] exit_group(0 [pid 5207] <... futex resumed>) = ? [pid 5206] <... exit_group resumed>) = ? [pid 5208] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 [ 70.856040][ T5207] ntfs3: loop0: ino=0, attr_set_size [ 70.861556][ T5207] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached , child_tidptr=0x555556a34690) = 5209 [pid 5209] set_robust_list(0x555556a346a0, 24) = 0 [pid 5209] chdir("./57") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5209] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5210 attached => {parent_tid=[5210]}, 88) = 5210 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5209] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5210] set_robust_list(0x7f0957fd49a0, 24 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5210] <... set_robust_list resumed>) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5211 attached => {parent_tid=[5211]}, 88) = 5211 [pid 5211] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] <... rseq resumed>) = 0 [pid 5211] set_robust_list(0x7f0957fb39a0, 24 [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] <... set_robust_list resumed>) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] memfd_create("syzkaller", 0 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5209] <... futex resumed>) = 0 [pid 5210] <... memfd_create resumed>) = 3 [pid 5209] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5211] <... open resumed>) = 4 [pid 5210] <... mmap resumed>) = 0x7f094fb93000 [pid 5211] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = 0 [pid 5210] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5209] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5211] memfd_create("syzkaller", 0 [pid 5209] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5211] <... memfd_create resumed>) = 5 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5210] <... write resumed>) = 2097153 [pid 5211] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5210] munmap(0x7f094fb93000, 2097153) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 70.945606][ T27] audit: type=1800 audit(1695716757.422:59): pid=5211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5210] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file2", 0777 [pid 5211] <... write resumed>) = 2097152 [pid 5210] <... mkdir resumed>) = 0 [pid 5211] munmap(0x7f0947793000, 2097152 [pid 5210] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5211] <... munmap resumed>) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5211] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5211] ioctl(3, LOOP_CLR_FD) = 0 [pid 5211] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5211] close(3) = 0 [pid 5211] close(5) = 0 [pid 5211] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5210] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5209] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] lchown("./file2", 0, 0 [pid 5210] ioctl(6, LOOP_CLR_FD [pid 5211] <... lchown resumed>) = 0 [pid 5210] <... ioctl resumed>) = 0 [pid 5211] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5211] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] close(6 [pid 5209] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... close resumed>) = 0 [pid 5209] <... futex resumed>) = 0 [pid 5211] write(-1, NULL, 0 [pid 5209] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5210] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5211] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5209] exit_group(0 [pid 5211] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 71.000130][ T5210] loop0: detected capacity change from 0 to 4096 [ 71.012381][ T5210] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 71.036763][ T5210] ntfs3: loop0: failed to replay log file. Can't mount rw! rmdir("./57/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x555556a346a0, 24) = 0 [pid 5212] chdir("./58") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5212] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5213 attached [pid 5213] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... clone3 resumed> => {parent_tid=[5213]}, 88) = 5213 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5213] memfd_create("syzkaller", 0 [pid 5212] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... memfd_create resumed>) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5212] <... futex resumed>) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5212] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5214 attached [pid 5214] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5214] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... clone3 resumed> => {parent_tid=[5214]}, 88) = 5214 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5212] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5214] <... futex resumed>) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] memfd_create("syzkaller", 0 [pid 5212] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] <... memfd_create resumed>) = 5 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5213] <... write resumed>) = 2097152 [pid 5213] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5213] ioctl(6, LOOP_SET_FD, 3 [ 71.126120][ T27] audit: type=1800 audit(1695716757.602:60): pid=5214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5214] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5213] <... ioctl resumed>) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./file2", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5214] <... write resumed>) = 2097152 [pid 5214] munmap(0x7f0947793000, 2097152) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5214] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5214] ioctl(3, LOOP_CLR_FD) = 0 [pid 5214] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5214] close(3) = 0 [pid 5214] close(5 [pid 5213] <... mount resumed>) = 0 [pid 5213] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] <... close resumed>) = 0 [pid 5213] chdir("./file2" [pid 5214] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... chdir resumed>) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] ioctl(6, LOOP_CLR_FD [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... ioctl resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5214] lchown("./file2", 0, 0 [pid 5213] close(6) = 0 [pid 5213] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.166305][ T5213] loop0: detected capacity change from 0 to 4096 [ 71.175620][ T5213] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5213] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... lchown resumed>) = 0 [pid 5214] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5214] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5213] write(-1, NULL, 0 [pid 5212] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5213] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 71.219370][ T5214] ntfs3: loop0: ino=0, attr_set_size [ 71.225063][ T5214] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x555556a34690) = 5215 [pid 5215] set_robust_list(0x555556a346a0, 24) = 0 [pid 5215] chdir("./59") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5215] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5216 attached [pid 5216] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5216] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... clone3 resumed> => {parent_tid=[5216]}, 88) = 5216 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5215] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0} [pid 5216] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 5217 attached [pid 5217] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5215] <... clone3 resumed> => {parent_tid=[5217]}, 88) = 5217 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] <... rseq resumed>) = 0 [pid 5215] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5217] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... write resumed>) = 2097152 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5216] munmap(0x7f094fbb4000, 2097152 [pid 5217] memfd_create("syzkaller", 0) = 5 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5216] <... munmap resumed>) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5216] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file2", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5217] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5216] <... mount resumed>) = 0 [pid 5216] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file2") = 0 [pid 5216] ioctl(6, LOOP_CLR_FD) = 0 [pid 5216] close(6) = 0 [pid 5216] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... write resumed>) = 2097152 [pid 5217] munmap(0x7f0947793000, 2097152) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5217] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 71.325999][ T27] audit: type=1800 audit(1695716757.802:61): pid=5217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 71.346442][ T5216] loop0: detected capacity change from 0 to 4096 [ 71.358282][ T5216] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5217] ioctl(6, LOOP_CLR_FD) = 0 [pid 5217] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5217] close(6) = 0 [pid 5217] close(5) = 0 [pid 5217] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5216] lchown("./file2", 0, 0 [pid 5215] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... lchown resumed>) = 0 [pid 5216] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5216] write(-1, NULL, 0 [pid 5215] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5215] <... futex resumed>) = 0 [pid 5216] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5215] <... exit_group resumed>) = ? [pid 5217] <... futex resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 [ 71.426868][ T5216] ntfs3: loop0: ino=0, attr_set_size [ 71.432987][ T5216] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x555556a34690) = 5218 [pid 5218] set_robust_list(0x555556a346a0, 24) = 0 [pid 5218] chdir("./60") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5218] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5219] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5218] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5219] memfd_create("syzkaller", 0 [pid 5218] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5220]}, 88) = 5220 ./strace-static-x86_64: Process 5220 attached [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5220] set_robust_list(0x7f0957fb39a0, 24 [pid 5219] <... memfd_create resumed>) = 3 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5218] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... mmap resumed>) = 0x7f094fb93000 [pid 5218] <... futex resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5218] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... open resumed>) = 4 [pid 5220] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5220] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5218] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... memfd_create resumed>) = 5 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5219] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5220] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5219] <... write resumed>) = 2097152 [pid 5219] munmap(0x7f094fb93000, 2097152 [pid 5220] <... write resumed>) = 2097152 [pid 5220] munmap(0x7f0947793000, 2097152 [pid 5219] <... munmap resumed>) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5219] ioctl(6, LOOP_SET_FD, 3 [pid 5220] <... munmap resumed>) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5220] ioctl(7, LOOP_SET_FD, 5 [pid 5219] <... ioctl resumed>) = 0 [pid 5220] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5220] ioctl(7, LOOP_CLR_FD) = 0 [pid 5219] close(3) = 0 [pid 5219] mkdir("./file2", 0777 [pid 5220] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5220] close(7) = 0 [pid 5219] <... mkdir resumed>) = 0 [pid 5220] close(5 [pid 5219] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5220] <... close resumed>) = 0 [pid 5220] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] lchown("./file2", 0, 0) = 0 [pid 5220] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5218] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] write(-1, NULL, 0 [pid 5218] <... futex resumed>) = 0 [pid 5220] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5218] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5220] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... mount resumed>) = 0 [pid 5219] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file2") = 0 [pid 5219] ioctl(6, LOOP_CLR_FD) = 0 [pid 5219] close(6) = 0 [pid 5219] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 71.569350][ T5219] loop0: detected capacity change from 0 to 4096 [ 71.590746][ T5219] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555556a346a0, 24) = 0 [pid 5221] chdir("./61") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5221] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5222 attached [pid 5222] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5221] <... clone3 resumed> => {parent_tid=[5222]}, 88) = 5222 [pid 5222] set_robust_list(0x7f0957fd49a0, 24 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] <... set_robust_list resumed>) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] memfd_create("syzkaller", 0 [pid 5221] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5222] <... memfd_create resumed>) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5221] <... mmap resumed>) = 0x7f0957f93000 [pid 5221] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5222] <... mmap resumed>) = 0x7f094fb93000 [pid 5221] <... mprotect resumed>) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5221] <... clone3 resumed> => {parent_tid=[5223]}, 88) = 5223 [pid 5223] <... rseq resumed>) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] set_robust_list(0x7f0957fb39a0, 24 [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5221] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5221] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... open resumed>) = 4 [pid 5223] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 1 [pid 5223] memfd_create("syzkaller", 0) = 5 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5222] <... write resumed>) = 2097152 [pid 5222] munmap(0x7f094fb93000, 2097152) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5222] ioctl(6, LOOP_SET_FD, 3 [pid 5223] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5222] <... ioctl resumed>) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file2", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5223] <... write resumed>) = 2097152 [pid 5223] munmap(0x7f0947793000, 2097152) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5223] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5223] ioctl(3, LOOP_CLR_FD) = 0 [pid 5223] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5223] close(3) = 0 [pid 5223] close(5 [pid 5222] <... mount resumed>) = 0 [pid 5222] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file2") = 0 [pid 5222] ioctl(6, LOOP_CLR_FD) = 0 [pid 5222] close(6) = 0 [pid 5222] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... close resumed>) = 0 [pid 5223] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5223] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] lchown("./file2", 0, 0 [ 71.772585][ T5222] loop0: detected capacity change from 0 to 4096 [ 71.783320][ T5222] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5221] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... lchown resumed>) = 0 [pid 5222] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] exit_group(0 [pid 5223] <... futex resumed>) = ? [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ [pid 5221] <... exit_group resumed>) = ? [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 71.832734][ T5222] ntfs3: loop0: ino=0, attr_set_size [ 71.838185][ T5222] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x555556a34690) = 5224 [pid 5224] set_robust_list(0x555556a346a0, 24) = 0 [pid 5224] chdir("./62") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5224] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5225 attached => {parent_tid=[5225]}, 88) = 5225 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5224] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5226] set_robust_list(0x7f0957fb39a0, 24 [pid 5225] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5224] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5225] <... rseq resumed>) = 0 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] set_robust_list(0x7f0957fd49a0, 24 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... open resumed>) = 3 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] memfd_create("syzkaller", 0 [pid 5226] <... futex resumed>) = 0 [pid 5224] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] memfd_create("syzkaller", 0 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5226] <... memfd_create resumed>) = 4 [pid 5225] <... memfd_create resumed>) = 5 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5226] <... mmap resumed>) = 0x7f094fb93000 [pid 5225] <... mmap resumed>) = 0x7f0947793000 [pid 5225] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5226] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5225] <... write resumed>) = 2097152 [pid 5225] munmap(0x7f0947793000, 2097152) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5226] <... write resumed>) = 2097152 [pid 5226] munmap(0x7f094fb93000, 2097152 [pid 5225] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5225] close(5) = 0 [pid 5225] mkdir("./file2", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5226] <... munmap resumed>) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5226] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5226] ioctl(5, LOOP_CLR_FD) = 0 [pid 5226] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5226] close(5) = 0 [pid 5226] close(4) = 0 [pid 5226] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5224] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] lchown("./file2", 0, 0 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... lchown resumed>) = 0 [pid 5226] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5226] write(-1, NULL, 0 [pid 5224] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5226] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5226] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... mount resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5225] chdir("./file2") = 0 [pid 5225] ioctl(6, LOOP_CLR_FD) = 0 [pid 5225] close(6) = 0 [pid 5225] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.966393][ T5225] loop0: detected capacity change from 0 to 4096 [ 71.976973][ T5225] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5225] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] exit_group(0 [pid 5226] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] <... futex resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555556a34690) = 5227 [pid 5227] set_robust_list(0x555556a346a0, 24) = 0 [pid 5227] chdir("./63") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5227] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5228 attached => {parent_tid=[5228]}, 88) = 5228 [pid 5228] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] set_robust_list(0x7f0957fd49a0, 24 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5227] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5228] memfd_create("syzkaller", 0 [pid 5227] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] <... memfd_create resumed>) = 3 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 ./strace-static-x86_64: Process 5229 attached [pid 5227] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5229] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5229] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5229] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] memfd_create("syzkaller", 0) = 5 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5228] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5229] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5228] <... write resumed>) = 2097152 [pid 5228] munmap(0x7f094fb93000, 2097152) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5228] ioctl(6, LOOP_SET_FD, 3 [pid 5229] <... write resumed>) = 2097152 [pid 5229] munmap(0x7f0947793000, 2097152 [pid 5228] <... ioctl resumed>) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file2", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5229] <... munmap resumed>) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5229] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5229] ioctl(3, LOOP_CLR_FD) = 0 [pid 5229] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5229] close(3) = 0 [pid 5229] close(5) = 0 [pid 5229] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... mount resumed>) = 0 [pid 5228] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5229] lchown("./file2", 0, 0) = 0 [pid 5228] <... openat resumed>) = 3 [pid 5229] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] chdir("./file2" [pid 5227] <... futex resumed>) = 0 [pid 5228] <... chdir resumed>) = 0 [pid 5228] ioctl(6, LOOP_CLR_FD [pid 5227] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5229] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] <... ioctl resumed>) = 0 [pid 5228] close(6) = 0 [pid 5228] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5228] <... futex resumed>) = ? [pid 5227] <... exit_group resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.153310][ T5228] loop0: detected capacity change from 0 to 4096 [ 72.163358][ T5228] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.218307][ T2835] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 72.225545][ T2835] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x555556a346a0, 24) = 0 [pid 5230] chdir("./64") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5230] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5231 attached [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5230 [pid 5231] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5230] <... clone3 resumed> => {parent_tid=[5231]}, 88) = 5231 [pid 5231] <... rseq resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] set_robust_list(0x7f0957fd49a0, 24 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] <... set_robust_list resumed>) = 0 [pid 5230] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... futex resumed>) = 0 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] <... futex resumed>) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5230] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5231] <... memfd_create resumed>) = 3 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5232 attached ) = 0x7f094fb93000 [pid 5232] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5230] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] <... rseq resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] set_robust_list(0x7f0957fb39a0, 24 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5230] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... futex resumed>) = 0 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5232] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] memfd_create("syzkaller", 0) = 5 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5231] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5231] munmap(0x7f094fb93000, 2097152) = 0 [pid 5232] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5231] ioctl(6, LOOP_SET_FD, 3 [pid 5232] <... write resumed>) = 2097152 [pid 5232] munmap(0x7f0947793000, 2097152 [pid 5231] <... ioctl resumed>) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file2", 0777 [pid 5232] <... munmap resumed>) = 0 [pid 5231] <... mkdir resumed>) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5231] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5232] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5232] ioctl(3, LOOP_CLR_FD) = 0 [pid 5232] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5232] close(3) = 0 [pid 5232] close(5) = 0 [pid 5232] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] lchown("./file2", 0, 0 [pid 5230] <... futex resumed>) = 0 [pid 5232] <... lchown resumed>) = 0 [pid 5230] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5232] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5232] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... mount resumed>) = 0 [pid 5231] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file2") = 0 [pid 5231] ioctl(6, LOOP_CLR_FD) = 0 [ 72.343486][ T5231] loop0: detected capacity change from 0 to 4096 [ 72.355390][ T5231] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5231] close(6) = 0 [pid 5231] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] exit_group(0 [pid 5232] <... futex resumed>) = ? [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x555556a34690) = 5233 [pid 5233] set_robust_list(0x555556a346a0, 24) = 0 [pid 5233] chdir("./65") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5233] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5234]}, 88) = 5234 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5234 attached [pid 5233] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... rseq resumed>) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5234] set_robust_list(0x7f0957fd49a0, 24 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] <... mmap resumed>) = 0x7f0957f93000 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5235 attached [pid 5234] memfd_create("syzkaller", 0 [pid 5233] <... clone3 resumed> => {parent_tid=[5235]}, 88) = 5235 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5234] <... memfd_create resumed>) = 3 [pid 5235] <... rseq resumed>) = 0 [pid 5235] set_robust_list(0x7f0957fb39a0, 24 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5235] <... set_robust_list resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] <... mmap resumed>) = 0x7f094fb93000 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5235] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] memfd_create("syzkaller", 0 [pid 5233] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5235] <... memfd_create resumed>) = 5 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5234] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5235] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5234] <... write resumed>) = 2097153 [pid 5234] munmap(0x7f094fb93000, 2097153) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5234] ioctl(6, LOOP_SET_FD, 3 [pid 5235] <... write resumed>) = 2097152 [pid 5235] munmap(0x7f0947793000, 2097152 [pid 5234] <... ioctl resumed>) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file2", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5235] <... munmap resumed>) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5235] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5235] ioctl(3, LOOP_CLR_FD) = 0 [pid 5235] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5235] close(3) = 0 [pid 5235] close(5) = 0 [pid 5235] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 0 [pid 5235] lchown("./file2", 0, 0) = 0 [pid 5235] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5233] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5235] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5235] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5234] ioctl(6, LOOP_CLR_FD) = 0 [pid 5234] close(6) = 0 [pid 5234] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] exit_group(0) = ? [pid 5234] <... futex resumed>) = ? [pid 5235] <... futex resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x555556a34690) = 5236 [pid 5236] set_robust_list(0x555556a346a0, 24) = 0 [ 72.548601][ T5234] loop0: detected capacity change from 0 to 4096 [ 72.560253][ T5234] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 72.580200][ T5234] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5236] chdir("./66") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5236] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5237 attached => {parent_tid=[5237]}, 88) = 5237 [pid 5237] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] set_robust_list(0x7f0957fd49a0, 24 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] <... set_robust_list resumed>) = 0 [pid 5236] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... futex resumed>) = 0 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5236] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] memfd_create("syzkaller", 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5237] <... memfd_create resumed>) = 3 [pid 5236] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5237] <... mmap resumed>) = 0x7f094fb93000 ./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5236] <... clone3 resumed> => {parent_tid=[5238]}, 88) = 5238 [pid 5238] <... rseq resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] set_robust_list(0x7f0957fb39a0, 24 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5236] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... futex resumed>) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5238] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 1 [pid 5238] memfd_create("syzkaller", 0 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] <... memfd_create resumed>) = 5 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5237] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5238] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5237] <... write resumed>) = 2097152 [pid 5237] munmap(0x7f094fb93000, 2097152) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5237] ioctl(6, LOOP_SET_FD, 3 [pid 5238] <... write resumed>) = 2097152 [pid 5238] munmap(0x7f0947793000, 2097152 [pid 5237] <... ioctl resumed>) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./file2", 0777 [pid 5238] <... munmap resumed>) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5237] <... mkdir resumed>) = 0 [pid 5237] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5238] <... openat resumed>) = 3 [pid 5238] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5238] ioctl(3, LOOP_CLR_FD) = 0 [pid 5238] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5238] close(3) = 0 [pid 5238] close(5) = 0 [pid 5238] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5238] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] lchown("./file2", 0, 0) = 0 [pid 5238] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = 1 [pid 5236] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5238] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5238] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... mount resumed>) = 0 [pid 5237] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file2") = 0 [pid 5237] ioctl(6, LOOP_CLR_FD) = 0 [ 72.695464][ T5237] loop0: detected capacity change from 0 to 4096 [ 72.706983][ T5237] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5237] close(6) = 0 [pid 5237] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5237] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x555556a346a0, 24) = 0 [pid 5239] chdir("./67") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5239 [pid 5239] <... setpgid resumed>) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5239] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5240 attached => {parent_tid=[5240]}, 88) = 5240 [pid 5240] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... rseq resumed>) = 0 [pid 5240] set_robust_list(0x7f0957fd49a0, 24 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... futex resumed>) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] memfd_create("syzkaller", 0 [pid 5239] <... futex resumed>) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5239] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] <... memfd_create resumed>) = 3 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5241]}, 88) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5241] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5239] <... futex resumed>) = 0 [pid 5241] <... open resumed>) = 4 [pid 5239] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5241] memfd_create("syzkaller", 0 [pid 5239] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] <... memfd_create resumed>) = 5 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5240] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5241] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5240] <... write resumed>) = 2097152 [pid 5240] munmap(0x7f094fb93000, 2097152) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5240] ioctl(6, LOOP_SET_FD, 3 [pid 5241] <... write resumed>) = 2097152 [pid 5240] <... ioctl resumed>) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file2", 0777 [pid 5241] munmap(0x7f0947793000, 2097152 [pid 5240] <... mkdir resumed>) = 0 [pid 5240] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5241] <... munmap resumed>) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5241] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5241] ioctl(3, LOOP_CLR_FD) = 0 [pid 5241] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5241] close(3) = 0 [pid 5241] close(5) = 0 [pid 5241] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5241] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] lchown("./file2", 0, 0 [pid 5239] <... futex resumed>) = 0 [pid 5241] <... lchown resumed>) = 0 [pid 5239] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5241] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... mount resumed>) = 0 [pid 5240] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 72.871398][ T5240] loop0: detected capacity change from 0 to 4096 [ 72.880961][ T5240] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5240] chdir("./file2") = 0 [pid 5240] ioctl(6, LOOP_CLR_FD) = 0 [pid 5240] close(6) = 0 [pid 5240] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] exit_group(0) = ? [pid 5241] <... futex resumed>) = ? [pid 5240] <... futex resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached , child_tidptr=0x555556a34690) = 5242 [pid 5242] set_robust_list(0x555556a346a0, 24) = 0 [pid 5242] chdir("./68") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5242] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5243 attached [pid 5243] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5242] <... clone3 resumed> => {parent_tid=[5243]}, 88) = 5243 [pid 5243] <... rseq resumed>) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5243] set_robust_list(0x7f0957fd49a0, 24 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5242] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] <... futex resumed>) = 0 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5242] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5243] memfd_create("syzkaller", 0 [pid 5242] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5243] <... memfd_create resumed>) = 3 [pid 5242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 ./strace-static-x86_64: Process 5244 attached [pid 5244] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5244] set_robust_list(0x7f0957fb39a0, 24 [pid 5242] <... clone3 resumed> => {parent_tid=[5244]}, 88) = 5244 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5242] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... open resumed>) = 4 [pid 5244] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5244] memfd_create("syzkaller", 0 [pid 5242] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] <... memfd_create resumed>) = 5 [pid 5242] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5243] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5244] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5243] <... write resumed>) = 2097152 [pid 5243] munmap(0x7f094fb93000, 2097152) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5244] <... write resumed>) = 2097152 [pid 5244] munmap(0x7f0947793000, 2097152 [pid 5243] <... openat resumed>) = 6 [pid 5243] ioctl(6, LOOP_SET_FD, 3 [pid 5244] <... munmap resumed>) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5244] ioctl(7, LOOP_SET_FD, 5 [pid 5243] <... ioctl resumed>) = 0 [pid 5244] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5244] ioctl(7, LOOP_CLR_FD) = 0 [pid 5243] close(3) = 0 [pid 5243] mkdir("./file2", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5244] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5244] close(7) = 0 [pid 5244] close(5) = 0 [pid 5243] <... mount resumed>) = 0 [pid 5244] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5242] <... futex resumed>) = 0 [pid 5243] <... openat resumed>) = 3 [pid 5242] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] lchown("./file2", 0, 0 [pid 5243] chdir("./file2" [pid 5242] <... futex resumed>) = 0 [pid 5243] <... chdir resumed>) = 0 [pid 5242] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] ioctl(6, LOOP_CLR_FD) = 0 [pid 5243] close(6) = 0 [pid 5243] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.082789][ T5243] loop0: detected capacity change from 0 to 4096 [ 73.093473][ T5243] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5243] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... lchown resumed>) = 0 [pid 5244] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5242] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... futex resumed>) = 1 [pid 5242] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 0 [pid 5243] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5243] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... futex resumed>) = 0 [pid 5242] exit_group(0 [pid 5244] <... futex resumed>) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] <... exit_group resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.127904][ T5244] ntfs3: loop0: ino=0, attr_set_size [ 73.134323][ T5244] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x555556a346a0, 24) = 0 [pid 5245] chdir("./69") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5245 [pid 5245] <... openat resumed>) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5245] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5246 attached => {parent_tid=[5246]}, 88) = 5246 [pid 5246] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] set_robust_list(0x7f0957fd49a0, 24 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] <... set_robust_list resumed>) = 0 [pid 5245] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5246] memfd_create("syzkaller", 0 [pid 5245] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5246] <... memfd_create resumed>) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5245] <... mprotect resumed>) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5247]}, 88) = 5247 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5247 attached ) = 0 [pid 5247] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5245] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5247] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5247] memfd_create("syzkaller", 0) = 5 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5246] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5247] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5246] <... write resumed>) = 2097153 [pid 5246] munmap(0x7f094fb93000, 2097153) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5246] ioctl(6, LOOP_SET_FD, 3 [pid 5247] <... write resumed>) = 2097152 [pid 5247] munmap(0x7f0947793000, 2097152 [pid 5246] <... ioctl resumed>) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file2", 0777 [pid 5247] <... munmap resumed>) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5246] <... mkdir resumed>) = 0 [pid 5247] <... openat resumed>) = 3 [pid 5247] ioctl(3, LOOP_SET_FD, 5 [pid 5246] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5247] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5247] ioctl(3, LOOP_CLR_FD) = 0 [pid 5247] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5247] close(3) = 0 [pid 5247] close(5) = 0 [pid 5247] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5245] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] lchown("./file2", 0, 0 [pid 5246] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5247] <... lchown resumed>) = 0 [pid 5247] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5247] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... futex resumed>) = 0 [pid 5246] ioctl(6, LOOP_CLR_FD) = 0 [pid 5246] close(6) = 0 [pid 5246] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] exit_group(0) = ? [pid 5246] <... futex resumed>) = ? [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x555556a346a0, 24) = 0 [pid 5248] chdir("./70") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5248] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5249 attached [pid 5249] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5248] <... clone3 resumed> => {parent_tid=[5249]}, 88) = 5249 [pid 5249] set_robust_list(0x7f0957fd49a0, 24) = 0 [ 73.260656][ T5246] loop0: detected capacity change from 0 to 4096 [ 73.273072][ T5246] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 73.286949][ T5246] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5249] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5248] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] memfd_create("syzkaller", 0 [pid 5248] <... futex resumed>) = 1 [pid 5249] <... memfd_create resumed>) = 3 [pid 5248] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5248] <... futex resumed>) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5248] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5250 attached => {parent_tid=[5250]}, 88) = 5250 [pid 5250] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... rseq resumed>) = 0 [pid 5250] set_robust_list(0x7f094fbb39a0, 24 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] <... set_robust_list resumed>) = 0 [pid 5248] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... open resumed>) = 4 [pid 5250] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 1 [pid 5250] memfd_create("syzkaller", 0) = 5 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5249] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5250] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5250] munmap(0x7f0947793000, 2097152) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5250] ioctl(6, LOOP_SET_FD, 5 [pid 5249] <... write resumed>) = 2097152 [pid 5249] munmap(0x7f094fbb4000, 2097152 [pid 5250] <... ioctl resumed>) = 0 [pid 5250] close(5) = 0 [pid 5250] mkdir("./file2", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5249] <... munmap resumed>) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5249] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5249] ioctl(5, LOOP_CLR_FD) = 0 [pid 5249] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5249] close(5) = 0 [pid 5249] close(3) = 0 [pid 5249] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] <... mount resumed>) = 0 [pid 5250] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file2") = 0 [pid 5250] ioctl(6, LOOP_CLR_FD) = 0 [pid 5250] close(6) = 0 [pid 5250] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5250] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.415059][ T5250] loop0: detected capacity change from 0 to 4096 [ 73.425962][ T5250] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5249] lchown("./file2", 0, 0) = 0 [pid 5249] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5248] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5249] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5248] exit_group(0 [pid 5249] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5248] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x555556a346a0, 24) = 0 [ 73.475421][ T5249] ntfs3: loop0: ino=0, attr_set_size [ 73.480943][ T5249] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5251] chdir("./71") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5251 [pid 5251] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5251] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5252 attached [pid 5252] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5251] <... clone3 resumed> => {parent_tid=[5252]}, 88) = 5252 [pid 5252] set_robust_list(0x7f0957fd49a0, 24 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... set_robust_list resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] memfd_create("syzkaller", 0 [pid 5251] <... futex resumed>) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5251] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5253 attached [pid 5253] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5252] <... memfd_create resumed>) = 3 [pid 5253] <... rseq resumed>) = 0 [pid 5253] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5251] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... mmap resumed>) = 0x7f094fb93000 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5251] <... futex resumed>) = 1 [pid 5253] <... open resumed>) = 4 [pid 5251] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] memfd_create("syzkaller", 0) = 5 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5252] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5253] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5252] <... write resumed>) = 2097152 [pid 5252] munmap(0x7f094fb93000, 2097152) = 0 [pid 5253] <... write resumed>) = 2097152 [pid 5253] munmap(0x7f0947793000, 2097152 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5252] ioctl(6, LOOP_SET_FD, 3 [pid 5253] <... munmap resumed>) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5253] ioctl(7, LOOP_SET_FD, 5 [pid 5252] <... ioctl resumed>) = 0 [pid 5253] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5252] close(3 [pid 5253] ioctl(7, LOOP_CLR_FD [pid 5252] <... close resumed>) = 0 [pid 5253] <... ioctl resumed>) = 0 [pid 5252] mkdir("./file2", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5253] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5253] close(7) = 0 [pid 5253] close(5) = 0 [pid 5253] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 0 [pid 5253] lchown("./file2", 0, 0) = 0 [pid 5253] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5253] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] <... futex resumed>) = 0 [pid 5253] write(-1, NULL, 0 [pid 5251] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5253] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5253] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... mount resumed>) = 0 [pid 5252] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file2") = 0 [pid 5252] ioctl(6, LOOP_CLR_FD) = 0 [ 73.610720][ T5252] loop0: detected capacity change from 0 to 4096 [ 73.622325][ T5252] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5252] close(6) = 0 [pid 5252] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5253] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5254 ./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x555556a346a0, 24) = 0 [pid 5254] chdir("./72") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5254] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5255 attached [pid 5255] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5255] set_robust_list(0x7f0957fd49a0, 24 [pid 5254] <... clone3 resumed> => {parent_tid=[5255]}, 88) = 5255 [pid 5255] <... set_robust_list resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5254] <... futex resumed>) = 0 [pid 5255] memfd_create("syzkaller", 0 [pid 5254] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5254] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] <... memfd_create resumed>) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5255] <... mmap resumed>) = 0x7f094fb93000 [pid 5254] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5254] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5256] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5256] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5256] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5254] <... futex resumed>) = 0 [pid 5256] memfd_create("syzkaller", 0 [pid 5254] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5256] <... memfd_create resumed>) = 5 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5255] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5256] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5256] munmap(0x7f0947793000, 2097152 [pid 5255] <... write resumed>) = 2097152 [pid 5255] munmap(0x7f094fb93000, 2097152 [pid 5256] <... munmap resumed>) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5256] ioctl(6, LOOP_SET_FD, 5 [pid 5255] <... munmap resumed>) = 0 [pid 5256] <... ioctl resumed>) = 0 [pid 5256] close(5 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5256] <... close resumed>) = 0 [pid 5255] <... openat resumed>) = 7 [pid 5256] mkdir("./file2", 0777 [pid 5255] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5255] ioctl(7, LOOP_CLR_FD) = 0 [pid 5256] <... mkdir resumed>) = 0 [pid 5256] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5255] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5255] close(7) = 0 [pid 5255] close(3) = 0 [pid 5255] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... mount resumed>) = 0 [pid 5256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file2") = 0 [pid 5256] ioctl(6, LOOP_CLR_FD) = 0 [ 73.802649][ T5256] loop0: detected capacity change from 0 to 4096 [ 73.813506][ T5256] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5256] close(6) = 0 [pid 5256] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5255] lchown("./file2", 0, 0 [pid 5254] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... lchown resumed>) = 0 [pid 5255] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5255] write(-1, NULL, 0 [pid 5254] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5254] <... futex resumed>) = 0 [pid 5255] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5254] exit_group(0 [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] <... futex resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] <... exit_group resumed>) = ? [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.875248][ T5255] ntfs3: loop0: ino=0, attr_set_size [ 73.880611][ T5255] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x555556a346a0, 24) = 0 [pid 5257] chdir("./73") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5257] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5258 attached => {parent_tid=[5258]}, 88) = 5258 [pid 5258] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5257] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5258] memfd_create("syzkaller", 0 [pid 5257] <... mprotect resumed>) = 0 [pid 5258] <... memfd_create resumed>) = 3 [pid 5257] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5257] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5258] <... mmap resumed>) = 0x7f094fb93000 [pid 5257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5257] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] <... rseq resumed>) = 0 [pid 5259] set_robust_list(0x7f0957fb39a0, 24 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] <... set_robust_list resumed>) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5259] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5257] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... open resumed>) = 4 [pid 5259] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] <... futex resumed>) = 1 [pid 5259] memfd_create("syzkaller", 0) = 5 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5258] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5259] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5258] <... write resumed>) = 2097152 [pid 5258] munmap(0x7f094fb93000, 2097152 [pid 5259] <... write resumed>) = 2097152 [pid 5259] munmap(0x7f0947793000, 2097152 [pid 5258] <... munmap resumed>) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5258] ioctl(6, LOOP_SET_FD, 3 [pid 5259] <... munmap resumed>) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5259] ioctl(7, LOOP_SET_FD, 5 [pid 5258] <... ioctl resumed>) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./file2", 0777 [pid 5259] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5259] ioctl(7, LOOP_CLR_FD) = 0 [pid 5258] <... mkdir resumed>) = 0 [pid 5258] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5259] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5259] close(7) = 0 [pid 5259] close(5) = 0 [pid 5259] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] lchown("./file2", 0, 0 [pid 5257] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... lchown resumed>) = 0 [pid 5259] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] write(-1, NULL, 0 [pid 5257] <... futex resumed>) = 0 [pid 5259] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5257] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... mount resumed>) = 0 [pid 5258] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file2") = 0 [pid 5258] ioctl(6, LOOP_CLR_FD) = 0 [ 74.010604][ T5258] loop0: detected capacity change from 0 to 4096 [ 74.023258][ T5258] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5258] close(6) = 0 [pid 5258] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] exit_group(0 [pid 5258] <... futex resumed>) = 0 [pid 5257] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5259] <... futex resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5260 attached , child_tidptr=0x555556a34690) = 5260 [pid 5260] set_robust_list(0x555556a346a0, 24) = 0 [pid 5260] chdir("./74") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5260] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5261 attached => {parent_tid=[5261]}, 88) = 5261 [pid 5261] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... rseq resumed>) = 0 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] set_robust_list(0x7f0957fd49a0, 24 [pid 5260] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... futex resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] memfd_create("syzkaller", 0 [pid 5260] <... futex resumed>) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5260] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5261] <... memfd_create resumed>) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5260] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5261] <... mmap resumed>) = 0x7f094fb93000 [pid 5260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5262] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5260] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... open resumed>) = 4 [pid 5262] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] <... futex resumed>) = 1 [pid 5262] memfd_create("syzkaller", 0) = 5 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5261] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5262] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5261] <... write resumed>) = 2097153 [pid 5261] munmap(0x7f094fb93000, 2097153) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5261] ioctl(6, LOOP_SET_FD, 3 [pid 5262] <... write resumed>) = 2097152 [pid 5262] munmap(0x7f0947793000, 2097152 [pid 5261] <... ioctl resumed>) = 0 [pid 5261] close(3) = 0 [pid 5261] mkdir("./file2", 0777 [pid 5262] <... munmap resumed>) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5261] <... mkdir resumed>) = 0 [pid 5261] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5262] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5262] ioctl(3, LOOP_CLR_FD) = 0 [pid 5262] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5262] close(3) = 0 [pid 5262] close(5) = 0 [pid 5262] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5262] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [ 74.219680][ T5261] loop0: detected capacity change from 0 to 4096 [ 74.231970][ T5261] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5260] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] lchown("./file2", 0, 0) = 0 [pid 5261] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5262] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] ioctl(6, LOOP_CLR_FD [pid 5262] <... futex resumed>) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5262] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] <... futex resumed>) = 0 [pid 5262] write(-1, NULL, 0 [pid 5260] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5262] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [ 74.264785][ T5261] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5262] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... ioctl resumed>) = 0 [pid 5261] close(6) = 0 [pid 5261] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5262] <... futex resumed>) = ? [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555556a346a0, 24) = 0 [pid 5263] chdir("./75") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5263] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5263] <... clone3 resumed> => {parent_tid=[5264]}, 88) = 5264 [pid 5264] <... rseq resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] set_robust_list(0x7f0957fd49a0, 24 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] <... set_robust_list resumed>) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] <... futex resumed>) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5263] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... mmap resumed>) = 0x7f094fbb4000 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5263] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0} => {parent_tid=[5265]}, 88) = 5265 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5265 attached [pid 5265] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] <... rseq resumed>) = 0 [pid 5265] set_robust_list(0x7f094fbb39a0, 24 [pid 5263] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... set_robust_list resumed>) = 0 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] <... futex resumed>) = 0 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5263] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... open resumed>) = 4 [pid 5264] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5265] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5263] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] memfd_create("syzkaller", 0 [pid 5263] <... futex resumed>) = 0 [pid 5265] <... memfd_create resumed>) = 5 [pid 5263] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5264] <... write resumed>) = 2097152 [pid 5265] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5264] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5264] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file2", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5265] <... write resumed>) = 2097152 [pid 5265] munmap(0x7f0947793000, 2097152) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5265] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5265] ioctl(3, LOOP_CLR_FD) = 0 [pid 5265] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5265] close(3) = 0 [pid 5265] close(5) = 0 [pid 5265] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5265] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5265] lchown("./file2", 0, 0 [pid 5263] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... lchown resumed>) = 0 [pid 5265] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] write(-1, NULL, 0 [pid 5263] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5265] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [ 74.462590][ T5264] loop0: detected capacity change from 0 to 4096 [ 74.473608][ T5264] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5265] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... mount resumed>) = 0 [pid 5264] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file2") = 0 [pid 5264] ioctl(6, LOOP_CLR_FD) = 0 [pid 5264] close(6) = 0 [pid 5264] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5263] <... exit_group resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x555556a346a0, 24) = 0 [pid 5266] chdir("./76") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5266] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5267]}, 88) = 5267 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5267 attached [pid 5266] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] set_robust_list(0x7f0957fd49a0, 24 [pid 5266] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] <... mmap resumed>) = 0x7f0957f93000 [pid 5266] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] memfd_create("syzkaller", 0 [pid 5266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5268] set_robust_list(0x7f0957fb39a0, 24 [pid 5267] <... memfd_create resumed>) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5266] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5267] <... mmap resumed>) = 0x7f094fb93000 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5266] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5268] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5266] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] memfd_create("syzkaller", 0) = 5 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5268] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5267] <... write resumed>) = 2097153 [pid 5267] munmap(0x7f094fb93000, 2097153) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 74.618899][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 74.618918][ T27] audit: type=1800 audit(1695716761.092:78): pid=5268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5267] ioctl(6, LOOP_SET_FD, 3 [pid 5268] <... write resumed>) = 2097152 [pid 5268] munmap(0x7f0947793000, 2097152 [pid 5267] <... ioctl resumed>) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file2", 0777 [pid 5268] <... munmap resumed>) = 0 [pid 5267] <... mkdir resumed>) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5268] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5268] ioctl(3, LOOP_CLR_FD [pid 5267] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5268] <... ioctl resumed>) = 0 [pid 5268] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5268] close(3) = 0 [pid 5268] close(5) = 0 [pid 5267] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5267] ioctl(6, LOOP_CLR_FD) = 0 [pid 5268] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... futex resumed>) = 0 [pid 5268] lchown("./file2", 0, 0 [pid 5266] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... lchown resumed>) = 0 [pid 5268] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] close(6 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... close resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5268] write(-1, NULL, 0 [pid 5267] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5266] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5266] exit_group(0 [pid 5268] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] <... exit_group resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 74.690253][ T5267] loop0: detected capacity change from 0 to 4096 [ 74.703794][ T5267] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 74.727417][ T5267] ntfs3: loop0: failed to replay log file. Can't mount rw! rmdir("./76/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x555556a34690) = 5269 [pid 5269] set_robust_list(0x555556a346a0, 24) = 0 [pid 5269] chdir("./77") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5269] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5270 attached [pid 5270] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5270] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... clone3 resumed> => {parent_tid=[5270]}, 88) = 5270 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5270] memfd_create("syzkaller", 0 [pid 5269] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... memfd_create resumed>) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5269] <... futex resumed>) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5269] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5271 attached [pid 5271] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5269] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] <... rseq resumed>) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5270] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5271] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... write resumed>) = 2097153 [pid 5271] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] munmap(0x7f094fbb4000, 2097153 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] <... futex resumed>) = 0 [pid 5271] memfd_create("syzkaller", 0 [pid 5269] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5271] <... memfd_create resumed>) = 5 [pid 5270] <... munmap resumed>) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5270] ioctl(6, LOOP_SET_FD, 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5270] <... ioctl resumed>) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file2", 0777) = 0 [ 74.819580][ T27] audit: type=1800 audit(1695716761.292:79): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 74.859321][ T5270] loop0: detected capacity change from 0 to 4096 [pid 5270] mount("/dev/loop0", "./file2", "ntfs3", 0, "") = -1 EINVAL (Invalid argument) [pid 5271] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5270] ioctl(6, LOOP_CLR_FD [pid 5271] <... write resumed>) = 2097152 [pid 5271] munmap(0x7f0947793000, 2097152) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5271] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5271] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5271] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5271] close(3) = 0 [ 74.872206][ T5270] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 74.887519][ T5270] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5271] close(5) = 0 [pid 5271] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] lchown("./file2", 0, 0) = 0 [pid 5271] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5271] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5270] <... ioctl resumed>) = 0 [pid 5270] close(6) = 0 [pid 5270] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] exit_group(0) = ? [pid 5271] <... futex resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 74.943005][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555556a346a0, 24) = 0 [pid 5272] chdir("./78") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5272] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5273 attached => {parent_tid=[5273]}, 88) = 5273 [pid 5273] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5273] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5273] memfd_create("syzkaller", 0 [pid 5272] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... memfd_create resumed>) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5272] <... futex resumed>) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5272] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5272] <... clone3 resumed> => {parent_tid=[5274]}, 88) = 5274 [pid 5274] <... rseq resumed>) = 0 [pid 5274] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5274] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5272] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... write resumed>) = 2097152 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5273] munmap(0x7f094fbb4000, 2097152 [pid 5274] memfd_create("syzkaller", 0) = 5 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5273] <... munmap resumed>) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5273] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file2", 0777) = 0 [ 75.049425][ T27] audit: type=1800 audit(1695716761.522:80): pid=5274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 75.076048][ T5273] loop0: detected capacity change from 0 to 4096 [ 75.090819][ T5273] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5273] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5274] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5273] <... mount resumed>) = 0 [pid 5273] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file2") = 0 [pid 5273] ioctl(6, LOOP_CLR_FD) = 0 [pid 5273] close(6) = 0 [pid 5273] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... write resumed>) = 2097152 [pid 5274] munmap(0x7f0947793000, 2097152) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5274] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5274] ioctl(6, LOOP_CLR_FD) = 0 [pid 5274] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5274] close(6) = 0 [pid 5274] close(5) = 0 [pid 5274] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] lchown("./file2", 0, 0) = 0 [pid 5273] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 0 [pid 5273] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5273] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] exit_group(0 [pid 5274] <... futex resumed>) = ? [pid 5273] <... futex resumed>) = ? [pid 5272] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 75.181592][ T5273] ntfs3: loop0: ino=0, attr_set_size [ 75.187789][ T5273] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556a346a0, 24) = 0 [pid 5275] chdir("./79" [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5275 [pid 5275] <... chdir resumed>) = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5275] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5276] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... rseq resumed>) = 0 [pid 5276] set_robust_list(0x7f0957fd49a0, 24 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5275] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5276] memfd_create("syzkaller", 0 [pid 5275] <... mmap resumed>) = 0x7f0957f93000 [pid 5275] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5276] <... memfd_create resumed>) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5275] <... mprotect resumed>) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5276] <... mmap resumed>) = 0x7f094fb93000 [pid 5275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5277 attached => {parent_tid=[5277]}, 88) = 5277 [pid 5277] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... rseq resumed>) = 0 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] set_robust_list(0x7f0957fb39a0, 24 [pid 5275] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5277] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] memfd_create("syzkaller", 0) = 5 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5277] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5277] <... write resumed>) = 2097152 [pid 5277] munmap(0x7f0947793000, 2097152) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 75.291740][ T27] audit: type=1800 audit(1695716761.762:81): pid=5277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5277] ioctl(6, LOOP_SET_FD, 5 [pid 5276] <... write resumed>) = 2097152 [pid 5276] munmap(0x7f094fb93000, 2097152 [pid 5277] <... ioctl resumed>) = 0 [pid 5277] close(5) = 0 [pid 5277] mkdir("./file2", 0777 [pid 5276] <... munmap resumed>) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5276] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5276] ioctl(5, LOOP_CLR_FD) = 0 [pid 5277] <... mkdir resumed>) = 0 [pid 5277] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5276] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5276] close(5) = 0 [pid 5276] close(3) = 0 [pid 5276] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... mount resumed>) = 0 [pid 5277] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./file2") = 0 [pid 5277] ioctl(6, LOOP_CLR_FD) = 0 [ 75.352207][ T5277] loop0: detected capacity change from 0 to 4096 [ 75.367533][ T5277] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5277] close(6) = 0 [pid 5277] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5276] lchown("./file2", 0, 0 [pid 5275] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... lchown resumed>) = 0 [pid 5276] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5276] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0) = ? [pid 5277] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] <... futex resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.427669][ T5276] ntfs3: loop0: ino=0, attr_set_size [ 75.433633][ T5276] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555556a34690) = 5278 [pid 5278] set_robust_list(0x555556a346a0, 24) = 0 [pid 5278] chdir("./80") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5278] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5279 attached [pid 5279] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5279] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5279] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... clone3 resumed> => {parent_tid=[5279]}, 88) = 5279 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5278] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5279] memfd_create("syzkaller", 0 [pid 5278] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] <... memfd_create resumed>) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5278] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5280 attached [pid 5280] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5278] <... clone3 resumed> => {parent_tid=[5280]}, 88) = 5280 [pid 5280] set_robust_list(0x7f094fbb39a0, 24 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] <... set_robust_list resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5278] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... open resumed>) = 4 [pid 5278] <... futex resumed>) = 0 [pid 5279] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5278] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] memfd_create("syzkaller", 0) = 5 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5280] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5279] <... write resumed>) = 2097152 [pid 5279] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 75.528249][ T27] audit: type=1800 audit(1695716762.002:82): pid=5280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5279] ioctl(6, LOOP_SET_FD, 3 [pid 5280] <... write resumed>) = 2097152 [pid 5280] munmap(0x7f0947793000, 2097152 [pid 5279] <... ioctl resumed>) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file2", 0777 [pid 5280] <... munmap resumed>) = 0 [pid 5279] <... mkdir resumed>) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5279] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5280] <... openat resumed>) = 3 [pid 5280] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5280] ioctl(3, LOOP_CLR_FD) = 0 [pid 5280] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5280] close(3) = 0 [pid 5280] close(5) = 0 [pid 5280] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] lchown("./file2", 0, 0) = 0 [pid 5280] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5280] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [ 75.583286][ T5279] loop0: detected capacity change from 0 to 4096 [ 75.596881][ T5279] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5280] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... mount resumed>) = 0 [pid 5279] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file2") = 0 [pid 5279] ioctl(6, LOOP_CLR_FD) = 0 [pid 5279] close(6) = 0 [pid 5279] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] exit_group(0 [pid 5280] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x555556a34690) = 5281 [pid 5281] set_robust_list(0x555556a346a0, 24) = 0 [pid 5281] chdir("./81") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5281] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5281] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5282] set_robust_list(0x7f0957fd49a0, 24 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5281] <... futex resumed>) = 0 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5282] <... mmap resumed>) = 0x7f094fb93000 [pid 5281] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5283]}, 88) = 5283 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5283 attached [pid 5283] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5281] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] <... rseq resumed>) = 0 [pid 5281] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5282] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5283] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5283] memfd_create("syzkaller", 0 [pid 5281] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5283] <... memfd_create resumed>) = 5 [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5282] <... write resumed>) = 2097153 [pid 5282] munmap(0x7f094fb93000, 2097153) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 75.743531][ T27] audit: type=1800 audit(1695716762.222:83): pid=5283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5282] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file2", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5283] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5282] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5282] ioctl(6, LOOP_CLR_FD [pid 5283] <... write resumed>) = 2097152 [pid 5283] munmap(0x7f0947793000, 2097152) = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5283] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5283] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5283] close(3) = 0 [pid 5283] close(5) = 0 [pid 5283] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] lchown("./file2", 0, 0 [pid 5281] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... lchown resumed>) = 0 [pid 5283] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] write(-1, NULL, 0 [pid 5281] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 75.784365][ T5282] loop0: detected capacity change from 0 to 4096 [ 75.794111][ T5282] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 75.814181][ T5282] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5283] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... ioctl resumed>) = 0 [pid 5282] close(6) = 0 [pid 5282] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] exit_group(0) = ? [pid 5283] <... futex resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] <... futex resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x555556a34690) = 5284 [pid 5284] set_robust_list(0x555556a346a0, 24) = 0 [pid 5284] chdir("./82") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5284] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5285 attached [pid 5285] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [ 75.881442][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5285] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5285] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5285] memfd_create("syzkaller", 0 [pid 5284] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5285] <... memfd_create resumed>) = 3 [pid 5284] <... mmap resumed>) = 0x7f0957f93000 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5284] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5286 attached [pid 5286] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5284] <... clone3 resumed> => {parent_tid=[5286]}, 88) = 5286 [pid 5286] <... rseq resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] set_robust_list(0x7f0957fb39a0, 24 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] <... set_robust_list resumed>) = 0 [pid 5284] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... futex resumed>) = 0 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5286] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5286] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5286] memfd_create("syzkaller", 0 [pid 5284] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5286] <... memfd_create resumed>) = 5 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5286] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5285] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5285] munmap(0x7f094fb93000, 2097152) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 75.960155][ T27] audit: type=1800 audit(1695716762.432:84): pid=5286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5285] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] mkdir("./file2", 0777) = 0 [pid 5285] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5286] <... write resumed>) = 2097152 [pid 5286] munmap(0x7f0947793000, 2097152) = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5286] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5286] ioctl(3, LOOP_CLR_FD) = 0 [pid 5286] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5286] close(3) = 0 [pid 5286] close(5) = 0 [pid 5285] <... mount resumed>) = 0 [pid 5285] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5286] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5286] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] lchown("./file2", 0, 0 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... lchown resumed>) = 0 [pid 5286] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5285] <... openat resumed>) = 3 [pid 5285] chdir("./file2" [pid 5286] write(-1, NULL, 0 [pid 5285] <... chdir resumed>) = 0 [pid 5284] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... futex resumed>) = 0 [pid 5286] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] ioctl(6, LOOP_CLR_FD [pid 5284] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 76.013945][ T5285] loop0: detected capacity change from 0 to 4096 [ 76.027785][ T5285] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5286] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5285] <... ioctl resumed>) = 0 [pid 5285] close(6) = 0 [pid 5285] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] exit_group(0 [pid 5285] ???( [pid 5286] <... futex resumed>) = ? [pid 5285] <... ??? resumed>) = ? [pid 5284] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x555556a34690) = 5287 [pid 5287] set_robust_list(0x555556a346a0, 24) = 0 [pid 5287] chdir("./83") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5287] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5288 attached [pid 5288] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5287] <... clone3 resumed> => {parent_tid=[5288]}, 88) = 5288 [pid 5288] <... rseq resumed>) = 0 [pid 5288] set_robust_list(0x7f0957fd49a0, 24 [ 76.097561][ T2835] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 76.105135][ T2835] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] <... set_robust_list resumed>) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5287] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5287] <... mprotect resumed>) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] <... mmap resumed>) = 0x7f094fb93000 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5289]}, 88) = 5289 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5289 attached [pid 5289] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5289] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5289] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5289] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] <... futex resumed>) = 0 [pid 5289] memfd_create("syzkaller", 0 [pid 5287] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5289] <... memfd_create resumed>) = 5 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5289] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5288] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5289] <... write resumed>) = 2097152 [pid 5289] munmap(0x7f0947793000, 2097152 [pid 5288] <... write resumed>) = 2097152 [ 76.188432][ T27] audit: type=1800 audit(1695716762.662:85): pid=5289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5288] munmap(0x7f094fb93000, 2097152 [pid 5289] <... munmap resumed>) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5289] ioctl(6, LOOP_SET_FD, 5 [pid 5288] <... munmap resumed>) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5288] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5288] ioctl(7, LOOP_CLR_FD) = 0 [pid 5289] <... ioctl resumed>) = 0 [pid 5289] close(5) = 0 [pid 5289] mkdir("./file2", 0777 [pid 5288] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5288] close(7) = 0 [pid 5288] close(3 [pid 5289] <... mkdir resumed>) = 0 [pid 5289] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5288] <... close resumed>) = 0 [pid 5288] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.255683][ T5289] loop0: detected capacity change from 0 to 4096 [ 76.285460][ T5289] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5288] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... mount resumed>) = 0 [pid 5289] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./file2") = 0 [pid 5289] ioctl(6, LOOP_CLR_FD) = 0 [pid 5289] close(6) = 0 [pid 5289] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5289] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] lchown("./file2", 0, 0 [pid 5287] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... lchown resumed>) = 0 [pid 5288] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5288] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] exit_group(0) = ? [pid 5289] <... futex resumed>) = ? [pid 5289] +++ exited with 0 +++ [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 [ 76.364955][ T5288] ntfs3: loop0: ino=0, attr_set_size [ 76.370320][ T5288] ntfs3: loop0: Mark volume as dirty due to NTFS errors getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5291 attached , child_tidptr=0x555556a34690) = 5291 [pid 5291] set_robust_list(0x555556a346a0, 24) = 0 [pid 5291] chdir("./84") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5291] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5291] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5292]}, 88) = 5292 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5291] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5292 attached ) = 0x7f0957f93000 [pid 5292] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5291] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5292] set_robust_list(0x7f0957fd49a0, 24 [pid 5291] <... mprotect resumed>) = 0 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5293 attached [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5292] memfd_create("syzkaller", 0 [pid 5291] <... clone3 resumed> => {parent_tid=[5293]}, 88) = 5293 [pid 5293] set_robust_list(0x7f0957fb39a0, 24 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... set_robust_list resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5291] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... memfd_create resumed>) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] <... mmap resumed>) = 0x7f094fb93000 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5293] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5293] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5291] <... futex resumed>) = 1 [pid 5293] memfd_create("syzkaller", 0 [pid 5291] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] <... memfd_create resumed>) = 5 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [ 76.482267][ T27] audit: type=1800 audit(1695716762.952:86): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5292] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5293] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5292] <... write resumed>) = 2097153 [pid 5292] munmap(0x7f094fb93000, 2097153 [pid 5293] <... write resumed>) = 2097152 [pid 5292] <... munmap resumed>) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5293] munmap(0x7f0947793000, 2097152 [pid 5292] <... openat resumed>) = 6 [pid 5293] <... munmap resumed>) = 0 [pid 5292] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5293] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5293] ioctl(7, LOOP_CLR_FD) = 0 [pid 5292] close(3) = 0 [pid 5293] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5293] close(7) = 0 [pid 5292] mkdir("./file2", 0777 [pid 5293] close(5 [pid 5292] <... mkdir resumed>) = 0 [pid 5292] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5293] <... close resumed>) = 0 [pid 5293] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5293] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5291] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] lchown("./file2", 0, 0 [pid 5292] ioctl(6, LOOP_CLR_FD [pid 5293] <... lchown resumed>) = 0 [pid 5292] <... ioctl resumed>) = 0 [pid 5293] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5293] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] close(6 [pid 5291] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] <... futex resumed>) = 0 [pid 5293] write(-1, NULL, 0 [pid 5291] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5292] <... close resumed>) = 0 [pid 5293] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5291] exit_group(0 [pid 5292] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... exit_group resumed>) = ? [pid 5292] <... futex resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 [ 76.605458][ T5292] loop0: detected capacity change from 0 to 4096 [ 76.620783][ T5292] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 76.638465][ T5292] ntfs3: loop0: failed to replay log file. Can't mount rw! close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached , child_tidptr=0x555556a34690) = 5294 [pid 5294] set_robust_list(0x555556a346a0, 24) = 0 [pid 5294] chdir("./85") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5294] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5295 attached => {parent_tid=[5295]}, 88) = 5295 [pid 5295] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5295] memfd_create("syzkaller", 0 [pid 5294] <... mmap resumed>) = 0x7f0957f93000 [pid 5294] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5295] <... memfd_create resumed>) = 3 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5294] <... mprotect resumed>) = 0 [pid 5295] <... mmap resumed>) = 0x7f094fb93000 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5296 attached => {parent_tid=[5296]}, 88) = 5296 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5296] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5296] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5296] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5296] memfd_create("syzkaller", 0) = 5 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5295] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5296] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5295] <... write resumed>) = 2097152 [pid 5295] munmap(0x7f094fb93000, 2097152 [pid 5296] <... write resumed>) = 2097152 [pid 5296] munmap(0x7f0947793000, 2097152 [pid 5295] <... munmap resumed>) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 76.731469][ T27] audit: type=1800 audit(1695716763.202:87): pid=5296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5295] ioctl(6, LOOP_SET_FD, 3 [pid 5296] <... munmap resumed>) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5296] ioctl(7, LOOP_SET_FD, 5 [pid 5295] <... ioctl resumed>) = 0 [pid 5295] close(3) = 0 [pid 5296] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5295] mkdir("./file2", 0777 [pid 5296] ioctl(7, LOOP_CLR_FD) = 0 [pid 5295] <... mkdir resumed>) = 0 [pid 5295] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5296] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5296] close(7) = 0 [pid 5296] close(5) = 0 [pid 5296] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] lchown("./file2", 0, 0) = 0 [pid 5296] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5296] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... mount resumed>) = 0 [pid 5295] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5295] chdir("./file2") = 0 [pid 5295] ioctl(6, LOOP_CLR_FD) = 0 [pid 5295] close(6) = 0 [pid 5295] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] exit_group(0) = ? [pid 5296] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 [ 76.792600][ T5295] loop0: detected capacity change from 0 to 4096 [ 76.813082][ T5295] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x555556a34690) = 5297 [pid 5297] set_robust_list(0x555556a346a0, 24) = 0 [pid 5297] chdir("./86") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5297] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5298 attached [pid 5298] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5297] <... clone3 resumed> => {parent_tid=[5298]}, 88) = 5298 [pid 5298] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5297] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] memfd_create("syzkaller", 0 [pid 5297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5298] <... memfd_create resumed>) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5299 attached ) = 0x7f094fb93000 [pid 5297] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] <... futex resumed>) = 0 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5297] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... open resumed>) = 4 [pid 5299] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5299] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5299] memfd_create("syzkaller", 0 [pid 5297] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] <... memfd_create resumed>) = 5 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5298] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5299] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5298] <... write resumed>) = 2097153 [pid 5298] munmap(0x7f094fb93000, 2097153) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5298] ioctl(6, LOOP_SET_FD, 3 [pid 5299] <... write resumed>) = 2097152 [pid 5299] munmap(0x7f0947793000, 2097152 [pid 5298] <... ioctl resumed>) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file2", 0777) = 0 [pid 5298] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5299] <... munmap resumed>) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5299] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5299] ioctl(3, LOOP_CLR_FD) = 0 [pid 5299] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5299] close(3) = 0 [pid 5299] close(5) = 0 [pid 5299] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5299] lchown("./file2", 0, 0 [pid 5297] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] <... lchown resumed>) = 0 [pid 5297] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5297] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] write(-1, NULL, 0 [pid 5297] <... futex resumed>) = 0 [pid 5299] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5297] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5298] ioctl(6, LOOP_CLR_FD) = 0 [pid 5298] close(6) = 0 [pid 5298] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] exit_group(0 [pid 5298] <... futex resumed>) = ? [pid 5299] <... futex resumed>) = ? [pid 5297] <... exit_group resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 77.006085][ T5298] loop0: detected capacity change from 0 to 4096 [ 77.019030][ T5298] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 77.046180][ T5298] ntfs3: loop0: failed to replay log file. Can't mount rw! umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5300 attached , child_tidptr=0x555556a34690) = 5300 [pid 5300] set_robust_list(0x555556a346a0, 24) = 0 [pid 5300] chdir("./87") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5300] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5300] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5301]}, 88) = 5301 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5301 attached [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5301] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5301] set_robust_list(0x7f0957fd49a0, 24 [pid 5300] <... mmap resumed>) = 0x7f0957f93000 [pid 5301] <... set_robust_list resumed>) = 0 [pid 5300] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5300] <... clone3 resumed> => {parent_tid=[5302]}, 88) = 5302 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... rseq resumed>) = 0 [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] set_robust_list(0x7f0957fb39a0, 24 [pid 5300] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] memfd_create("syzkaller", 0 [pid 5302] <... set_robust_list resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5302] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... memfd_create resumed>) = 4 [pid 5301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5302] <... futex resumed>) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] <... futex resumed>) = 0 [pid 5302] memfd_create("syzkaller", 0 [pid 5300] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5301] <... mmap resumed>) = 0x7f094fb93000 [pid 5302] <... memfd_create resumed>) = 5 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5302] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5301] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5302] <... write resumed>) = 2097152 [pid 5302] munmap(0x7f0947793000, 2097152) = 0 [pid 5301] <... write resumed>) = 2097152 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5301] munmap(0x7f094fb93000, 2097152 [pid 5302] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5302] close(5) = 0 [pid 5302] mkdir("./file2", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5301] <... munmap resumed>) = 0 [pid 5301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5301] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5301] ioctl(5, LOOP_CLR_FD) = 0 [pid 5301] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5301] close(5) = 0 [pid 5301] close(4 [pid 5302] <... mount resumed>) = 0 [pid 5302] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5301] <... close resumed>) = 0 [pid 5301] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... openat resumed>) = 4 [pid 5301] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] chdir("./file2") = 0 [pid 5302] ioctl(6, LOOP_CLR_FD) = 0 [pid 5302] close(6) = 0 [pid 5302] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5301] lchown("./file2", 0, 0 [ 77.183073][ T5302] loop0: detected capacity change from 0 to 4096 [ 77.193692][ T5302] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5300] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... lchown resumed>) = 0 [pid 5301] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5301] write(-1, NULL, 0 [pid 5300] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5300] <... futex resumed>) = 0 [pid 5301] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5301] <... futex resumed>) = ? [pid 5300] <... exit_group resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 77.239749][ T5301] ntfs3: loop0: ino=0, attr_set_size [ 77.245907][ T5301] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5303 ./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x555556a346a0, 24) = 0 [pid 5303] chdir("./88") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5303] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5304 attached => {parent_tid=[5304]}, 88) = 5304 [pid 5304] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... rseq resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] set_robust_list(0x7f0957fd49a0, 24 [pid 5303] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... set_robust_list resumed>) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5304] memfd_create("syzkaller", 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5303] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5305 attached => {parent_tid=[5305]}, 88) = 5305 [pid 5304] <... memfd_create resumed>) = 3 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5303] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] <... mmap resumed>) = 0x7f094fb93000 [pid 5303] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5305] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5305] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5303] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] memfd_create("syzkaller", 0) = 5 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5304] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5305] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5304] <... write resumed>) = 2097152 [pid 5304] munmap(0x7f094fb93000, 2097152) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5304] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] mkdir("./file2", 0777 [pid 5305] <... write resumed>) = 2097152 [pid 5305] munmap(0x7f0947793000, 2097152 [pid 5304] <... mkdir resumed>) = 0 [pid 5304] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5305] <... munmap resumed>) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5305] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5305] ioctl(3, LOOP_CLR_FD) = 0 [pid 5305] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5305] close(3) = 0 [pid 5305] close(5 [pid 5304] <... mount resumed>) = 0 [pid 5304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file2") = 0 [ 77.374043][ T5304] loop0: detected capacity change from 0 to 4096 [ 77.384650][ T5304] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5305] <... close resumed>) = 0 [pid 5304] ioctl(6, LOOP_CLR_FD [pid 5305] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... ioctl resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] close(6 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... close resumed>) = 0 [pid 5303] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5303] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] lchown("./file2", 0, 0) = 0 [pid 5305] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5303] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5304] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5303] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5303] exit_group(0 [pid 5304] ???( [pid 5305] <... futex resumed>) = ? [pid 5304] <... ??? resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5305] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5306 attached , child_tidptr=0x555556a34690) = 5306 [pid 5306] set_robust_list(0x555556a346a0, 24) = 0 [pid 5306] chdir("./89") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 77.441409][ T5305] ntfs3: loop0: ino=0, attr_set_size [ 77.448111][ T5305] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5306] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5307 attached [pid 5307] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5306] <... clone3 resumed> => {parent_tid=[5307]}, 88) = 5307 [pid 5307] <... rseq resumed>) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] set_robust_list(0x7f0957fd49a0, 24 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5307] <... set_robust_list resumed>) = 0 [pid 5306] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] <... futex resumed>) = 0 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] memfd_create("syzkaller", 0 [pid 5306] <... futex resumed>) = 0 [pid 5306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5306] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] <... memfd_create resumed>) = 3 [pid 5307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5307] <... mmap resumed>) = 0x7f094fb93000 [pid 5306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5308]}, 88) = 5308 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5308 attached [pid 5308] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5308] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5307] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5308] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5306] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] memfd_create("syzkaller", 0) = 5 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5307] <... write resumed>) = 2097152 [pid 5307] munmap(0x7f094fb93000, 2097152) = 0 [pid 5307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5307] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5307] close(3) = 0 [pid 5307] mkdir("./file2", 0777 [pid 5308] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5307] <... mkdir resumed>) = 0 [pid 5307] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5308] <... write resumed>) = 2097152 [pid 5308] munmap(0x7f0947793000, 2097152) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5308] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5308] ioctl(3, LOOP_CLR_FD) = 0 [pid 5307] <... mount resumed>) = 0 [pid 5307] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 7 [pid 5307] chdir("./file2") = 0 [pid 5307] ioctl(6, LOOP_CLR_FD) = 0 [pid 5307] close(6) = 0 [pid 5307] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5308] close(3) = 0 [ 77.561001][ T5307] loop0: detected capacity change from 0 to 4096 [ 77.575420][ T5307] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5308] close(5) = 0 [pid 5308] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5308] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5307] lchown("./file2", 0, 0 [pid 5306] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... lchown resumed>) = 0 [pid 5307] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5306] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5307] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5306] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5306] <... exit_group resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached , child_tidptr=0x555556a34690) = 5309 [pid 5309] set_robust_list(0x555556a346a0, 24) = 0 [pid 5309] chdir("./90") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 77.643659][ T5307] ntfs3: loop0: ino=0, attr_set_size [ 77.649037][ T5307] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5309] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5310 attached => {parent_tid=[5310]}, 88) = 5310 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], [pid 5310] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5310] <... rseq resumed>) = 0 [pid 5309] <... mmap resumed>) = 0x7f0957f93000 [pid 5309] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5310] set_robust_list(0x7f0957fd49a0, 24 [pid 5309] <... mprotect resumed>) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5310] <... set_robust_list resumed>) = 0 [pid 5309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5311 attached [pid 5310] rt_sigprocmask(SIG_SETMASK, [], [pid 5309] <... clone3 resumed> => {parent_tid=[5311]}, 88) = 5311 [pid 5311] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] <... rseq resumed>) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5310] memfd_create("syzkaller", 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] <... memfd_create resumed>) = 3 [pid 5311] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5311] <... open resumed>) = 4 [pid 5310] <... mmap resumed>) = 0x7f094fb93000 [pid 5311] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5311] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] memfd_create("syzkaller", 0 [pid 5309] <... futex resumed>) = 0 [pid 5311] <... memfd_create resumed>) = 5 [pid 5309] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5310] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5311] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5310] <... write resumed>) = 2097153 [pid 5310] munmap(0x7f094fb93000, 2097153 [pid 5311] <... write resumed>) = 2097152 [pid 5310] <... munmap resumed>) = 0 [pid 5311] munmap(0x7f0947793000, 2097152 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5310] ioctl(6, LOOP_SET_FD, 3 [pid 5311] <... munmap resumed>) = 0 [pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5310] <... ioctl resumed>) = 0 [pid 5310] close(3 [pid 5311] <... openat resumed>) = 7 [pid 5311] ioctl(7, LOOP_SET_FD, 5 [pid 5310] <... close resumed>) = 0 [pid 5310] mkdir("./file2", 0777 [pid 5311] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5311] ioctl(7, LOOP_CLR_FD [pid 5310] <... mkdir resumed>) = 0 [pid 5311] <... ioctl resumed>) = 0 [pid 5310] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5311] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5311] close(7) = 0 [pid 5311] close(5) = 0 [pid 5311] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5311] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5311] lchown("./file2", 0, 0 [pid 5309] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... lchown resumed>) = 0 [pid 5311] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5311] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] write(-1, NULL, 0 [pid 5309] <... futex resumed>) = 0 [pid 5311] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5309] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [ 77.781313][ T5310] loop0: detected capacity change from 0 to 4096 [ 77.793414][ T5310] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5311] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5310] ioctl(6, LOOP_CLR_FD) = 0 [pid 5310] close(6) = 0 [pid 5310] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] exit_group(0 [pid 5310] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5309] <... exit_group resumed>) = ? [pid 5311] <... futex resumed>) = ? [pid 5311] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x555556a34690) = 5312 [pid 5312] set_robust_list(0x555556a346a0, 24) = 0 [pid 5312] chdir("./91") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [ 77.824512][ T5310] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5312] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5313]}, 88) = 5313 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5313 attached ) = 0 [pid 5312] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5312] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5313] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 5314 attached ) = 0 [pid 5314] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5313] set_robust_list(0x7f0957fd49a0, 24 [pid 5312] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] <... rseq resumed>) = 0 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5314] set_robust_list(0x7f0957fb39a0, 24 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] memfd_create("syzkaller", 0 [pid 5314] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5313] <... memfd_create resumed>) = 4 [pid 5314] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5314] <... futex resumed>) = 1 [pid 5314] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... mmap resumed>) = 0x7f094fb93000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5314] memfd_create("syzkaller", 0 [pid 5312] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] <... memfd_create resumed>) = 5 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5314] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5313] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5314] <... write resumed>) = 2097152 [pid 5314] munmap(0x7f0947793000, 2097152 [pid 5313] <... write resumed>) = 2097152 [pid 5313] munmap(0x7f094fb93000, 2097152 [pid 5314] <... munmap resumed>) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5314] ioctl(6, LOOP_SET_FD, 5 [pid 5313] <... munmap resumed>) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5313] ioctl(7, LOOP_SET_FD, 4 [pid 5314] <... ioctl resumed>) = 0 [pid 5314] close(5 [pid 5313] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5314] <... close resumed>) = 0 [pid 5313] ioctl(7, LOOP_CLR_FD [pid 5314] mkdir("./file2", 0777 [pid 5313] <... ioctl resumed>) = 0 [pid 5314] <... mkdir resumed>) = 0 [pid 5314] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5313] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5313] close(7) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... mount resumed>) = 0 [pid 5314] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5314] chdir("./file2") = 0 [pid 5314] ioctl(6, LOOP_CLR_FD) = 0 [pid 5314] close(6) = 0 [pid 5314] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 77.956121][ T5314] loop0: detected capacity change from 0 to 4096 [ 77.968093][ T5314] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5312] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] lchown("./file2", 0, 0 [pid 5314] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... lchown resumed>) = 0 [pid 5313] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5313] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5313] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5313] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] exit_group(0 [pid 5313] <... futex resumed>) = ? [pid 5314] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5312] <... exit_group resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 78.010892][ T5313] ntfs3: loop0: ino=0, attr_set_size [ 78.017160][ T5313] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5315 ./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x555556a346a0, 24) = 0 [pid 5315] chdir("./92") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5315] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5316 attached [pid 5316] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5315] <... clone3 resumed> => {parent_tid=[5316]}, 88) = 5316 [pid 5316] <... rseq resumed>) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] set_robust_list(0x7f0957fd49a0, 24 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] <... set_robust_list resumed>) = 0 [pid 5315] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5315] <... futex resumed>) = 0 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5315] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] memfd_create("syzkaller", 0 [pid 5315] <... futex resumed>) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5315] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5317 attached [pid 5316] <... memfd_create resumed>) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5315] <... clone3 resumed> => {parent_tid=[5317]}, 88) = 5317 [pid 5316] <... mmap resumed>) = 0x7f094fb93000 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... rseq resumed>) = 0 [pid 5315] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5317] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5317] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] memfd_create("syzkaller", 0 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5317] <... memfd_create resumed>) = 5 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5316] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5317] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5317] munmap(0x7f0947793000, 2097152 [pid 5316] <... write resumed>) = 2097152 [pid 5317] <... munmap resumed>) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5316] munmap(0x7f094fb93000, 2097152) = 0 [pid 5317] <... openat resumed>) = 6 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5317] ioctl(6, LOOP_SET_FD, 5 [pid 5316] <... openat resumed>) = 7 [pid 5316] ioctl(7, LOOP_SET_FD, 3 [pid 5317] <... ioctl resumed>) = 0 [pid 5316] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5317] close(5) = 0 [pid 5317] mkdir("./file2", 0777) = 0 [pid 5317] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5316] ioctl(7, LOOP_CLR_FD) = 0 [pid 5316] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5316] close(7) = 0 [pid 5316] close(3) = 0 [pid 5316] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... mount resumed>) = 0 [pid 5317] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5317] chdir("./file2") = 0 [pid 5317] ioctl(6, LOOP_CLR_FD) = 0 [pid 5317] close(6) = 0 [pid 5317] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5317] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5316] lchown("./file2", 0, 0 [ 78.181672][ T5317] loop0: detected capacity change from 0 to 4096 [ 78.191736][ T5317] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5315] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... lchown resumed>) = 0 [pid 5316] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] write(-1, NULL, 0 [pid 5315] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] exit_group(0) = ? [pid 5317] <... futex resumed>) = ? [pid 5316] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 78.242955][ T5316] ntfs3: loop0: ino=0, attr_set_size [ 78.248485][ T5316] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached , child_tidptr=0x555556a34690) = 5318 [pid 5318] set_robust_list(0x555556a346a0, 24) = 0 [pid 5318] chdir("./93") = 0 [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5318] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5318] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5319 attached [pid 5319] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5318] <... clone3 resumed> => {parent_tid=[5319]}, 88) = 5319 [pid 5319] <... rseq resumed>) = 0 [pid 5319] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5318] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5318] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5320] set_robust_list(0x7f0957fb39a0, 24 [pid 5318] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] <... set_robust_list resumed>) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... open resumed>) = 3 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5318] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] memfd_create("syzkaller", 0 [pid 5319] memfd_create("syzkaller", 0 [pid 5320] <... memfd_create resumed>) = 4 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5319] <... memfd_create resumed>) = 5 [pid 5319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5320] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5319] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5320] <... write resumed>) = 2097152 [pid 5320] munmap(0x7f094fb93000, 2097152) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5320] ioctl(6, LOOP_SET_FD, 4 [pid 5319] <... write resumed>) = 2097152 [pid 5319] munmap(0x7f0947793000, 2097152 [pid 5320] <... ioctl resumed>) = 0 [pid 5320] close(4) = 0 [pid 5320] mkdir("./file2", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5319] <... munmap resumed>) = 0 [pid 5319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5319] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5319] ioctl(4, LOOP_CLR_FD) = 0 [pid 5319] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5319] close(4) = 0 [pid 5319] close(5) = 0 [pid 5319] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... mount resumed>) = 0 [pid 5320] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5320] chdir("./file2") = 0 [pid 5320] ioctl(6, LOOP_CLR_FD) = 0 [pid 5320] close(6) = 0 [pid 5320] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5320] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5319] lchown("./file2", 0, 0 [ 78.401177][ T5320] loop0: detected capacity change from 0 to 4096 [ 78.414110][ T5320] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5318] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... lchown resumed>) = 0 [pid 5319] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5319] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5319] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] exit_group(0) = ? [pid 5320] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5318, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 [ 78.461111][ T5319] ntfs3: loop0: ino=0, attr_set_size [ 78.466810][ T5319] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x555556a34690) = 5321 [pid 5321] set_robust_list(0x555556a346a0, 24) = 0 [pid 5321] chdir("./94") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5321] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5321] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5322 attached [pid 5322] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5322] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... clone3 resumed> => {parent_tid=[5322]}, 88) = 5322 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5321] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5322] memfd_create("syzkaller", 0 [pid 5321] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] <... memfd_create resumed>) = 3 [pid 5321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5321] <... mmap resumed>) = 0x7f0957f93000 [pid 5322] <... mmap resumed>) = 0x7f094fb93000 [pid 5321] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5323]}, 88) = 5323 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5321] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5323] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5323] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5323] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5323] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5323] memfd_create("syzkaller", 0) = 5 [pid 5321] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5322] <... write resumed>) = 2097152 [pid 5322] munmap(0x7f094fb93000, 2097152 [pid 5323] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5322] <... munmap resumed>) = 0 [pid 5322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5322] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5322] close(3) = 0 [pid 5322] mkdir("./file2", 0777) = 0 [pid 5322] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5323] <... write resumed>) = 2097152 [pid 5323] munmap(0x7f0947793000, 2097152) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5323] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5323] ioctl(3, LOOP_CLR_FD) = 0 [pid 5323] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5323] close(3) = 0 [pid 5323] close(5) = 0 [pid 5323] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... mount resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5322] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] lchown("./file2", 0, 0 [pid 5322] <... openat resumed>) = 3 [pid 5321] <... futex resumed>) = 0 [pid 5323] <... lchown resumed>) = 0 [pid 5322] chdir("./file2") = 0 [pid 5322] ioctl(6, LOOP_CLR_FD [pid 5323] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] <... ioctl resumed>) = 0 [pid 5323] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] close(6 [pid 5321] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... close resumed>) = 0 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] write(-1, NULL, 0 [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5322] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5321] exit_group(0) = ? [pid 5323] <... futex resumed>) = ? [pid 5323] +++ exited with 0 +++ [pid 5322] <... futex resumed>) = ? [ 78.603510][ T5322] loop0: detected capacity change from 0 to 4096 [ 78.614985][ T5322] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5322] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 78.678279][ T12] ntfs3: loop0: ino=5, ntfs3_write_inode failed, -22. [ 78.685296][ T12] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5324 attached , child_tidptr=0x555556a34690) = 5324 [pid 5324] set_robust_list(0x555556a346a0, 24) = 0 [pid 5324] chdir("./95") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5324] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5325 attached [pid 5325] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5325] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... clone3 resumed> => {parent_tid=[5325]}, 88) = 5325 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5324] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5324] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5326 attached [pid 5326] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5324] <... clone3 resumed> => {parent_tid=[5326]}, 88) = 5326 [pid 5326] <... rseq resumed>) = 0 [pid 5325] memfd_create("syzkaller", 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] set_robust_list(0x7f0957fb39a0, 24 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] <... set_robust_list resumed>) = 0 [pid 5325] <... memfd_create resumed>) = 3 [pid 5324] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... futex resumed>) = 0 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5326] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5326] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... mmap resumed>) = 0x7f094fb93000 [pid 5324] <... futex resumed>) = 0 [pid 5326] memfd_create("syzkaller", 0 [pid 5324] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5326] <... memfd_create resumed>) = 5 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5325] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5326] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5325] <... write resumed>) = 2097152 [pid 5326] <... write resumed>) = 2097152 [pid 5326] munmap(0x7f0947793000, 2097152 [pid 5325] munmap(0x7f094fb93000, 2097152 [pid 5326] <... munmap resumed>) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5326] ioctl(6, LOOP_SET_FD, 5 [pid 5325] <... munmap resumed>) = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5325] ioctl(7, LOOP_SET_FD, 3 [pid 5326] <... ioctl resumed>) = 0 [pid 5326] close(5 [pid 5325] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5326] <... close resumed>) = 0 [pid 5325] ioctl(7, LOOP_CLR_FD [pid 5326] mkdir("./file2", 0777 [pid 5325] <... ioctl resumed>) = 0 [pid 5326] <... mkdir resumed>) = 0 [pid 5326] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5325] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5325] close(7) = 0 [pid 5325] close(3) = 0 [pid 5325] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... mount resumed>) = 0 [pid 5326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] chdir("./file2") = 0 [pid 5326] ioctl(6, LOOP_CLR_FD) = 0 [ 78.838143][ T5326] loop0: detected capacity change from 0 to 4096 [ 78.849536][ T5326] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5326] close(6) = 0 [pid 5326] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5326] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5324] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] lchown("./file2", 0, 0) = 0 [pid 5325] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] <... futex resumed>) = 0 [pid 5325] write(-1, NULL, 0 [pid 5324] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5325] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5325] <... futex resumed>) = ? [pid 5324] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.906916][ T5325] ntfs3: loop0: ino=0, attr_set_size [ 78.918547][ T5325] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5327 ./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x555556a346a0, 24) = 0 [pid 5327] chdir("./96") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5327] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5328] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5328] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5327] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5328] memfd_create("syzkaller", 0 [pid 5327] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... memfd_create resumed>) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5327] <... futex resumed>) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5327] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5329 attached [pid 5329] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5328] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5329] <... rseq resumed>) = 0 [pid 5327] <... clone3 resumed> => {parent_tid=[5329]}, 88) = 5329 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] <... futex resumed>) = 0 [pid 5329] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5327] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... open resumed>) = 4 [pid 5329] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5327] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] memfd_create("syzkaller", 0 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5329] <... memfd_create resumed>) = 5 [pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5328] <... write resumed>) = 2097152 [pid 5328] munmap(0x7f094fbb4000, 2097152 [pid 5329] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5328] <... munmap resumed>) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5328] ioctl(6, LOOP_SET_FD, 3 [pid 5329] <... write resumed>) = 2097152 [pid 5329] munmap(0x7f0947793000, 2097152 [pid 5328] <... ioctl resumed>) = 0 [pid 5328] close(3) = 0 [pid 5328] mkdir("./file2", 0777 [pid 5329] <... munmap resumed>) = 0 [pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5328] <... mkdir resumed>) = 0 [pid 5329] <... openat resumed>) = 3 [pid 5329] ioctl(3, LOOP_SET_FD, 5 [pid 5328] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5329] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5329] ioctl(3, LOOP_CLR_FD) = 0 [pid 5329] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5329] close(3) = 0 [pid 5329] close(5) = 0 [pid 5329] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5329] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] <... futex resumed>) = 0 [pid 5329] lchown("./file2", 0, 0 [pid 5327] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... lchown resumed>) = 0 [pid 5329] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [ 79.084358][ T5328] loop0: detected capacity change from 0 to 4096 [ 79.098689][ T5328] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5329] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... mount resumed>) = 0 [pid 5327] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5328] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5328] <... openat resumed>) = 3 [pid 5329] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] chdir("./file2" [pid 5329] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... chdir resumed>) = 0 [pid 5328] ioctl(6, LOOP_CLR_FD) = 0 [pid 5328] close(6) = 0 [pid 5328] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] exit_group(0 [pid 5329] <... futex resumed>) = ? [pid 5327] <... exit_group resumed>) = ? [pid 5328] <... futex resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5330 attached , child_tidptr=0x555556a34690) = 5330 [pid 5330] set_robust_list(0x555556a346a0, 24) = 0 [pid 5330] chdir("./97") = 0 [pid 5330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5330] setpgid(0, 0) = 0 [pid 5330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5330] write(3, "1000", 4) = 4 [pid 5330] close(3) = 0 [pid 5330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5330] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5330] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5331 attached => {parent_tid=[5331]}, 88) = 5331 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5330] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5331] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 5332 attached [pid 5330] <... clone3 resumed> => {parent_tid=[5332]}, 88) = 5332 [pid 5332] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5331] <... rseq resumed>) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] <... rseq resumed>) = 0 [pid 5331] set_robust_list(0x7f0957fd49a0, 24 [pid 5332] set_robust_list(0x7f0957fb39a0, 24 [pid 5331] <... set_robust_list resumed>) = 0 [pid 5332] <... set_robust_list resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5331] memfd_create("syzkaller", 0) = 4 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5332] <... open resumed>) = 3 [pid 5332] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5332] memfd_create("syzkaller", 0 [pid 5330] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5332] <... memfd_create resumed>) = 5 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5331] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5332] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5331] <... write resumed>) = 2097152 [pid 5331] munmap(0x7f094fb93000, 2097152 [pid 5332] <... write resumed>) = 2097152 [pid 5332] munmap(0x7f0947793000, 2097152 [pid 5331] <... munmap resumed>) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5331] ioctl(6, LOOP_SET_FD, 4 [pid 5332] <... munmap resumed>) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5332] ioctl(7, LOOP_SET_FD, 5 [pid 5331] <... ioctl resumed>) = 0 [pid 5332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5331] close(4 [pid 5332] ioctl(7, LOOP_CLR_FD [pid 5331] <... close resumed>) = 0 [pid 5332] <... ioctl resumed>) = 0 [pid 5331] mkdir("./file2", 0777 [pid 5332] ioctl(7, LOOP_SET_FD, 5 [pid 5331] <... mkdir resumed>) = 0 [pid 5332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5332] close(7) = 0 [pid 5332] close(5 [pid 5331] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5332] <... close resumed>) = 0 [pid 5332] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [pid 5332] lchown("./file2", 0, 0) = 0 [pid 5332] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [pid 5332] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5332] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5332] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... mount resumed>) = 0 [pid 5331] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5331] chdir("./file2") = 0 [pid 5331] ioctl(6, LOOP_CLR_FD) = 0 [pid 5331] close(6) = 0 [pid 5331] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] exit_group(0 [pid 5332] <... futex resumed>) = ? [pid 5331] <... futex resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ [pid 5330] <... exit_group resumed>) = ? [pid 5330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5330, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 [ 79.295106][ T5331] loop0: detected capacity change from 0 to 4096 [ 79.314483][ T5331] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5333 attached , child_tidptr=0x555556a34690) = 5333 [pid 5333] set_robust_list(0x555556a346a0, 24) = 0 [pid 5333] chdir("./98") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5333] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5334 attached [pid 5334] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5334] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] <... clone3 resumed> => {parent_tid=[5334]}, 88) = 5334 [pid 5334] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] memfd_create("syzkaller", 0 [pid 5333] <... futex resumed>) = 1 [pid 5333] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5333] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] <... memfd_create resumed>) = 3 [pid 5333] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5333] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5334] <... mmap resumed>) = 0x7f094fb93000 [pid 5333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5335 attached [pid 5335] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5333] <... clone3 resumed> => {parent_tid=[5335]}, 88) = 5335 [pid 5335] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5333] <... futex resumed>) = 0 [pid 5335] <... open resumed>) = 4 [pid 5333] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5333] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] memfd_create("syzkaller", 0 [pid 5333] <... futex resumed>) = 0 [pid 5335] <... memfd_create resumed>) = 5 [pid 5333] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5334] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5335] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5334] <... write resumed>) = 2097152 [pid 5334] munmap(0x7f094fb93000, 2097152) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5334] ioctl(6, LOOP_SET_FD, 3 [pid 5335] <... write resumed>) = 2097152 [pid 5335] munmap(0x7f0947793000, 2097152 [pid 5334] <... ioctl resumed>) = 0 [pid 5334] close(3) = 0 [pid 5334] mkdir("./file2", 0777) = 0 [pid 5334] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5335] <... munmap resumed>) = 0 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5335] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5335] ioctl(3, LOOP_CLR_FD) = 0 [pid 5335] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5335] close(3) = 0 [pid 5335] close(5) = 0 [pid 5335] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5335] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5335] lchown("./file2", 0, 0 [pid 5333] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... lchown resumed>) = 0 [pid 5335] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5335] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5335] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5335] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... mount resumed>) = 0 [pid 5334] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file2") = 0 [ 79.482722][ T5334] loop0: detected capacity change from 0 to 4096 [ 79.493487][ T5334] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5334] ioctl(6, LOOP_CLR_FD) = 0 [pid 5334] close(6) = 0 [pid 5334] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] exit_group(0 [pid 5334] <... futex resumed>) = ? [pid 5333] <... exit_group resumed>) = ? [pid 5335] <... futex resumed>) = ? [pid 5335] +++ exited with 0 +++ [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5336 attached , child_tidptr=0x555556a34690) = 5336 [pid 5336] set_robust_list(0x555556a346a0, 24) = 0 [pid 5336] chdir("./99") = 0 [pid 5336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5336] setpgid(0, 0) = 0 [pid 5336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5336] write(3, "1000", 4) = 4 [pid 5336] close(3) = 0 [pid 5336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5336] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5336] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5337 attached [pid 5337] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5336] <... clone3 resumed> => {parent_tid=[5337]}, 88) = 5337 [pid 5337] <... rseq resumed>) = 0 [pid 5337] set_robust_list(0x7f0957fd49a0, 24 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] <... set_robust_list resumed>) = 0 [pid 5336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5336] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5337] memfd_create("syzkaller", 0 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5337] <... memfd_create resumed>) = 3 [pid 5336] <... mmap resumed>) = 0x7f0957f93000 [pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5336] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5337] <... mmap resumed>) = 0x7f094fb93000 [pid 5336] <... mprotect resumed>) = 0 [pid 5336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5338 attached => {parent_tid=[5338]}, 88) = 5338 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5336] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] <... rseq resumed>) = 0 [pid 5338] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5337] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}) = 0 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=48000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] memfd_create("syzkaller", 0) = 5 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5337] <... write resumed>) = 2097153 [pid 5337] munmap(0x7f094fb93000, 2097153) = 0 [pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 79.623345][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 79.623359][ T27] audit: type=1800 audit(1695716766.102:101): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5337] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5337] close(3) = 0 [pid 5337] mkdir("./file2", 0777) = 0 [pid 5337] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5338] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5337] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5337] ioctl(6, LOOP_CLR_FD [pid 5338] <... write resumed>) = 2097152 [pid 5338] munmap(0x7f0947793000, 2097152) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5338] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5338] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5338] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5338] close(3) = 0 [pid 5338] close(5) = 0 [pid 5338] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] lchown("./file2", 0, 0) = 0 [pid 5338] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5338] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [ 79.667982][ T5337] loop0: detected capacity change from 0 to 4096 [ 79.682460][ T5337] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 79.698632][ T5337] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5338] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... ioctl resumed>) = 0 [pid 5337] close(6) = 0 [pid 5337] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] exit_group(0) = ? [pid 5338] <... futex resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5337] <... futex resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5336, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5339 attached , child_tidptr=0x555556a34690) = 5339 [pid 5339] set_robust_list(0x555556a346a0, 24) = 0 [pid 5339] chdir("./100") = 0 [pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] setpgid(0, 0) = 0 [pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] write(3, "1000", 4) = 4 [pid 5339] close(3) = 0 [pid 5339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5339] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5339] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5340 attached [pid 5340] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5340] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... clone3 resumed> => {parent_tid=[5340]}, 88) = 5340 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5339] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] memfd_create("syzkaller", 0 [pid 5339] <... futex resumed>) = 0 [ 79.753515][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5339] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5340] <... memfd_create resumed>) = 3 [pid 5339] <... mprotect resumed>) = 0 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5340] <... mmap resumed>) = 0x7f094fb93000 [pid 5339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5341 attached [pid 5341] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5341] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... clone3 resumed> => {parent_tid=[5341]}, 88) = 5341 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5341] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5339] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... open resumed>) = 4 [pid 5341] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5341] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5341] memfd_create("syzkaller", 0) = 5 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5341] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5340] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153) = 2097153 [pid 5341] <... write resumed>) = 2097152 [pid 5340] munmap(0x7f094fb93000, 2097153 [pid 5341] munmap(0x7f0947793000, 2097152) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 79.828221][ T27] audit: type=1800 audit(1695716766.302:102): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5341] ioctl(6, LOOP_SET_FD, 5 [pid 5340] <... munmap resumed>) = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5340] ioctl(7, LOOP_SET_FD, 3 [pid 5341] <... ioctl resumed>) = 0 [pid 5340] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5341] close(5) = 0 [pid 5340] ioctl(7, LOOP_CLR_FD [pid 5341] mkdir("./file2", 0777 [pid 5340] <... ioctl resumed>) = 0 [pid 5341] <... mkdir resumed>) = 0 [pid 5341] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5340] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5340] close(7) = 0 [pid 5340] close(3) = 0 [pid 5340] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... mount resumed>) = 0 [pid 5341] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5341] chdir("./file2") = 0 [pid 5341] ioctl(6, LOOP_CLR_FD) = 0 [pid 5341] close(6) = 0 [pid 5341] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5339] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] lchown("./file2", 0, 0 [ 79.883867][ T5341] loop0: detected capacity change from 0 to 4096 [ 79.893514][ T5341] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5339] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... lchown resumed>) = 0 [pid 5340] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] <... futex resumed>) = 0 [pid 5340] write(-1, NULL, 0 [pid 5339] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5340] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5339] exit_group(0 [pid 5341] <... futex resumed>) = ? [pid 5339] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5340] <... futex resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5339, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 79.944296][ T5340] ntfs3: loop0: ino=0, attr_set_size [ 79.952324][ T5340] ntfs3: loop0: Mark volume as dirty due to NTFS errors close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5342 attached , child_tidptr=0x555556a34690) = 5342 [pid 5342] set_robust_list(0x555556a346a0, 24) = 0 [pid 5342] chdir("./101") = 0 [pid 5342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5342] setpgid(0, 0) = 0 [pid 5342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5342] write(3, "1000", 4) = 4 [pid 5342] close(3) = 0 [pid 5342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5342] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5342] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5343 attached => {parent_tid=[5343]}, 88) = 5343 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5342] <... futex resumed>) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5343] <... rseq resumed>) = 0 [pid 5343] set_robust_list(0x7f0957fd49a0, 24 [pid 5342] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5343] <... set_robust_list resumed>) = 0 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] <... mprotect resumed>) = 0 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5344 attached [pid 5344] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5343] memfd_create("syzkaller", 0 [pid 5342] <... clone3 resumed> => {parent_tid=[5344]}, 88) = 5344 [pid 5344] set_robust_list(0x7f0957fb39a0, 24 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... set_robust_list resumed>) = 0 [pid 5343] <... memfd_create resumed>) = 3 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5342] <... futex resumed>) = 0 [pid 5343] <... mmap resumed>) = 0x7f094fb93000 [pid 5342] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5344] <... futex resumed>) = 1 [pid 5344] memfd_create("syzkaller", 0) = 5 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5344] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5343] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5344] <... write resumed>) = 2097152 [pid 5344] munmap(0x7f0947793000, 2097152) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 80.022956][ T27] audit: type=1800 audit(1695716766.502:103): pid=5344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [pid 5344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5344] close(5) = 0 [pid 5344] mkdir("./file2", 0777 [pid 5343] <... write resumed>) = 2097152 [pid 5343] munmap(0x7f094fb93000, 2097152 [pid 5344] <... mkdir resumed>) = 0 [pid 5344] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5343] <... munmap resumed>) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5343] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5343] ioctl(5, LOOP_CLR_FD) = 0 [pid 5343] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5343] close(5) = 0 [pid 5343] close(3) = 0 [pid 5344] <... mount resumed>) = 0 [pid 5344] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./file2" [pid 5343] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... chdir resumed>) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5344] ioctl(6, LOOP_CLR_FD [pid 5343] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... ioctl resumed>) = 0 [ 80.083474][ T5344] loop0: detected capacity change from 0 to 4096 [ 80.094271][ T5344] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5344] close(6) = 0 [pid 5344] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5342] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 1 [pid 5342] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 0 [pid 5343] lchown("./file2", 0, 0) = 0 [pid 5343] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5342] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5343] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5343] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] exit_group(0 [pid 5344] <... futex resumed>) = ? [pid 5343] <... futex resumed>) = ? [pid 5342] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5342, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 80.146673][ T5343] ntfs3: loop0: ino=0, attr_set_size [ 80.153134][ T5343] ntfs3: loop0: Mark volume as dirty due to NTFS errors umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5345 attached , child_tidptr=0x555556a34690) = 5345 [pid 5345] set_robust_list(0x555556a346a0, 24) = 0 [pid 5345] chdir("./102") = 0 [pid 5345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5345] setpgid(0, 0) = 0 [pid 5345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5345] write(3, "1000", 4) = 4 [pid 5345] close(3) = 0 [pid 5345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5345] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5345] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5346 attached [pid 5346] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5345] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5346] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5345] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 0 [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5345] <... mmap resumed>) = 0x7f0957f93000 [pid 5346] <... mmap resumed>) = 0x7f094fb93000 [pid 5345] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5347 attached [pid 5347] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5347] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5347] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5345] <... clone3 resumed> => {parent_tid=[5347]}, 88) = 5347 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5345] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5347] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5345] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... open resumed>) = 4 [pid 5347] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 0 [pid 5347] memfd_create("syzkaller", 0) = 5 [pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5346] <... write resumed>) = 2097152 [pid 5346] munmap(0x7f094fb93000, 2097152) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5346] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] mkdir("./file2", 0777) = 0 [pid 5346] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [ 80.271645][ T27] audit: type=1800 audit(1695716766.742:104): pid=5347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 80.308676][ T5346] loop0: detected capacity change from 0 to 4096 [pid 5347] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5346] <... mount resumed>) = 0 [pid 5346] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./file2") = 0 [pid 5346] ioctl(6, LOOP_CLR_FD) = 0 [pid 5346] close(6) = 0 [pid 5346] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... write resumed>) = 2097152 [pid 5347] munmap(0x7f0947793000, 2097152) = 0 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5347] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5347] ioctl(6, LOOP_CLR_FD) = 0 [pid 5347] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5347] close(6) = 0 [pid 5347] close(5) = 0 [pid 5347] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5347] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... futex resumed>) = 0 [ 80.318594][ T5346] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5346] lchown("./file2", 0, 0) = 0 [pid 5346] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5346] write(-1, NULL, 0 [pid 5345] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] exit_group(0 [pid 5347] <... futex resumed>) = ? [pid 5347] +++ exited with 0 +++ [pid 5346] <... futex resumed>) = ? [pid 5345] <... exit_group resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5345, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 [ 80.395946][ T5346] ntfs3: loop0: ino=0, attr_set_size [ 80.401388][ T5346] ntfs3: loop0: Mark volume as dirty due to NTFS errors mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5348 ./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x555556a346a0, 24) = 0 [pid 5348] chdir("./103") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [pid 5348] close(3) = 0 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5348] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5348] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5349] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5348] <... clone3 resumed> => {parent_tid=[5349]}, 88) = 5349 [pid 5349] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5348] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5349] memfd_create("syzkaller", 0) = 3 [pid 5348] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5348] <... futex resumed>) = 0 [pid 5349] <... mmap resumed>) = 0x7f094fbb4000 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5348] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5350 attached => {parent_tid=[5350]}, 88) = 5350 [pid 5350] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] <... rseq resumed>) = 0 [pid 5348] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] set_robust_list(0x7f094fbb39a0, 24 [pid 5348] <... futex resumed>) = 0 [pid 5350] <... set_robust_list resumed>) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5350] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5350] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5349] <... write resumed>) = 2097152 [pid 5350] <... futex resumed>) = 0 [pid 5349] munmap(0x7f094fbb4000, 2097152 [pid 5350] memfd_create("syzkaller", 0) = 5 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5349] <... munmap resumed>) = 0 [pid 5350] <... mmap resumed>) = 0x7f0947793000 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5349] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5349] close(3) = 0 [pid 5349] mkdir("./file2", 0777) = 0 [pid 5349] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5350] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5349] <... mount resumed>) = 0 [pid 5349] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5349] chdir("./file2") = 0 [pid 5349] ioctl(6, LOOP_CLR_FD) = 0 [pid 5349] close(6) = 0 [pid 5349] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... write resumed>) = 2097152 [pid 5350] munmap(0x7f0947793000, 2097152) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5350] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5350] ioctl(6, LOOP_CLR_FD) = 0 [pid 5350] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5350] close(6) = 0 [pid 5350] close(5) = 0 [pid 5350] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5348] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5349] lchown("./file2", 0, 0 [pid 5348] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... lchown resumed>) = 0 [pid 5349] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5349] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5348] <... exit_group resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5349] <... futex resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5351 attached , child_tidptr=0x555556a34690) = 5351 [pid 5351] set_robust_list(0x555556a346a0, 24) = 0 [pid 5351] chdir("./104") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5351] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5352 attached => {parent_tid=[5352]}, 88) = 5352 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5351] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5352] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 5353 attached [pid 5353] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5351] <... clone3 resumed> => {parent_tid=[5353]}, 88) = 5353 [pid 5353] set_robust_list(0x7f0957fb39a0, 24 [pid 5352] <... rseq resumed>) = 0 [pid 5353] <... set_robust_list resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5352] set_robust_list(0x7f0957fd49a0, 24 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5351] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 1 [pid 5353] memfd_create("syzkaller", 0) = 4 [pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] memfd_create("syzkaller", 0 [pid 5353] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5352] <... memfd_create resumed>) = 5 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5352] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5353] <... write resumed>) = 2097152 [pid 5353] munmap(0x7f094fb93000, 2097152) = 0 [pid 5353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5353] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 5353] close(4) = 0 [pid 5353] mkdir("./file2", 0777 [pid 5352] <... write resumed>) = 2097152 [pid 5353] <... mkdir resumed>) = 0 [pid 5353] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5352] munmap(0x7f0947793000, 2097152) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5352] ioctl(4, LOOP_CLR_FD) = 0 [pid 5352] ioctl(4, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5352] close(4) = 0 [pid 5352] close(5) = 0 [pid 5352] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... mount resumed>) = 0 [pid 5353] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5353] chdir("./file2") = 0 [pid 5353] ioctl(6, LOOP_CLR_FD) = 0 [pid 5353] close(6) = 0 [pid 5353] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5351] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5351] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.528477][ T27] audit: type=1800 audit(1695716767.002:105): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 80.557906][ T5349] loop0: detected capacity change from 0 to 4096 [ 80.568894][ T5349] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 80.636820][ T5349] ntfs3: loop0: ino=0, attr_set_size [ 80.643026][ T5349] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 80.718680][ T27] audit: type=1800 audit(1695716767.192:106): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 80.783083][ T5353] loop0: detected capacity change from 0 to 4096 [ 80.793432][ T5353] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5352] lchown("./file2", 0, 0) = 0 [pid 5352] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5352] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] exit_group(0 [pid 5353] <... futex resumed>) = ? [pid 5351] <... exit_group resumed>) = ? [pid 5353] +++ exited with 0 +++ [pid 5352] <... futex resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./104/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x555556a346a0, 24) = 0 [ 80.841895][ T5352] ntfs3: loop0: ino=0, attr_set_size [ 80.847701][ T5352] ntfs3: loop0: Mark volume as dirty due to NTFS errors [pid 5354] chdir("./105") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5354] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5355 attached [pid 5355] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5355] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... clone3 resumed> => {parent_tid=[5355]}, 88) = 5355 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5355] memfd_create("syzkaller", 0 [pid 5354] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] <... memfd_create resumed>) = 3 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5354] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5356 attached [pid 5356] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5356] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] <... clone3 resumed> => {parent_tid=[5356]}, 88) = 5356 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5356] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5356] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5354] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... open resumed>) = 4 [pid 5355] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5356] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5356] <... futex resumed>) = 0 [pid 5356] memfd_create("syzkaller", 0) = 5 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5355] <... write resumed>) = 2097152 [pid 5355] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5355] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5355] close(3) = 0 [pid 5355] mkdir("./file2", 0777 [pid 5356] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5355] <... mkdir resumed>) = 0 [pid 5355] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5356] <... write resumed>) = 2097152 [pid 5356] munmap(0x7f0947793000, 2097152) = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5356] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5356] ioctl(3, LOOP_CLR_FD) = 0 [pid 5356] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5356] close(3) = 0 [pid 5356] close(5) = 0 [pid 5356] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... futex resumed>) = 1 [pid 5356] lchown("./file2", 0, 0) = 0 [pid 5356] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... futex resumed>) = 1 [pid 5356] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5356] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5355] <... mount resumed>) = 0 [pid 5355] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5355] chdir("./file2") = 0 [pid 5355] ioctl(6, LOOP_CLR_FD) = 0 [pid 5355] close(6) = 0 [pid 5355] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] exit_group(0 [pid 5356] <... futex resumed>) = ? [pid 5355] <... futex resumed>) = ? [pid 5354] <... exit_group resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./105/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 80.936689][ T27] audit: type=1800 audit(1695716767.412:107): pid=5356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 80.977360][ T5355] loop0: detected capacity change from 0 to 4096 [ 80.989953][ T5355] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5357 attached [pid 5357] set_robust_list(0x555556a346a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5357 [pid 5357] chdir("./106") = 0 [pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5357] setpgid(0, 0) = 0 [pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5357] write(3, "1000", 4) = 4 [pid 5357] close(3) = 0 [pid 5357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5357] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5357] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5358]}, 88) = 5358 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... rseq resumed>) = 0 [pid 5358] set_robust_list(0x7f0957fd49a0, 24 [pid 5357] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... mmap resumed>) = 0x7f0957f93000 [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5358] memfd_create("syzkaller", 0 [pid 5357] <... clone3 resumed> => {parent_tid=[5359]}, 88) = 5359 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5357] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5359 attached [pid 5359] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5358] <... memfd_create resumed>) = 3 [pid 5359] <... rseq resumed>) = 0 [pid 5359] set_robust_list(0x7f0957fb39a0, 24 [pid 5358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5359] <... set_robust_list resumed>) = 0 [pid 5358] <... mmap resumed>) = 0x7f094fb93000 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5359] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5359] memfd_create("syzkaller", 0) = 5 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5357] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5359] <... mmap resumed>) = 0x7f0947793000 [pid 5358] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5359] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5358] <... write resumed>) = 2097153 [pid 5358] munmap(0x7f094fb93000, 2097153 [pid 5359] <... write resumed>) = 2097152 [pid 5359] munmap(0x7f0947793000, 2097152 [pid 5358] <... munmap resumed>) = 0 [pid 5359] <... munmap resumed>) = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5359] ioctl(7, LOOP_SET_FD, 5 [pid 5358] <... openat resumed>) = 6 [pid 5358] ioctl(6, LOOP_SET_FD, 3 [pid 5359] <... ioctl resumed>) = 0 [pid 5358] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5359] close(5) = 0 [pid 5358] ioctl(6, LOOP_CLR_FD [pid 5359] mkdir("./file2", 0777 [pid 5358] <... ioctl resumed>) = 0 [pid 5359] <... mkdir resumed>) = 0 [pid 5359] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5358] ioctl(6, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5358] close(6) = 0 [pid 5358] close(3) = 0 [pid 5358] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... mount resumed>) = 0 [pid 5359] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file2") = 0 [pid 5359] ioctl(7, LOOP_CLR_FD) = 0 [pid 5359] close(7) = 0 [pid 5359] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5357] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5358] lchown("./file2", 0, 0 [pid 5359] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... lchown resumed>) = 0 [pid 5358] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5358] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] exit_group(0 [pid 5359] <... futex resumed>) = ? [pid 5358] <... futex resumed>) = ? [pid 5357] <... exit_group resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ [pid 5357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.113262][ T27] audit: type=1800 audit(1695716767.582:108): pid=5359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 81.185227][ T5359] loop0: detected capacity change from 0 to 4096 [ 81.195790][ T5359] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./106/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 [ 81.255178][ T5358] ntfs3: loop0: ino=0, attr_set_size [ 81.260539][ T5358] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 81.294768][ T773] cfg80211: failed to load regulatory.db mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5360 attached , child_tidptr=0x555556a34690) = 5360 [pid 5360] set_robust_list(0x555556a346a0, 24) = 0 [pid 5360] chdir("./107") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5360] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5361 attached => {parent_tid=[5361]}, 88) = 5361 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5361] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5360] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... rseq resumed>) = 0 [pid 5361] set_robust_list(0x7f0957fd49a0, 24 [pid 5360] <... futex resumed>) = 0 [pid 5361] <... set_robust_list resumed>) = 0 [pid 5360] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... futex resumed>) = 0 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5360] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5361] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5362 attached [pid 5360] <... clone3 resumed> => {parent_tid=[5362]}, 88) = 5362 [pid 5362] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5360] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... rseq resumed>) = 0 [pid 5361] <... memfd_create resumed>) = 3 [pid 5362] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5362] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5361] <... mmap resumed>) = 0x7f094fb93000 [pid 5362] <... open resumed>) = 4 [pid 5361] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5362] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5360] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] memfd_create("syzkaller", 0 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5362] <... memfd_create resumed>) = 5 [pid 5362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5361] <... write resumed>) = 2097153 [pid 5361] munmap(0x7f094fb93000, 2097153 [pid 5362] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5361] <... munmap resumed>) = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5361] ioctl(6, LOOP_SET_FD, 3 [pid 5362] <... write resumed>) = 2097152 [pid 5361] <... ioctl resumed>) = 0 [pid 5362] munmap(0x7f0947793000, 2097152 [pid 5361] close(3) = 0 [pid 5361] mkdir("./file2", 0777) = 0 [pid 5361] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5362] <... munmap resumed>) = 0 [pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5362] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5362] ioctl(3, LOOP_CLR_FD) = 0 [pid 5362] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5362] close(3) = 0 [pid 5362] close(5) = 0 [pid 5362] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] lchown("./file2", 0, 0) = 0 [pid 5362] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 1 [pid 5360] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5362] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5362] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5360] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] ioctl(6, LOOP_CLR_FD) = 0 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] close(6) = 0 [pid 5361] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] exit_group(0 [pid 5362] <... futex resumed>) = ? [pid 5361] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ [pid 5360] <... exit_group resumed>) = ? [pid 5360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [ 81.364646][ T27] audit: type=1800 audit(1695716767.842:109): pid=5362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./107/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5363 ./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x555556a346a0, 24) = 0 [pid 5363] chdir("./108") = 0 [pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5363] setpgid(0, 0) = 0 [pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5363] write(3, "1000", 4) = 4 [pid 5363] close(3) = 0 [pid 5363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5363] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5363] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5364 attached [pid 5364] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5364] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5364] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... clone3 resumed> => {parent_tid=[5364]}, 88) = 5364 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5364] memfd_create("syzkaller", 0 [pid 5363] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5364] <... memfd_create resumed>) = 3 [pid 5363] <... mmap resumed>) = 0x7f0957f93000 [pid 5364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5363] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5365 attached => {parent_tid=[5365]}, 88) = 5365 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... rseq resumed>) = 0 [pid 5365] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 81.424306][ T5361] loop0: detected capacity change from 0 to 4096 [ 81.435314][ T5361] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 81.459841][ T5361] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5365] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5365] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... write resumed>) = 2097152 [pid 5364] munmap(0x7f094fb93000, 2097152) = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5364] ioctl(5, LOOP_SET_FD, 3) = 0 [pid 5363] <... futex resumed>) = 0 [pid 5364] close(3 [pid 5363] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5364] <... close resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5365] memfd_create("syzkaller", 0 [pid 5364] mkdir("./file2", 0777 [pid 5363] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5365] <... memfd_create resumed>) = 3 [pid 5364] <... mkdir resumed>) = 0 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947993000 [pid 5364] mount("/dev/loop0", "./file2", "ntfs3", 0, "") = 0 [pid 5364] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 6 [pid 5364] chdir("./file2") = 0 [pid 5364] ioctl(5, LOOP_CLR_FD) = 0 [pid 5364] close(5) = 0 [pid 5365] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5364] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... write resumed>) = 2097152 [pid 5365] munmap(0x7f0947993000, 2097152) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5365] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5365] ioctl(5, LOOP_CLR_FD) = 0 [pid 5365] ioctl(5, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5365] close(5) = 0 [pid 5365] close(3) = 0 [pid 5365] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5365] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5363] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] lchown("./file2", 0, 0) = 0 [pid 5364] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] write(-1, NULL, 0 [pid 5363] <... futex resumed>) = 0 [pid 5364] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5363] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] exit_group(0 [pid 5365] <... futex resumed>) = ? [pid 5363] <... exit_group resumed>) = ? [pid 5365] +++ exited with 0 +++ [pid 5364] <... futex resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./108/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5366 attached , child_tidptr=0x555556a34690) = 5366 [pid 5366] set_robust_list(0x555556a346a0, 24) = 0 [pid 5366] chdir("./109") = 0 [pid 5366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5366] setpgid(0, 0) = 0 [pid 5366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5366] write(3, "1000", 4) = 4 [pid 5366] close(3) = 0 [pid 5366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5366] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5366] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5367]}, 88) = 5367 ./strace-static-x86_64: Process 5367 attached [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] <... rseq resumed>) = 0 [pid 5366] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] set_robust_list(0x7f0957fd49a0, 24 [pid 5366] <... futex resumed>) = 0 [pid 5367] <... set_robust_list resumed>) = 0 [pid 5366] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] <... futex resumed>) = 0 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5366] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5367] memfd_create("syzkaller", 0) = 3 [pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5368 attached [pid 5366] <... clone3 resumed> => {parent_tid=[5368]}, 88) = 5368 [pid 5368] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5367] <... mmap resumed>) = 0x7f094fb93000 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... rseq resumed>) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5368] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5366] <... futex resumed>) = 1 [pid 5368] memfd_create("syzkaller", 0) = 5 [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5366] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5367] <... write resumed>) = 2097152 [pid 5368] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5367] munmap(0x7f094fb93000, 2097152) = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5367] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5367] close(3) = 0 [pid 5367] mkdir("./file2", 0777) = 0 [pid 5367] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5368] <... write resumed>) = 2097152 [pid 5368] munmap(0x7f0947793000, 2097152) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5368] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5368] ioctl(3, LOOP_CLR_FD) = 0 [pid 5368] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5368] close(3) = 0 [pid 5368] close(5) = 0 [pid 5368] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5368] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... futex resumed>) = 0 [pid 5368] lchown("./file2", 0, 0 [pid 5366] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... lchown resumed>) = 0 [pid 5368] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5368] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... futex resumed>) = 0 [pid 5367] <... mount resumed>) = 0 [pid 5367] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5367] chdir("./file2") = 0 [pid 5367] ioctl(6, LOOP_CLR_FD) = 0 [ 81.588027][ T27] audit: type=1800 audit(1695716768.062:110): pid=5365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor201" name="bus" dev="sda1" ino=1930 res=0 errno=0 [ 81.607736][ T5364] loop0: detected capacity change from 0 to 4096 [ 81.619706][ T5364] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 81.715712][ T5364] ntfs3: loop0: ino=0, attr_set_size [ 81.721213][ T5364] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 81.833365][ T5367] loop0: detected capacity change from 0 to 4096 [ 81.843431][ T5367] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5367] close(6) = 0 [pid 5367] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] exit_group(0 [pid 5367] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5368] <... futex resumed>) = ? [pid 5366] <... exit_group resumed>) = ? [pid 5368] +++ exited with 0 +++ [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5366, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./109/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x555556a346a0, 24) = 0 [pid 5369] chdir("./110") = 0 [pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5369] setpgid(0, 0) = 0 [pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5369 [pid 5369] <... openat resumed>) = 3 [pid 5369] write(3, "1000", 4) = 4 [pid 5369] close(3) = 0 [pid 5369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5369] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5369] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5370 attached => {parent_tid=[5370]}, 88) = 5370 [pid 5370] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] <... rseq resumed>) = 0 [pid 5369] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5369] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5371 attached [pid 5371] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5369] <... clone3 resumed> => {parent_tid=[5371]}, 88) = 5371 [pid 5371] <... rseq resumed>) = 0 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] set_robust_list(0x7f0957fb39a0, 24 [pid 5369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... set_robust_list resumed>) = 0 [pid 5369] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] memfd_create("syzkaller", 0 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] <... futex resumed>) = 0 [pid 5371] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5369] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... open resumed>) = 3 [pid 5370] <... memfd_create resumed>) = 4 [pid 5371] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 1 [pid 5371] memfd_create("syzkaller", 0 [pid 5370] <... mmap resumed>) = 0x7f094fb93000 [pid 5371] <... memfd_create resumed>) = 5 [pid 5369] <... futex resumed>) = 0 [pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5369] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5371] <... mmap resumed>) = 0x7f0947793000 [pid 5370] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5371] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5370] <... write resumed>) = 2097152 [pid 5370] munmap(0x7f094fb93000, 2097152 [pid 5371] <... write resumed>) = 2097152 [pid 5371] munmap(0x7f0947793000, 2097152 [pid 5370] <... munmap resumed>) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5370] ioctl(6, LOOP_SET_FD, 4 [pid 5371] <... munmap resumed>) = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5371] ioctl(7, LOOP_SET_FD, 5 [pid 5370] <... ioctl resumed>) = 0 [pid 5371] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5371] ioctl(7, LOOP_CLR_FD [pid 5370] close(4 [pid 5371] <... ioctl resumed>) = 0 [pid 5370] <... close resumed>) = 0 [pid 5370] mkdir("./file2", 0777) = 0 [pid 5370] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5371] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5371] close(7) = 0 [pid 5371] close(5) = 0 [pid 5371] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5371] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5371] lchown("./file2", 0, 0 [pid 5369] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... lchown resumed>) = 0 [pid 5371] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5371] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5371] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... mount resumed>) = 0 [pid 5369] <... futex resumed>) = 0 [pid 5371] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5370] chdir("./file2") = 0 [pid 5370] ioctl(6, LOOP_CLR_FD) = 0 [pid 5370] close(6) = 0 [pid 5370] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5371] <... futex resumed>) = ? [pid 5369] <... exit_group resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./110/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 82.038761][ T5370] loop0: detected capacity change from 0 to 4096 [ 82.050344][ T5370] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). rmdir("./110/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5372 attached , child_tidptr=0x555556a34690) = 5372 [pid 5372] set_robust_list(0x555556a346a0, 24) = 0 [pid 5372] chdir("./111") = 0 [pid 5372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5372] setpgid(0, 0) = 0 [pid 5372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5372] write(3, "1000", 4) = 4 [pid 5372] close(3) = 0 [pid 5372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5372] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5372] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5372] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] <... rseq resumed>) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] set_robust_list(0x7f0957fd49a0, 24 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] <... set_robust_list resumed>) = 0 [pid 5372] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] <... futex resumed>) = 0 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] memfd_create("syzkaller", 0 [pid 5372] <... futex resumed>) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5372] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} => {parent_tid=[5374]}, 88) = 5374 [pid 5373] <... memfd_create resumed>) = 3 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5374 attached [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] <... mmap resumed>) = 0x7f094fb93000 [pid 5372] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5372] <... futex resumed>) = 0 [pid 5374] <... rseq resumed>) = 0 [pid 5372] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5374] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5374] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5374] memfd_create("syzkaller", 0) = 5 [pid 5372] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5373] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5373] munmap(0x7f094fb93000, 2097152) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5373] ioctl(6, LOOP_SET_FD, 3 [pid 5374] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5373] <... ioctl resumed>) = 0 [pid 5373] close(3) = 0 [pid 5373] mkdir("./file2", 0777) = 0 [pid 5373] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5374] <... write resumed>) = 2097152 [pid 5374] munmap(0x7f0947793000, 2097152) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5374] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5374] ioctl(3, LOOP_CLR_FD) = 0 [pid 5374] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5374] close(3) = 0 [pid 5374] close(5 [pid 5373] <... mount resumed>) = 0 [pid 5373] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5373] chdir("./file2") = 0 [pid 5373] ioctl(6, LOOP_CLR_FD) = 0 [ 82.180441][ T5373] loop0: detected capacity change from 0 to 4096 [ 82.189668][ T5373] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5373] close(6 [pid 5374] <... close resumed>) = 0 [pid 5373] <... close resumed>) = 0 [pid 5374] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5374] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... futex resumed>) = 0 [pid 5372] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] lchown("./file2", 0, 0 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... lchown resumed>) = 0 [pid 5373] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 0 [pid 5373] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5373] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = 0 [pid 5372] exit_group(0 [pid 5373] <... futex resumed>) = ? [pid 5374] <... futex resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ [pid 5372] <... exit_group resumed>) = ? [pid 5372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5372, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./111/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 82.258743][ T5373] ntfs3: loop0: ino=0, attr_set_size [ 82.264473][ T5373] ntfs3: loop0: Mark volume as dirty due to NTFS errors clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5375 ./strace-static-x86_64: Process 5375 attached [pid 5375] set_robust_list(0x555556a346a0, 24) = 0 [pid 5375] chdir("./112") = 0 [pid 5375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5375] setpgid(0, 0) = 0 [pid 5375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5375] write(3, "1000", 4) = 4 [pid 5375] close(3) = 0 [pid 5375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5375] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5375] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0} => {parent_tid=[5376]}, 88) = 5376 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5375] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5375] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5375] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5376 attached [pid 5376] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5376] set_robust_list(0x7f0957fd49a0, 24./strace-static-x86_64: Process 5377 attached ) = 0 [pid 5375] <... clone3 resumed> => {parent_tid=[5377]}, 88) = 5377 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5375] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] <... rseq resumed>) = 0 [pid 5376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5376] memfd_create("syzkaller", 0 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] <... memfd_create resumed>) = 3 [pid 5376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5377] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5376] <... mmap resumed>) = 0x7f094fb93000 [pid 5377] <... open resumed>) = 4 [pid 5377] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5375] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5377] memfd_create("syzkaller", 0) = 5 [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5376] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5377] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5376] <... write resumed>) = 2097153 [pid 5376] munmap(0x7f094fb93000, 2097153) = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5376] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5376] close(3) = 0 [pid 5377] <... write resumed>) = 2097152 [pid 5376] mkdir("./file2", 0777 [pid 5377] munmap(0x7f0947793000, 2097152 [pid 5376] <... mkdir resumed>) = 0 [pid 5376] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5377] <... munmap resumed>) = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5377] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5377] ioctl(3, LOOP_CLR_FD) = 0 [pid 5377] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5377] close(3) = 0 [pid 5377] close(5) = 0 [pid 5377] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] <... futex resumed>) = 0 [ 82.399314][ T5376] loop0: detected capacity change from 0 to 4096 [ 82.411494][ T5376] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5375] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5377] lchown("./file2", 0, 0 [pid 5375] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... lchown resumed>) = 0 [pid 5377] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5377] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5375] <... futex resumed>) = 0 [pid 5377] write(-1, NULL, 0 [pid 5375] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5377] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5377] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5376] ioctl(6, LOOP_CLR_FD) = 0 [pid 5376] close(6) = 0 [pid 5376] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] exit_group(0) = ? [pid 5377] <... futex resumed>) = ? [pid 5376] <... futex resumed>) = ? [pid 5377] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5375, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./112/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5378 ./strace-static-x86_64: Process 5378 attached [pid 5378] set_robust_list(0x555556a346a0, 24) = 0 [pid 5378] chdir("./113") = 0 [pid 5378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5378] setpgid(0, 0) = 0 [pid 5378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5378] write(3, "1000", 4) = 4 [pid 5378] close(3) = 0 [pid 5378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5378] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5378] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5379 attached [pid 5379] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5378] <... clone3 resumed> => {parent_tid=[5379]}, 88) = 5379 [pid 5379] <... rseq resumed>) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] set_robust_list(0x7f0957fd49a0, 24 [pid 5378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] <... set_robust_list resumed>) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5378] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5378] <... futex resumed>) = 0 [pid 5379] memfd_create("syzkaller", 0 [pid 5378] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.443334][ T5376] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5378] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5379] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5380 attached [pid 5380] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5378] <... clone3 resumed> => {parent_tid=[5380]}, 88) = 5380 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], [pid 5379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5378] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... rseq resumed>) = 0 [pid 5380] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5380] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5380] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5380] memfd_create("syzkaller", 0 [pid 5378] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5380] <... memfd_create resumed>) = 5 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5379] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5380] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5379] <... write resumed>) = 2097152 [pid 5379] munmap(0x7f094fb93000, 2097152) = 0 [pid 5379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5379] ioctl(6, LOOP_SET_FD, 3 [pid 5380] <... write resumed>) = 2097152 [pid 5380] munmap(0x7f0947793000, 2097152 [pid 5379] <... ioctl resumed>) = 0 [pid 5379] close(3) = 0 [pid 5379] mkdir("./file2", 0777) = 0 [pid 5379] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5380] <... munmap resumed>) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5380] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5380] ioctl(3, LOOP_CLR_FD) = 0 [pid 5380] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5380] close(3) = 0 [pid 5380] close(5) = 0 [pid 5380] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] lchown("./file2", 0, 0) = 0 [pid 5380] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5380] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5380] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... mount resumed>) = 0 [pid 5379] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 82.570436][ T5379] loop0: detected capacity change from 0 to 4096 [ 82.581767][ T5379] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5379] chdir("./file2") = 0 [pid 5379] ioctl(6, LOOP_CLR_FD) = 0 [pid 5379] close(6) = 0 [pid 5379] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] exit_group(0 [pid 5380] <... futex resumed>) = ? [pid 5379] <... futex resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ [pid 5378] <... exit_group resumed>) = ? [pid 5378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5378, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./113/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5381 attached , child_tidptr=0x555556a34690) = 5381 [pid 5381] set_robust_list(0x555556a346a0, 24) = 0 [pid 5381] chdir("./114") = 0 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5381] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5382 attached [pid 5382] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5381] <... clone3 resumed> => {parent_tid=[5382]}, 88) = 5382 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5382] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5382] memfd_create("syzkaller", 0 [pid 5381] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5381] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5382] <... memfd_create resumed>) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5381] <... clone3 resumed> => {parent_tid=[5383]}, 88) = 5383 [pid 5382] <... mmap resumed>) = 0x7f094fb93000 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5383 attached NULL, 8) = 0 [pid 5383] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5383] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5381] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5383] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5383] memfd_create("syzkaller", 0 [pid 5381] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5383] <... memfd_create resumed>) = 5 [pid 5383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5382] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5383] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5382] <... write resumed>) = 2097152 [pid 5382] munmap(0x7f094fb93000, 2097152 [pid 5383] <... write resumed>) = 2097152 [pid 5383] munmap(0x7f0947793000, 2097152) = 0 [pid 5382] <... munmap resumed>) = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5383] ioctl(6, LOOP_SET_FD, 5 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5382] ioctl(7, LOOP_SET_FD, 3 [pid 5383] <... ioctl resumed>) = 0 [pid 5382] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5382] ioctl(7, LOOP_CLR_FD) = 0 [pid 5383] close(5) = 0 [pid 5383] mkdir("./file2", 0777 [pid 5382] ioctl(7, LOOP_SET_FD, 3 [pid 5383] <... mkdir resumed>) = 0 [pid 5382] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5383] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5382] close(7) = 0 [pid 5382] close(3) = 0 [pid 5382] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... mount resumed>) = 0 [pid 5383] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5383] chdir("./file2") = 0 [pid 5383] ioctl(6, LOOP_CLR_FD) = 0 [pid 5383] close(6) = 0 [pid 5383] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5383] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5382] lchown("./file2", 0, 0 [ 82.770276][ T5383] loop0: detected capacity change from 0 to 4096 [ 82.795495][ T5383] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5381] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... lchown resumed>) = 0 [pid 5382] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5382] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5382] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] exit_group(0 [pid 5383] <... futex resumed>) = ? [pid 5382] <... futex resumed>) = ? [pid 5381] <... exit_group resumed>) = ? [pid 5383] +++ exited with 0 +++ [pid 5382] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5381, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./114/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 [ 82.844943][ T5382] ntfs3: loop0: ino=0, attr_set_size [ 82.850393][ T5382] ntfs3: loop0: Mark volume as dirty due to NTFS errors getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5384 attached , child_tidptr=0x555556a34690) = 5384 [pid 5384] set_robust_list(0x555556a346a0, 24) = 0 [pid 5384] chdir("./115") = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5384] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5385 attached => {parent_tid=[5385]}, 88) = 5385 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5385] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5384] <... mmap resumed>) = 0x7f0957f93000 [pid 5385] <... rseq resumed>) = 0 [pid 5384] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5385] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5384] <... mprotect resumed>) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5385] memfd_create("syzkaller", 0 [pid 5384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5385] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5386 attached [pid 5385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5386] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5385] <... mmap resumed>) = 0x7f094fb93000 [pid 5384] <... clone3 resumed> => {parent_tid=[5386]}, 88) = 5386 [pid 5386] <... rseq resumed>) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] set_robust_list(0x7f0957fb39a0, 24 [pid 5384] <... futex resumed>) = 0 [pid 5386] <... set_robust_list resumed>) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5386] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] memfd_create("syzkaller", 0 [pid 5384] <... futex resumed>) = 0 [pid 5386] <... memfd_create resumed>) = 5 [pid 5384] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5385] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5386] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5385] <... write resumed>) = 2097152 [pid 5385] munmap(0x7f094fb93000, 2097152) = 0 [pid 5385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5385] ioctl(6, LOOP_SET_FD, 3 [pid 5386] <... write resumed>) = 2097152 [pid 5386] munmap(0x7f0947793000, 2097152 [pid 5385] <... ioctl resumed>) = 0 [pid 5385] close(3) = 0 [pid 5385] mkdir("./file2", 0777) = 0 [pid 5385] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5386] <... munmap resumed>) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5386] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5386] ioctl(3, LOOP_CLR_FD) = 0 [pid 5386] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5386] close(3) = 0 [pid 5386] close(5) = 0 [pid 5386] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5386] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5386] lchown("./file2", 0, 0 [pid 5384] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... lchown resumed>) = 0 [pid 5386] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5384] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5386] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5386] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... mount resumed>) = 0 [ 82.996943][ T5385] loop0: detected capacity change from 0 to 4096 [ 83.007469][ T5385] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5385] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5385] chdir("./file2") = 0 [pid 5385] ioctl(6, LOOP_CLR_FD) = 0 [pid 5385] close(6) = 0 [pid 5385] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] exit_group(0 [pid 5385] <... futex resumed>) = 0 [pid 5385] ???( [pid 5384] <... exit_group resumed>) = ? [pid 5385] <... ??? resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5386] <... futex resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5384, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./115/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a34690) = 5387 ./strace-static-x86_64: Process 5387 attached [pid 5387] set_robust_list(0x555556a346a0, 24) = 0 [pid 5387] chdir("./116") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5387] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5388 attached [pid 5388] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5387] <... clone3 resumed> => {parent_tid=[5388]}, 88) = 5388 [pid 5388] set_robust_list(0x7f0957fd49a0, 24 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] <... set_robust_list resumed>) = 0 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... mmap resumed>) = 0x7f0957f93000 [pid 5387] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5389] set_robust_list(0x7f0957fb39a0, 24 [pid 5388] memfd_create("syzkaller", 0 [pid 5389] <... set_robust_list resumed>) = 0 [pid 5387] <... clone3 resumed> => {parent_tid=[5389]}, 88) = 5389 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5387] <... futex resumed>) = 0 [pid 5389] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5388] <... memfd_create resumed>) = 3 [pid 5387] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... open resumed>) = 4 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5389] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... mmap resumed>) = 0x7f094fb93000 [pid 5389] <... futex resumed>) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5389] memfd_create("syzkaller", 0 [pid 5387] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5389] <... memfd_create resumed>) = 5 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5389] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5388] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5389] <... write resumed>) = 2097152 [pid 5389] munmap(0x7f0947793000, 2097152 [pid 5388] <... write resumed>) = 2097152 [pid 5389] <... munmap resumed>) = 0 [pid 5388] munmap(0x7f094fb93000, 2097152 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5388] <... munmap resumed>) = 0 [pid 5389] <... openat resumed>) = 6 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5389] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 5388] <... openat resumed>) = 7 [pid 5388] ioctl(7, LOOP_SET_FD, 3 [pid 5389] close(5) = 0 [pid 5388] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5389] mkdir("./file2", 0777 [pid 5388] ioctl(7, LOOP_CLR_FD) = 0 [pid 5389] <... mkdir resumed>) = 0 [pid 5389] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5388] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5388] close(7) = 0 [pid 5388] close(3) = 0 [pid 5388] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.202869][ T5389] loop0: detected capacity change from 0 to 4096 [ 83.213361][ T5389] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5388] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... mount resumed>) = 0 [pid 5389] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] chdir("./file2") = 0 [pid 5389] ioctl(6, LOOP_CLR_FD) = 0 [pid 5389] close(6) = 0 [pid 5389] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] lchown("./file2", 0, 0 [pid 5387] <... futex resumed>) = 1 [pid 5387] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... lchown resumed>) = 0 [pid 5388] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5388] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] exit_group(0) = ? [pid 5388] <... futex resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5389] <... futex resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./116/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.285475][ T5388] ntfs3: loop0: ino=0, attr_set_size [ 83.290825][ T5388] ntfs3: loop0: Mark volume as dirty due to NTFS errors ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5390 attached , child_tidptr=0x555556a34690) = 5390 [pid 5390] set_robust_list(0x555556a346a0, 24) = 0 [pid 5390] chdir("./117") = 0 [pid 5390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5390] setpgid(0, 0) = 0 [pid 5390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5390] write(3, "1000", 4) = 4 [pid 5390] close(3) = 0 [pid 5390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5390] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5390] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5391 attached => {parent_tid=[5391]}, 88) = 5391 [pid 5391] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] set_robust_list(0x7f0957fd49a0, 24 [pid 5390] <... futex resumed>) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5390] <... mmap resumed>) = 0x7f0957f93000 [pid 5390] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] <... mprotect resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5390] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] set_robust_list(0x7f0957fb39a0, 24 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] <... set_robust_list resumed>) = 0 [pid 5391] memfd_create("syzkaller", 0 [pid 5390] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... futex resumed>) = 0 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 3 [pid 5391] <... memfd_create resumed>) = 4 [pid 5392] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5392] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] <... futex resumed>) = 0 [pid 5392] memfd_create("syzkaller", 0 [pid 5390] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5392] <... memfd_create resumed>) = 5 [pid 5391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5391] <... mmap resumed>) = 0x7f094fb93000 [pid 5392] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5391] write(4, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5392] <... write resumed>) = 2097152 [pid 5392] munmap(0x7f0947793000, 2097152 [pid 5391] <... write resumed>) = 2097152 [pid 5391] munmap(0x7f094fb93000, 2097152 [pid 5392] <... munmap resumed>) = 0 [pid 5391] <... munmap resumed>) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5392] ioctl(6, LOOP_SET_FD, 5 [pid 5391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5391] ioctl(7, LOOP_SET_FD, 4 [pid 5392] <... ioctl resumed>) = 0 [pid 5392] close(5 [pid 5391] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5392] <... close resumed>) = 0 [pid 5391] ioctl(7, LOOP_CLR_FD [pid 5392] mkdir("./file2", 0777 [pid 5391] <... ioctl resumed>) = 0 [pid 5392] <... mkdir resumed>) = 0 [pid 5392] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5391] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5391] close(7) = 0 [pid 5391] close(4) = 0 [pid 5391] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... mount resumed>) = 0 [pid 5392] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 4 [pid 5392] chdir("./file2") = 0 [pid 5392] ioctl(6, LOOP_CLR_FD) = 0 [pid 5392] close(6) = 0 [pid 5392] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... futex resumed>) = 0 [ 83.447320][ T5392] loop0: detected capacity change from 0 to 4096 [ 83.457875][ T5392] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5391] lchown("./file2", 0, 0) = 0 [pid 5391] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... futex resumed>) = 1 [pid 5391] write(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5391] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] exit_group(0) = ? [pid 5392] <... futex resumed>) = ? [pid 5391] <... futex resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5390, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./117/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 [ 83.503978][ T5391] ntfs3: loop0: ino=0, attr_set_size [ 83.509482][ T5391] ntfs3: loop0: Mark volume as dirty due to NTFS errors openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5393 attached , child_tidptr=0x555556a34690) = 5393 [pid 5393] set_robust_list(0x555556a346a0, 24) = 0 [pid 5393] chdir("./118") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5393] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5394 attached => {parent_tid=[5394]}, 88) = 5394 [pid 5394] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f0957fd49a0, 24 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5393] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] <... futex resumed>) = 0 [pid 5394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5394] memfd_create("syzkaller", 0 [pid 5393] <... mmap resumed>) = 0x7f0957f93000 [pid 5394] <... memfd_create resumed>) = 3 [pid 5393] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fb93000 [pid 5393] <... mprotect resumed>) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0}./strace-static-x86_64: Process 5395 attached => {parent_tid=[5395]}, 88) = 5395 [pid 5395] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] <... rseq resumed>) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5393] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] <... futex resumed>) = 0 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5395] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5395] <... futex resumed>) = 0 [pid 5395] memfd_create("syzkaller", 0) = 5 [pid 5395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5394] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097153 [pid 5395] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5394] <... write resumed>) = 2097153 [pid 5394] munmap(0x7f094fb93000, 2097153) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5394] ioctl(6, LOOP_SET_FD, 3 [pid 5395] <... write resumed>) = 2097152 [pid 5395] munmap(0x7f0947793000, 2097152 [pid 5394] <... ioctl resumed>) = 0 [pid 5394] close(3) = 0 [pid 5394] mkdir("./file2", 0777) = 0 [pid 5394] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5395] <... munmap resumed>) = 0 [pid 5395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5395] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5395] ioctl(3, LOOP_CLR_FD) = 0 [pid 5395] ioctl(3, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5395] close(3) = 0 [pid 5395] close(5 [pid 5394] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5394] ioctl(6, LOOP_CLR_FD [pid 5395] <... close resumed>) = 0 [pid 5395] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5395] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] <... futex resumed>) = 0 [pid 5395] lchown("./file2", 0, 0 [pid 5393] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... lchown resumed>) = 0 [pid 5395] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5393] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] write(-1, NULL, 0 [pid 5393] <... futex resumed>) = 0 [pid 5395] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5393] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [ 83.664841][ T5394] loop0: detected capacity change from 0 to 4096 [ 83.678475][ T5394] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 83.693007][ T5394] ntfs3: loop0: failed to replay log file. Can't mount rw! [pid 5395] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... ioctl resumed>) = 0 [pid 5394] close(6) = 0 [pid 5394] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] exit_group(0 [pid 5395] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5395] +++ exited with 0 +++ [pid 5394] <... futex resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./118/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5396 attached [pid 5396] set_robust_list(0x555556a346a0, 24 [pid 5036] <... clone resumed>, child_tidptr=0x555556a34690) = 5396 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5396] chdir("./119") = 0 [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5396] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5396] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5397 attached [pid 5397] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053 [pid 5396] <... clone3 resumed> => {parent_tid=[5397]}, 88) = 5397 [pid 5397] <... rseq resumed>) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] set_robust_list(0x7f0957fd49a0, 24 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] <... set_robust_list resumed>) = 0 [pid 5396] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... futex resumed>) = 0 [pid 5397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] memfd_create("syzkaller", 0 [pid 5396] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957f93000 [pid 5396] mprotect(0x7f0957f94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fb3990, parent_tid=0x7f0957fb3990, exit_signal=0, stack=0x7f0957f93000, stack_size=0x20300, tls=0x7f0957fb36c0} [pid 5397] <... memfd_create resumed>) = 3 [pid 5397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5398 attached ) = 0x7f094fb93000 [pid 5396] <... clone3 resumed> => {parent_tid=[5398]}, 88) = 5398 [ 83.752153][ T5038] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5398] rseq(0x7f0957fb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] set_robust_list(0x7f0957fb39a0, 24) = 0 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [pid 5396] <... futex resumed>) = 1 [pid 5396] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5396] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] memfd_create("syzkaller", 0) = 5 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5397] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5398] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5397] <... write resumed>) = 2097152 [pid 5397] munmap(0x7f094fb93000, 2097152) = 0 [pid 5397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5398] <... write resumed>) = 2097152 [pid 5398] munmap(0x7f0947793000, 2097152 [pid 5397] <... openat resumed>) = 6 [pid 5397] ioctl(6, LOOP_SET_FD, 3 [pid 5398] <... munmap resumed>) = 0 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5398] ioctl(7, LOOP_SET_FD, 5 [pid 5397] <... ioctl resumed>) = 0 [pid 5398] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5397] close(3 [pid 5398] ioctl(7, LOOP_CLR_FD [pid 5397] <... close resumed>) = 0 [pid 5397] mkdir("./file2", 0777) = 0 [pid 5397] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5398] <... ioctl resumed>) = 0 [pid 5398] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5398] close(7) = 0 [pid 5398] close(5) = 0 [pid 5398] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... futex resumed>) = 1 [pid 5398] lchown("./file2", 0, 0) = 0 [pid 5398] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5396] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] write(-1, NULL, 0 [pid 5396] <... futex resumed>) = 0 [pid 5398] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5396] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... mount resumed>) = 0 [pid 5397] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5397] chdir("./file2") = 0 [pid 5397] ioctl(6, LOOP_CLR_FD) = 0 [pid 5397] close(6) = 0 [pid 5397] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] exit_group(0 [pid 5398] <... futex resumed>) = ? [pid 5396] <... exit_group resumed>) = ? [pid 5398] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ [pid 5396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a35730 /* 5 entries */, 32768) = 136 umount2("./119/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 83.867210][ T5397] loop0: detected capacity change from 0 to 4096 [ 83.876387][ T5397] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). unlink("./119/bus") = 0 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a3d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a3d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x555556a35730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5399 attached , child_tidptr=0x555556a34690) = 5399 [pid 5399] set_robust_list(0x555556a346a0, 24) = 0 [pid 5399] chdir("./120") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5399] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] rt_sigaction(SIGRT_1, {sa_handler=0x7f095803de70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f095802f020}, NULL, 8) = 0 [pid 5399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0957fb4000 [pid 5399] mprotect(0x7f0957fb5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0957fd4990, parent_tid=0x7f0957fd4990, exit_signal=0, stack=0x7f0957fb4000, stack_size=0x20300, tls=0x7f0957fd46c0}./strace-static-x86_64: Process 5400 attached [pid 5400] rseq(0x7f0957fd4fe0, 0x20, 0, 0x53053053) = 0 [pid 5400] set_robust_list(0x7f0957fd49a0, 24) = 0 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5400] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... clone3 resumed> => {parent_tid=[5400]}, 88) = 5400 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5399] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5399] <... futex resumed>) = 1 [pid 5400] memfd_create("syzkaller", 0 [pid 5399] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] <... memfd_create resumed>) = 3 [pid 5400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f094fbb4000 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f094fb93000 [pid 5399] mprotect(0x7f094fb94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f094fbb3990, parent_tid=0x7f094fbb3990, exit_signal=0, stack=0x7f094fb93000, stack_size=0x20300, tls=0x7f094fbb36c0}./strace-static-x86_64: Process 5401 attached => {parent_tid=[5401]}, 88) = 5401 [pid 5401] rseq(0x7f094fbb3fe0, 0x20, 0, 0x53053053) = 0 [pid 5400] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5401] set_robust_list(0x7f094fbb39a0, 24) = 0 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] <... futex resumed>) = 0 [pid 5401] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5399] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... open resumed>) = 4 [pid 5401] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] futex(0x7f09580be6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] memfd_create("syzkaller", 0 [pid 5399] futex(0x7f09580be6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5401] <... memfd_create resumed>) = 5 [pid 5401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0947793000 [pid 5400] <... write resumed>) = 2097152 [pid 5400] munmap(0x7f094fbb4000, 2097152) = 0 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5400] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 5400] close(3) = 0 [pid 5400] mkdir("./file2", 0777) = 0 [pid 5400] mount("/dev/loop0", "./file2", "ntfs3", 0, "" [pid 5401] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5400] <... mount resumed>) = 0 [pid 5400] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5400] chdir("./file2") = 0 [pid 5400] ioctl(6, LOOP_CLR_FD) = 0 [pid 5400] close(6 [pid 5401] <... write resumed>) = 2097152 [pid 5400] <... close resumed>) = 0 [pid 5401] munmap(0x7f0947793000, 2097152 [pid 5400] futex(0x7f09580be6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... munmap resumed>) = 0 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f09580be6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5401] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5401] ioctl(6, LOOP_CLR_FD) = 0 [ 84.041739][ T5400] loop0: detected capacity change from 0 to 4096 [ 84.053339][ T5400] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [pid 5401] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5401] close(6) = 0 [pid 5401] close(5) = 0 [pid 5401] futex(0x7f09580be6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7f09580be6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f09580be6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] lchown("./file2", 0, 0 [pid 5399] <... futex resumed>) = 1 [ 84.116357][ T5400] ntfs3: loop0: ino=0, attr_set_size [ 84.122608][ T5400] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 84.129614][ T5400] ================================================================== [ 84.137797][ T5400] BUG: KASAN: slab-use-after-free in ntfs_write_bh+0x6b9/0x6e0 [ 84.145376][ T5400] Read of size 8 at addr ffff888016aaa000 by task syz-executor201/5400 [ 84.153668][ T5400] [ 84.155993][ T5400] CPU: 1 PID: 5400 Comm: syz-executor201 Not tainted 6.6.0-rc3-syzkaller #0 [ 84.164657][ T5400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 84.174702][ T5400] Call Trace: [ 84.177972][ T5400] [ 84.180892][ T5400] dump_stack_lvl+0xd9/0x1b0 [ 84.185501][ T5400] print_report+0xc4/0x620 [ 84.190013][ T5400] ? __virt_addr_valid+0x5e/0x2d0 [ 84.195063][ T5400] ? __phys_addr+0xc6/0x140 [ 84.199567][ T5400] kasan_report+0xda/0x110 [ 84.203983][ T5400] ? ntfs_write_bh+0x6b9/0x6e0 [ 84.208750][ T5400] ? ntfs_write_bh+0x6b9/0x6e0 [ 84.213533][ T5400] ntfs_write_bh+0x6b9/0x6e0 [ 84.218155][ T5400] ? mi_find_attr+0x1dc/0x230 [ 84.222830][ T5400] ? ww_mutex_unlock+0x260/0x260 [ 84.227774][ T5400] mi_write+0xc0/0x1e0 [ 84.231842][ T5400] ni_write_inode+0x1025/0x2810 [ 84.236706][ T5400] ? lock_acquire+0x1ae/0x510 [ 84.241388][ T5400] ? ni_is_dirty+0x180/0x180 [ 84.245986][ T5400] ? __writeback_single_inode+0x33b/0xe70 [ 84.251703][ T5400] ? spin_bug+0x1d0/0x1d0 [ 84.256033][ T5400] ? reacquire_held_locks+0x4b0/0x4b0 [ 84.261415][ T5400] __writeback_single_inode+0xa81/0xe70 [ 84.266968][ T5400] ? __mark_inode_dirty+0xd50/0xd50 [ 84.272170][ T5400] ? _raw_spin_unlock+0x28/0x40 [ 84.277019][ T5400] ? wbc_attach_and_unlock_inode+0x561/0x910 [ 84.283003][ T5400] writeback_single_inode+0x2af/0x590 [ 84.288378][ T5400] sync_inode_metadata+0xa5/0xe0 [ 84.293316][ T5400] ? write_inode_now+0x1e0/0x1e0 [ 84.298253][ T5400] ? do_raw_spin_lock+0x12e/0x2b0 [ 84.303290][ T5400] ? rcu_is_watching+0x12/0xb0 [ 84.308054][ T5400] ? __mark_inode_dirty+0x599/0xd50 [ 84.313257][ T5400] ntfs_set_state+0x3f0/0x6e0 [ 84.317936][ T5400] ? ntfs_update_mftmirr+0x6a0/0x6a0 [ 84.323219][ T5400] ? make_bad_inode+0xb5/0x1c0 [ 84.327980][ T5400] attr_set_size+0x139c/0x2ca0 [ 84.333017][ T5400] ? attr_make_nonresident+0xf70/0xf70 [ 84.338480][ T5400] ? lock_sync+0x190/0x190 [ 84.342909][ T5400] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 84.348904][ T5400] ntfs_extend_mft+0x29f/0x430 [ 84.353702][ T5400] ? ntfs_clear_mft_tail+0x3a0/0x3a0 [ 84.359010][ T5400] ? down_write_nested+0x153/0x200 [ 84.364132][ T5400] ntfs_look_free_mft+0x777/0xdd0 [ 84.369199][ T5400] ? ntfs_extend_mft+0x430/0x430 [ 84.374151][ T5400] ? kasan_set_track+0x25/0x30 [ 84.378922][ T5400] ? rcu_is_watching+0x12/0xb0 [ 84.383692][ T5400] ni_create_attr_list+0x937/0x1520 [ 84.388899][ T5400] ? ni_remove_attr+0x550/0x550 [ 84.393748][ T5400] ? bpf_ksym_find+0x124/0x1b0 [ 84.398525][ T5400] ? write_profile+0x450/0x450 [ 84.403294][ T5400] ? __kernel_text_address+0xd/0x30 [ 84.408498][ T5400] ? unwind_get_return_address+0x45/0xe0 [ 84.414144][ T5400] ? ntfs_cmp_names+0x30f/0x3b0 [ 84.418998][ T5400] ni_ins_attr_ext+0x23f/0xaf0 [ 84.423767][ T5400] ? ni_ins_new_attr+0x27a/0x460 [ 84.428704][ T5400] ? ni_create_attr_list+0x1520/0x1520 [ 84.434165][ T5400] ? ntfs_set_label+0x4c0/0x4c0 [ 84.439015][ T5400] ? kasan_set_track+0x25/0x30 [ 84.443792][ T5400] ? __kmalloc+0x60/0x100 [ 84.448167][ T5400] ? ntfs_save_wsl_perm+0x134/0x3d0 [ 84.453376][ T5400] ? notify_change+0x742/0x11c0 [ 84.458234][ T5400] ? chown_common+0x596/0x660 [ 84.462916][ T5400] ? do_fchownat+0x140/0x1f0 [ 84.467510][ T5400] ? __x64_sys_lchown+0x7e/0xc0 [ 84.472394][ T5400] ni_insert_attr+0x310/0x870 [ 84.477080][ T5400] ? ni_ins_attr_ext+0xaf0/0xaf0 [ 84.482018][ T5400] ni_insert_resident+0xd2/0x3a0 [ 84.486966][ T5400] ? ni_insert_nonresident+0x6d0/0x6d0 [ 84.492435][ T5400] ? kasan_set_track+0x25/0x30 [ 84.497221][ T5400] ntfs_set_ea+0xf46/0x13d0 [ 84.501760][ T5400] ? trace_contention_end+0xd6/0x100 [ 84.507081][ T5400] ? ntfs_getxattr+0x540/0x540 [ 84.511838][ T5400] ? __mutex_lock+0x25b/0x1340 [ 84.516602][ T5400] ? map_id_up+0x27e/0x370 [ 84.521025][ T5400] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 84.526576][ T5400] ? from_kuid+0x89/0xc0 [ 84.530810][ T5400] ? map_id_up+0x370/0x370 [ 84.535229][ T5400] ntfs_save_wsl_perm+0x134/0x3d0 [ 84.540254][ T5400] ? ntfs_listxattr+0x4a0/0x4a0 [ 84.545119][ T5400] ? setattr_copy+0x236/0x630 [ 84.549811][ T5400] ntfs3_setattr+0x92e/0xb20 [ 84.554411][ T5400] ? ntfs_get_ea+0x6c0/0x6c0 [ 84.559001][ T5400] ? __vfs_getxattr+0x143/0x1a0 [ 84.563894][ T5400] ? xattr_full_name+0x90/0x90 [ 84.568664][ T5400] ? ntfs_extend+0x520/0x520 [ 84.573262][ T5400] ? make_vfsgid+0x160/0x160 [ 84.577853][ T5400] ? ntfs_extend+0x520/0x520 [ 84.582444][ T5400] notify_change+0x742/0x11c0 [ 84.587129][ T5400] chown_common+0x596/0x660 [ 84.591641][ T5400] ? __ia32_sys_chmod+0x1b0/0x1b0 [ 84.596665][ T5400] ? lock_sync+0x190/0x190 [ 84.601106][ T5400] ? __mnt_want_write+0x20c/0x300 [ 84.606133][ T5400] do_fchownat+0x140/0x1f0 [ 84.610552][ T5400] ? chown_common+0x660/0x660 [ 84.615232][ T5400] ? lockdep_hardirqs_on+0x7d/0x100 [ 84.620436][ T5400] ? _raw_spin_unlock_irq+0x2e/0x50 [ 84.625667][ T5400] __x64_sys_lchown+0x7e/0xc0 [ 84.630348][ T5400] do_syscall_64+0x38/0xb0 [ 84.634767][ T5400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.640667][ T5400] RIP: 0033:0x7f0958017a59 [ 84.645101][ T5400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 84.664819][ T5400] RSP: 002b:00007f0957fd4218 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 84.673256][ T5400] RAX: ffffffffffffffda RBX: 00007f09580be6a8 RCX: 00007f0958017a59 [ 84.681230][ T5400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 84.689196][ T5400] RBP: 00007f09580be6a0 R08: 0000000000000000 R09: 0000000000000000 [ 84.697182][ T5400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09580be6ac [ 84.705174][ T5400] R13: 00007f095808b4ac R14: 0032656c69662f2e R15: 00007f095806c0c0 [ 84.713250][ T5400] [ 84.716275][ T5400] [ 84.718616][ T5400] Allocated by task 5038: [ 84.722941][ T5400] kasan_save_stack+0x33/0x50 [ 84.727625][ T5400] kasan_set_track+0x25/0x30 [ 84.732227][ T5400] __kasan_kmalloc+0xa2/0xb0 [ 84.736830][ T5400] __kmalloc+0x60/0x100 [ 84.741068][ T5400] tomoyo_realpath_from_path+0xb9/0x710 [ 84.746619][ T5400] tomoyo_check_open_permission+0x2a3/0x3b0 [ 84.752631][ T5400] tomoyo_file_open+0xa8/0xd0 [ 84.757331][ T5400] security_file_open+0x6a/0xe0 [ 84.762198][ T5400] do_dentry_open+0x538/0x1730 [ 84.766968][ T5400] path_openat+0x19af/0x29c0 [ 84.771558][ T5400] do_filp_open+0x1de/0x430 [ 84.776070][ T5400] do_sys_openat2+0x176/0x1e0 [ 84.780833][ T5400] __x64_sys_openat+0x175/0x210 [ 84.785678][ T5400] do_syscall_64+0x38/0xb0 [ 84.790093][ T5400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.796014][ T5400] [ 84.798353][ T5400] Freed by task 5038: [ 84.802318][ T5400] kasan_save_stack+0x33/0x50 [ 84.807003][ T5400] kasan_set_track+0x25/0x30 [ 84.811596][ T5400] kasan_save_free_info+0x2b/0x40 [ 84.816614][ T5400] ____kasan_slab_free+0x15b/0x1b0 [ 84.821768][ T5400] slab_free_freelist_hook+0x114/0x1e0 [ 84.827255][ T5400] __kmem_cache_free+0xb8/0x2f0 [ 84.832127][ T5400] tomoyo_realpath_from_path+0x1a6/0x710 [ 84.837766][ T5400] tomoyo_check_open_permission+0x2a3/0x3b0 [ 84.843661][ T5400] tomoyo_file_open+0xa8/0xd0 [ 84.848363][ T5400] security_file_open+0x6a/0xe0 [ 84.853243][ T5400] do_dentry_open+0x538/0x1730 [ 84.858011][ T5400] path_openat+0x19af/0x29c0 [ 84.862602][ T5400] do_filp_open+0x1de/0x430 [ 84.867108][ T5400] do_sys_openat2+0x176/0x1e0 [ 84.871778][ T5400] __x64_sys_openat+0x175/0x210 [ 84.876621][ T5400] do_syscall_64+0x38/0xb0 [ 84.881035][ T5400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.887016][ T5400] [ 84.889361][ T5400] The buggy address belongs to the object at ffff888016aaa000 [ 84.889361][ T5400] which belongs to the cache kmalloc-4k of size 4096 [ 84.903410][ T5400] The buggy address is located 0 bytes inside of [ 84.903410][ T5400] freed 4096-byte region [ffff888016aaa000, ffff888016aab000) [ 84.917208][ T5400] [ 84.919565][ T5400] The buggy address belongs to the physical page: [ 84.925982][ T5400] page:ffffea00005aaa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16aa8 [ 84.936168][ T5400] head:ffffea00005aaa00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 84.945098][ T5400] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 84.953071][ T5400] page_type: 0xffffffff() [ 84.957397][ T5400] raw: 00fff00000000840 ffff888012c42140 dead000000000100 dead000000000122 [ 84.965976][ T5400] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 84.974548][ T5400] page dumped because: kasan: bad access detected [ 84.980947][ T5400] page_owner tracks the page as allocated [ 84.986650][ T5400] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3094771911, free_ts 0 [ 85.006288][ T5400] post_alloc_hook+0x2cf/0x340 [ 85.011064][ T5400] get_page_from_freelist+0xee0/0x2f20 [ 85.016528][ T5400] __alloc_pages+0x1d0/0x4a0 [ 85.021204][ T5400] alloc_page_interleave+0x1e/0x250 [ 85.026440][ T5400] alloc_pages+0x22a/0x270 [ 85.030889][ T5400] allocate_slab+0x251/0x380 [ 85.035486][ T5400] ___slab_alloc+0x8c7/0x1580 [ 85.040170][ T5400] __slab_alloc.constprop.0+0x56/0xa0 [ 85.045555][ T5400] __kmem_cache_alloc_node+0x131/0x340 [ 85.051019][ T5400] kmalloc_trace+0x25/0xe0 [ 85.055462][ T5400] kobject_uevent_env+0x24c/0x1800 [ 85.060621][ T5400] kset_register+0x1b6/0x2a0 [ 85.065205][ T5400] class_register+0x1cb/0x330 [ 85.069881][ T5400] ib_core_init+0xb9/0x300 [ 85.074291][ T5400] do_one_initcall+0x117/0x630 [ 85.079080][ T5400] kernel_init_freeable+0x5c2/0x900 [ 85.084297][ T5400] page_owner free stack trace missing [ 85.089654][ T5400] [ 85.091963][ T5400] Memory state around the buggy address: [ 85.097582][ T5400] ffff888016aa9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.105636][ T5400] ffff888016aa9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [pid 5399] futex(0x7f09580be6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 85.113720][ T5400] >ffff888016aaa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.121854][ T5400] ^ [ 85.125910][ T5400] ffff888016aaa080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.133964][ T5400] ffff888016aaa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.142014][ T5400] ================================================================== [ 85.157633][ T5400] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.164851][ T5400] CPU: 1 PID: 5400 Comm: syz-executor201 Not tainted 6.6.0-rc3-syzkaller #0 [ 85.173519][ T5400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 85.183667][ T5400] Call Trace: [ 85.186942][ T5400] [ 85.189865][ T5400] dump_stack_lvl+0xd9/0x1b0 [ 85.194455][ T5400] panic+0x6a6/0x750 [ 85.198350][ T5400] ? panic_smp_self_stop+0xa0/0xa0 [ 85.203464][ T5400] ? preempt_schedule_thunk+0x1a/0x30 [ 85.208945][ T5400] ? preempt_schedule_common+0x45/0xc0 [ 85.214415][ T5400] check_panic_on_warn+0xab/0xb0 [ 85.219359][ T5400] end_report+0x108/0x150 [ 85.223682][ T5400] kasan_report+0xea/0x110 [ 85.228097][ T5400] ? ntfs_write_bh+0x6b9/0x6e0 [ 85.232856][ T5400] ? ntfs_write_bh+0x6b9/0x6e0 [ 85.237619][ T5400] ntfs_write_bh+0x6b9/0x6e0 [ 85.242229][ T5400] ? mi_find_attr+0x1dc/0x230 [ 85.246901][ T5400] ? ww_mutex_unlock+0x260/0x260 [ 85.251846][ T5400] mi_write+0xc0/0x1e0 [ 85.255913][ T5400] ni_write_inode+0x1025/0x2810 [ 85.260770][ T5400] ? lock_acquire+0x1ae/0x510 [ 85.265487][ T5400] ? ni_is_dirty+0x180/0x180 [ 85.270215][ T5400] ? __writeback_single_inode+0x33b/0xe70 [ 85.275937][ T5400] ? spin_bug+0x1d0/0x1d0 [ 85.280269][ T5400] ? reacquire_held_locks+0x4b0/0x4b0 [ 85.285908][ T5400] __writeback_single_inode+0xa81/0xe70 [ 85.291459][ T5400] ? __mark_inode_dirty+0xd50/0xd50 [ 85.296658][ T5400] ? _raw_spin_unlock+0x28/0x40 [ 85.301505][ T5400] ? wbc_attach_and_unlock_inode+0x561/0x910 [ 85.307594][ T5400] writeback_single_inode+0x2af/0x590 [ 85.312968][ T5400] sync_inode_metadata+0xa5/0xe0 [ 85.317905][ T5400] ? write_inode_now+0x1e0/0x1e0 [ 85.322838][ T5400] ? do_raw_spin_lock+0x12e/0x2b0 [ 85.327897][ T5400] ? rcu_is_watching+0x12/0xb0 [ 85.332683][ T5400] ? __mark_inode_dirty+0x599/0xd50 [ 85.337883][ T5400] ntfs_set_state+0x3f0/0x6e0 [ 85.342689][ T5400] ? ntfs_update_mftmirr+0x6a0/0x6a0 [ 85.348099][ T5400] ? make_bad_inode+0xb5/0x1c0 [ 85.352864][ T5400] attr_set_size+0x139c/0x2ca0 [ 85.357663][ T5400] ? attr_make_nonresident+0xf70/0xf70 [ 85.363207][ T5400] ? lock_sync+0x190/0x190 [ 85.367632][ T5400] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 85.373615][ T5400] ntfs_extend_mft+0x29f/0x430 [ 85.378378][ T5400] ? ntfs_clear_mft_tail+0x3a0/0x3a0 [ 85.383660][ T5400] ? down_write_nested+0x153/0x200 [ 85.388786][ T5400] ntfs_look_free_mft+0x777/0xdd0 [ 85.393858][ T5400] ? ntfs_extend_mft+0x430/0x430 [ 85.398809][ T5400] ? kasan_set_track+0x25/0x30 [ 85.403580][ T5400] ? rcu_is_watching+0x12/0xb0 [ 85.408339][ T5400] ni_create_attr_list+0x937/0x1520 [ 85.413545][ T5400] ? ni_remove_attr+0x550/0x550 [ 85.418390][ T5400] ? bpf_ksym_find+0x124/0x1b0 [ 85.423163][ T5400] ? write_profile+0x450/0x450 [ 85.427934][ T5400] ? __kernel_text_address+0xd/0x30 [ 85.433138][ T5400] ? unwind_get_return_address+0x45/0xe0 [ 85.438780][ T5400] ? ntfs_cmp_names+0x30f/0x3b0 [ 85.443631][ T5400] ni_ins_attr_ext+0x23f/0xaf0 [ 85.448481][ T5400] ? ni_ins_new_attr+0x27a/0x460 [ 85.453420][ T5400] ? ni_create_attr_list+0x1520/0x1520 [ 85.458885][ T5400] ? ntfs_set_label+0x4c0/0x4c0 [ 85.463756][ T5400] ? kasan_set_track+0x25/0x30 [ 85.468537][ T5400] ? __kmalloc+0x60/0x100 [ 85.472859][ T5400] ? ntfs_save_wsl_perm+0x134/0x3d0 [ 85.478055][ T5400] ? notify_change+0x742/0x11c0 [ 85.482911][ T5400] ? chown_common+0x596/0x660 [ 85.487623][ T5400] ? do_fchownat+0x140/0x1f0 [ 85.492304][ T5400] ? __x64_sys_lchown+0x7e/0xc0 [ 85.497182][ T5400] ni_insert_attr+0x310/0x870 [ 85.501881][ T5400] ? ni_ins_attr_ext+0xaf0/0xaf0 [ 85.506848][ T5400] ni_insert_resident+0xd2/0x3a0 [ 85.511788][ T5400] ? ni_insert_nonresident+0x6d0/0x6d0 [ 85.517245][ T5400] ? kasan_set_track+0x25/0x30 [ 85.522068][ T5400] ntfs_set_ea+0xf46/0x13d0 [ 85.526605][ T5400] ? trace_contention_end+0xd6/0x100 [ 85.531889][ T5400] ? ntfs_getxattr+0x540/0x540 [ 85.536702][ T5400] ? __mutex_lock+0x25b/0x1340 [ 85.541479][ T5400] ? map_id_up+0x27e/0x370 [ 85.545916][ T5400] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 85.551472][ T5400] ? from_kuid+0x89/0xc0 [ 85.555712][ T5400] ? map_id_up+0x370/0x370 [ 85.560136][ T5400] ntfs_save_wsl_perm+0x134/0x3d0 [ 85.565164][ T5400] ? ntfs_listxattr+0x4a0/0x4a0 [ 85.570013][ T5400] ? setattr_copy+0x236/0x630 [ 85.574696][ T5400] ntfs3_setattr+0x92e/0xb20 [ 85.579285][ T5400] ? ntfs_get_ea+0x6c0/0x6c0 [ 85.583903][ T5400] ? __vfs_getxattr+0x143/0x1a0 [ 85.588761][ T5400] ? xattr_full_name+0x90/0x90 [ 85.593537][ T5400] ? ntfs_extend+0x520/0x520 [ 85.598126][ T5400] ? make_vfsgid+0x160/0x160 [ 85.602714][ T5400] ? ntfs_extend+0x520/0x520 [ 85.607301][ T5400] notify_change+0x742/0x11c0 [ 85.611984][ T5400] chown_common+0x596/0x660 [ 85.616493][ T5400] ? __ia32_sys_chmod+0x1b0/0x1b0 [ 85.621522][ T5400] ? lock_sync+0x190/0x190 [ 85.625972][ T5400] ? __mnt_want_write+0x20c/0x300 [ 85.631001][ T5400] do_fchownat+0x140/0x1f0 [ 85.635424][ T5400] ? chown_common+0x660/0x660 [ 85.640127][ T5400] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.645417][ T5400] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.650624][ T5400] __x64_sys_lchown+0x7e/0xc0 [ 85.655318][ T5400] do_syscall_64+0x38/0xb0 [ 85.659741][ T5400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.665633][ T5400] RIP: 0033:0x7f0958017a59 [ 85.670042][ T5400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 85.689653][ T5400] RSP: 002b:00007f0957fd4218 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 85.698195][ T5400] RAX: ffffffffffffffda RBX: 00007f09580be6a8 RCX: 00007f0958017a59 [ 85.706168][ T5400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 85.714137][ T5400] RBP: 00007f09580be6a0 R08: 0000000000000000 R09: 0000000000000000 [ 85.722105][ T5400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09580be6ac [ 85.730070][ T5400] R13: 00007f095808b4ac R14: 0032656c69662f2e R15: 00007f095806c0c0 [ 85.738041][ T5400] [ 85.741788][ T5400] Kernel Offset: disabled [ 85.746101][ T5400] Rebooting in 86400 seconds..